XSS
Posted: Mon Apr 25, 2011 2:25 pm
I get a cross-site scripting (XSS) notification when trying to log on to my cell phone carrier's forum. It's just XSS junk Verizon is doing on their site, but I haven't the slightest idea what to do to enable this >particular< XSS attempt so I can get to their forum. Clicking on Options in that little NoScript popup calls up another popup full of mysterious-looking text which I haven't the faintest idea what to do with. I may have to kill NoScript just so I can get to that forum, and then re-enable NoScript afterward. XSS attempts are generally bad - or so I've read (I wouldn't know) - but are ALL of them? Is it possible some are legit? If so, let's give dumb, non-techie users like me some way to allow particular XSS attempts to succeed without having to learn an esoteric programming language first. I know lots of folks here are probably really sharp with this kind of stuff, but put yourself in my shoes: how would you like to have to write your phone's operating system in LISP before being allowed to call your next-door neighbor to let him know his dog got out?
On the bright side, apart from the way XSS is handled, NoScript looks to be a pretty good product.
On the bright side, apart from the way XSS is handled, NoScript looks to be a pretty good product.