How do I unblock sites that are falsely listed as a suspected XSS attack?
I have recently had an issue in which I went over to Amazon, only to have firefox claim that there was an attempt at a cross site scripting ("XSS") attack. I normally just set these to be blocked, as I usually find it better to err on the side of caution when I see that popup. However, this appears to be a false positive, as now I cannot use Amazon's 'look inside' feature when I use the site. As this supposed XSS warning was the only thing that recently cropped up, I have to assume that this is why this piece of Amazon's website isn't functioning properly. How do I check on what I have blocked and how do I unblock anything that has since been discovered to be a false positive?
Tất cả các câu trả lời (9)
Is this a warning from the NoScript extension? I can't think of any other feature that gives an XSS warning.
I believe so, yes. Is that relevant?
Very relevant! Click the NoScript S button on the toolbar, then toward the left side of the panel, the icon with the wrench to open settings. Then click the Advanced panel. XSS blocks are listed there. I didn't experiment with deleting anything, but hopefully it's simple.
Uhm....I'm not seeing a wrench. Unless you mean the thing marked options?
Ok, so I clicked on options, and....I don't see anything I can delete. I'm seeing basically a selection of tabs, none of which looks like it has any reference to the false positive on the XSS warning. I'm including a screenshot of what I see when I open it.
Được chỉnh sửa bởi Marc7 vào
Hmm, mine has a list (screenshot attached). Not sure why they are different. Maybe check on their site?
jscher2000 said
Hmm, mine has a list (screenshot attached). Not sure why they are different. Maybe check on their site? https://forums.informaction.com/viewforum.php?f=3
That was the first thing I did, with no luck finding anything. I also noticed that, much like this page, Noscript lists it as a 'privileged' page whose permissions can't be configured. Which I imagine might be why I'm not seeing what you are. How did you even get that list to come up? Mine has the XSS thing listed as having a checkmark on the sanitize option, while that other box is unchecked.
I turned off XSS protection because I found it annoying. I'm not sure why mine shows a list and yours doesn't. Is it possible you chose to allow/block but did not choose to always allow/block? In that case, it wouldn't be saved and you would get asked every time.
....Huh. You know, that could be it. I just told it to block, not to always allow/block, I think. If your theory is right, that explains at least some of it. That means that adblock might be having some issues over there that required different stuff be set to temporarily allow instead of what I'm used to doing to get everything running as usual. That at least seems to be a working theory anyway. I'll poke around a bit more, see if I can find anything and get back to you on this in a day or two. But I think you could be right.