InformAction Forums

After upgrading to 1.9.9.97 (from 1.9.9.87), an "iFrame" message displays within the application's welcome screen. No message is logged to the Error Console. Referenced within the iFram-message-text is "www.atdmt.com", which is on my untrusted list. I do specify "Forbid ,<iFrame>", however the site in question is trusted.

The site: http://www.fnfg.com (First Niagara Bank). No security exposure, a second (and third!) screen is necessary before one can even login.

I regressed to 1.9.9.96, with the same results. Regressed to 1.9.9.87. and the message does not appear. This does not appear (yet) to impact the usage of the site (my bank).

Edit: Clearing the option "Show the <NoScript> element which follows a blocked <script>" removes the offending text. I have not changed any options regarding trusted sites since I first installed NoScript ( 1.7.6).

If you disable noscript and turn off javascript, you'll see the same thing, because the iframe tag in the <noscript> element is html escaped (<iframe). There was a bug fix recently, before which <noscript> for blocked script wasn't always shown, which is why you didn't see this iframe before.

Thanks! I really should fully read the changelogs. After the first site, I tried a few more trusted sites, and a few nasties popped up. The original reported site is slowly developing, primarily building a front-end and back-end to the older working banking app. I have reported some other flaws to the banking site, and slowly they are coming up to speed.

As for the iFrame, can these iFrame messages be logged to the Error Console ?

SeanM wrote:can these iFrame messages be logged to the Error Console ?

It's not a message, it's the properly displayed (same as when JS is disabled) contents of the <noscript> tag.