InformAction Forums

"NoScript filtered a potential cross-site scripting (XSS) attempt from [domain]. Technical details have been logged to the Console."

But nothing is in the Console. No blue messages, no yellow warnings, etc. The domain in the notification is the same second-level domain I was logged in to for a discussion board, but a different server in that domain. i.e., while logged into servera.example.com/forums, the XSS attempt was from http://www.example.com.

Am I doing anything wrong to keep the details from logging to the Console? I had gotten a similar notification before on another site that also was not logged in the Console when it said it had been.

Secondly, are there any other actions I need to take in regards to this XSS attempt? Or when this notification occurs, does that mean NoScript has taken care of everything and I am safe and good to go?

Thanks!

Addendum: in the above example I was using "samedomain" as a generic example. It turns out there is a real domain with that name, so it made a link. Sorry about that That website has nothing to do with the example I was trying to give in generic terms.

I've replaced samedomain.com with example.com in the first post.

Thanks!

You're welcome.

You may have inadvertently or intentionally disabled the debugging level to a point where nothing is listed. You can take a look at this option and work your way up, if you search the forum, there is a pretty good discussion on the settings and what the differences are.

noscript.consoleDump;0
noscript.consoleLog;false

GµårÐïåñ wrote:You may have inadvertently or intentionally disabled the debugging level to a point where nothing is listed. You can take a look at this option and work your way up, if you search the forum, there is a pretty good discussion on the settings and what the differences are.

noscript.consoleDump;0
noscript.consoleLog;false

Yes, those are the default settings I have, and are likely the cause of the problem. So apparently the baseline default installation of NoScript does not have logging enabled, since I have never changed any NoScript settings in the configuration.

Thanks for your help!

Set the dump to 1 and the log to true and you should get some traffic but remember if you go overboard and add ALL the possible levels of the dump, it will get huge and slow and just kill your productivity, that's a matter of last resort. So just do 1 and true and you should get enough to get you there. Good luck.