What's new
  • This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.
  • Do not use Chrome Incognito when registering as it freezes the registration page.
  • Guest, Join Papa Zoom today for some uplifting biblical encouragement! --> Daily Verses

Feedback Cross Sit Scripting

Joined
Nov 21, 2007
Messages
8,677
#1
I'm getting this message from NoScript when i log in: "NoScript filtered a potential cross site scripting attempt from //christianforums.net/

So i looked it up..

https://en.wikipedia.org/wiki/Cross-site_scripting
 
Joined
Feb 27, 2009
Messages
14,529
Gender
Male
#2
Thanks. Will look into it. Any other details you can provide would be helpful.
 
Joined
Nov 21, 2007
Messages
8,677
#3
Got this...

[NoScript InjectionChecker] JavaScript Injection in ///se/0/_/ 1/fastbutton?usegapi=1&count=true&size=medium&hl=en-US&origin=http://christianforums.net&url=http...christianforums.net&pfname=&rpctoken=36151825
(function anonymous() {
_methods=onPlusOne,_ready,_close,_open,_resizeMe,_renderstart,oncircled,drefresh,erefresh,onload /* COMMENT_TERMINATOR */
DUMMY_EXPR
})

[NoScript XSS] Sanitized suspicious request. Original URL [https://apis.google.com/se/0/_/+1/fastbutton?usegapi=1&count=true&size=medium&hl=en-US&origin=http://christianforums.net&url=http://christianforums.net/Fellowship/index.php?threads/cross-sit-scripting.63761/&gsrc=3p&ic=1&jsh=m;/_/scs/apps-static/_/js/k=oz.gapi.fr.QFw-iDc8xks.O/m=__features__/am=AQ/rt=j/d=1/rs=AGLTcCMEbtw1-ISYb9cBV1SUi4RVwI_mMw#_methods=onPlusOne,_ready,_close,_open,_resizeMe,_renderstart,oncircled,drefresh,erefresh,onload&id=I0_1458323724082&parent=http://christianforums.net&pfname=&rpctoken=36151825] requested from [http://christianforums.net/Fellowship/index.php?threads/cross-sit-scripting.63761/]. Sanitized URL: [https://apis.google.com/#0867549505455284982].

[NoScript InjectionChecker] JavaScript Injection in ///se/0/_/ 1/fastbutton?usegapi=1&count=true&size=medium&hl=en-US&origin=http://christianforums.net&url=http...christianforums.net&pfname=&rpctoken=18528338
(function anonymous() {
_methods=onPlusOne,_ready,_close,_open,_resizeMe,_renderstart,oncircled,drefresh,erefresh,onload /* COMMENT_TERMINATOR */
DUMMY_EXPR
})
[NoScript XSS] Sanitized suspicious request. Original URL [https://apis.google.com/se/0/_/+1/fastbutton?usegapi=1&count=true&size=medium&hl=en-US&origin=http://christianforums.net&url=http://christianforums.net/Fellowship/index.php?threads/cross-sit-scripting.63761/&gsrc=3p&ic=1&jsh=m;/_/scs/apps-static/_/js/k=oz.gapi.fr.QFw-iDc8xks.O/m=__features__/am=EQ/rt=j/d=1/rs=AGLTcCMUODXGorzW_nKFaJ0kUB9E7Bjq6g#_methods=onPlusOne,_ready,_close,_open,_resizeMe,_renderstart,oncircled,drefresh,erefresh,onload&id=I0_1458323794522&parent=http://christianforums.net&pfname=&rpctoken=18528338] requested from [http://christianforums.net/Fellowship/index.php?threads/cross-sit-scripting.63761/]. Sanitized URL: [https://apis.google.com/#9626737645044312847].

From the console.. It doesn't do it until i click on a forum topic
 
Joined
Feb 27, 2009
Messages
14,529
Gender
Male
#4
Thanks.
 
Joined
Nov 21, 2007
Messages
8,677
#5
If you use Firefox install NoScript its a must have in the Firefox community....

https://addons.mozilla.org/en-US/firefox/addon/noscript/?src=cb-dl-mostpopular
 
Joined
Nov 21, 2007
Messages
8,677
#6
If your just viewing the forum no alert but the instant you click on a forum to view it the alert pops up.. :chin
 
Joined
Nov 21, 2007
Messages
8,677
#7
For those of you that don't know what Cross site scripting is this should help.. in essence its injecting malicious code into a web page... Eora can explain it..

http://www.acunetix.com/websitesecurity/cross-site-scripting/
 
Joined
Nov 21, 2007
Messages
8,677
#8
Whatever you did Eora its fixed..:thumb
 
Joined
Feb 27, 2009
Messages
14,529
Gender
Male
#9
Hmmm. I actually did nothing. Was going to take a look and then you posted.

Let me know if it happens again and if it does I'll take a proper look.