InformAction Forums

NoScripters and WebSec nerds of all lands, unite!
https://forums.informaction.com/

XSS Alert options going beyond screen.

https://forums.informaction.com/viewtopic.php?t=6925

Page 1 of 1

XSS Alert options going beyond screen.

Posted: Thu Jul 28, 2011 1:56 pm
by nagan
Not able to see the alert options as it is extending beneath the visible area.Might be the screen res..Still........Image

It is thru a video file from netp**n.nl

Re: XSS Alert options going beyond screen.

Posted: Fri Jul 29, 2011 3:30 pm
by nagan
Is this really a non-issue. Can someone clarify on the details...?

Re: XSS Alert options going beyond screen.

Posted: Fri Jul 29, 2011 3:54 pm
by therube
Other then the netp**n.nl domain, do you have any other domains on that site listed?
(All I needed to allow was netp**n.nl.)

Do you have Adblock Plus?
(I do.)

Between the two, NoScript & Adblock Plus, I was not able to generate any XSS warnings.

I don't recall ... In what order do things happen? You get the slidedown warning, then you clicked Options, then the (obscured) dialog pops up? Ah, & then because of its length, you are unable to see options to allow or not?

Going into Error Console affords no help, no? (Access to the message itself, yes.)

IMO, if this were not from a user generated action, like you clicked "play", then you should not allow whatever it is that wants to happen. (I.e., some ad or otherwise is what generated the XSS action.) And even clicking "play", I would not expect to see anything XSS related.


Notwithstanding, if the message length exceeds the alert window size, perhaps it should be displayed in a scrollable box, so that the actions buttons are not lost.

Re: XSS Alert options going beyond screen.

Posted: Fri Jul 29, 2011 4:55 pm
by nagan
therube wrote:Other then the netp**n.nl domain, do you have any other domains on that site listed?
(All I needed to allow was netp**n.nl.)

Do you have Adblock Plus?
(I do.)

Between the two, NoScript & Adblock Plus, I was not able to generate any XSS warnings.

I don't recall ... In what order do things happen? You get the slidedown warning, then you clicked Options, then the (obscured) dialog pops up? Ah, & then because of its length, you are unable to see options to allow or not?

Notwithstanding, if the message length exceeds the alert window size, perhaps it should be displayed in a scrollable box, so that the actions buttons are not lost.
Yes I do have Adblock -Plus.
Might be it is not netp**n .Could be some other site.

The main issue is the lengthy warnings not having a scroll-bar.Ahem.
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited