XSS attempt from questrade.com
-
Daeron
XSS attempt from questrade.com
I'm trying to login to my account on questrade.com, and NoScript thinks its try to hack me. How do I add it as an exception?
Mozilla/5.0 (Windows NT 6.1; rv:2.0) Gecko/20100101 Firefox/4.0
Re: XSS attempt from questrade.com
The lines in your Error Console that start with "[XSS]" would help.
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0) Gecko/20100101 Firefox/4.0
-
Daeron
Re: XSS attempt from questrade.com
Okay, but there is a lot of stuff.
[NoScript XSS] Sanitized suspicious upload to [https://start.questrade.com/default.asp ... lection%3E] from [https://login.questrade.com/AccountAppl ... 3a26%3a43Z]: transformed into a download-only GET request.
Mozilla/5.0 (Windows NT 6.1; rv:2.0) Gecko/20100101 Firefox/4.0
Re: XSS attempt from questrade.com
Woha, that's horrible.
Here you have a deliberately lenient exception* for this site to be added to the XSS exception list found in Advanced→XSS in the NoScript options:* since I can't predict what more stuff they might add to the URI and I am also lazy
Here you have a deliberately lenient exception* for this site to be added to the XSS exception list found in Advanced→XSS in the NoScript options:
Code: Select all
^https?://[a-z]+.questrade.com/\w+Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.16) Gecko/20110323 Ubuntu/10.10 (maverick) Firefox/3.6.16
-
Daeron
Re: XSS attempt from questrade.com
Works fine now, thanks a lot!
Mozilla/5.0 (Windows NT 6.1; rv:2.0) Gecko/20100101 Firefox/4.0