Forum Login Issue: Cross Scripting with Firefox + NoScript
JordanN
Enthusiast - Level 3
If a user is running Firefox and NoScript, NoScript will prevent forum login because it thinks that a cross-scripting attack is taking place during the login procedure. A workaround is to add "verizon" to the NoScript XSS whitelist, which cause the XSS module to ignore any page with "verizon" in the URL. This is really something that needs to be handled by the developers. They need to make sure that all scripts are being executed from the same location as the page.
Re: Forum Login Issue: Cross Scripting with Firefox + NoScript
DougVZ1
Specialist - Level 1

Thanks for pointing this out, we'll look into it.

Doug

0 Likes
Re: Forum Login Issue: Cross Scripting with Firefox + NoScript
Gerry_D
Enthusiast - Level 3

So that's why I have so much frustration attempting to get in here with Firefox!Smiley Surprised

I would hesitate to give Verizon a free ticket for cross-scripting as malicious scripts can be hosted on a user's elaborate Verizon account's web space.

A better suggestion would be to assign a specific sub-domain at Verizon for Verizon scripts and allow that to be the target.

Just a suggestion.

Re: Forum Login Issue: Cross Scripting with Firefox + NoScript
Gerry_D
Enthusiast - Level 3

JordanN,

If you're still in here guy, how about a grab of the line you used in the "NoScript", "Anti-XSS Protection Exemptions"?

I've tried several variations to prove or disprove your claims, but all came up negative.

A little guidance would be appreciated.

Otherwise we may have to make the assumption that these here forums are incompatible with Firefox and No-Script.

0 Likes