InformAction Forums

Posted: **Thu Apr 07, 2011 11:45 pm**

I'm trying to login to my account on questrade.com, and NoScript thinks its try to hack me. How do I add it as an exception?

Posted: **Fri Apr 08, 2011 6:00 am**

The lines in your Error Console that start with "[XSS]" would help.

Posted: **Fri Apr 08, 2011 10:34 pm**

Okay, but there is a lot of stuff.

[NoScript XSS] Sanitized suspicious upload to [https://start.questrade.com/default.asp ... lection%3E] from [https://login.questrade.com/AccountAppl ... 3a26%3a43Z]: transformed into a download-only GET request.

Posted: **Sat Apr 09, 2011 9:50 am**

Woha, that's horrible.

Here you have a deliberately lenient exception* for this site to be added to the XSS exception list found in Advanced→XSS in the NoScript options:

Code: Select all

^https?://[a-z]+.questrade.com/\w+

* since I can't predict what more stuff they might add to the URI and I am also lazy

Posted: **Sat Apr 09, 2011 10:48 pm**

Works fine now, thanks a lot!

InformAction Forums

XSS attempt from questrade.com

XSS attempt from questrade.com

Re: XSS attempt from questrade.com

Re: XSS attempt from questrade.com

Re: XSS attempt from questrade.com

Re: XSS attempt from questrade.com