InformAction Forums

I am unable to post any HTML coded links (img src= or a href=) in a Reply on Dreamwidth. I am running the Firefox (v3.6.3) add-on NoScript v1.9.9.74, which I upgraded from v1.9.9.71 to make certain it wasn't due to an out-of-date version.

I receive "NoScript filtered a potential cross-site scripting attempt from [danceswithgary.dreamwidth.org]. Technical details have been logged to the Console.

Of course, when I tell NoScript to ignore and post (unsafely) anyway, it works.

I've tested posting with images from my LiveJournal account, a userpic from my Dreamwidth account, Livejournal links, and Dreamwidth links. All fail with the same error.

I have NoScript set with Dreamwidth and LiveJournal as trusted accounts. LiveJournal does not encounter the error for the same actions.

From an attempt to post a link of my default userpic on Dreamwidth to a reply to a post on my Dreamwidth account (no idea what's cross-site here):

[NoScript XSS] Sanitized suspicious upload to [http://www.dreamwidth.org/talkpost_do§ ... 2942%22%3E] from [http://danceswithgary.dreamwidth.org/37 ... mode=reply]: transformed into a download-only GET request.

I've also submitted the same information to Dreamwidth. Thanks.

Addendum: I'm aware that a solution is to add

http://www.dreamwidth.org/talkpost_do.bml

to the XSS exceptions, and I have now done so. I just thought it would be helpful to report the issue.