Jump to content

Any idea what noscript means when it says:


fivealive
 Share

Recommended Posts

Was watching a video on youtube and I got a notification from noscript saying:

 

noscript filtered a potential cross site scripting attempt from youtube.com

 

Any idea what that is supposed to mean or what I should do?

 

 

I did google the issue, but I can't seem to find any information on it. I did get a wikipedia page on cross site scripting. but I don't understand it.

Link to post
Share on other sites

Hi, fivealive:

 

Short version: it means NoScript was doing its job.

 

http://en.wikipedia.org/wiki/Cross-site_scripting

 

I'm sure the more geeky folks will have a more detailed, more satisfactory explanation. ;)

 

Cheers,

 

daledoc1

 

 

That part I got, but  I was just curious if I should be worried or not. the part is the video I was watching was in the middle of playing when noscript popped up about this issue. I am not all that concerned but I am curious.

Link to post
Share on other sites

I've seen that notification once or twice, very rarely, even on known, safe sites.

 

Here is more about XSS: http://noscript.net/faq#qa4_1 (the entire section 4 is about XSS - what it is, why it's blocked, etc)

 

Extension home page: http://noscript.net/

Extension forum: http://noscript.net/forum

 

Beyond that, we'll need to wait for the "pros" to weigh in. ;)

Link to post
Share on other sites

Actually, it's not ads - it's the comments section. Apparently (this is my supposition based on past Youtube behavior) somebody decided to "tweak" the way things display, and (this is known) there's Java code inside URLs now in there, which is what Noscript looks for for XSS attempts.

 

The reason it loaded partway through the video is likely because you scrolled down, and the comments loaded - they don't load when you load the video, anymore - thus triggering NoScript's screeching.

 

There's a thread in the NoScript forum about this, including the guy who writes it providing exception scripts to add to the exceptions in NoScript to make it shut up; some people are having additional issues with video loading it seems, but it appears that the XSS flag is a false positive.

Link to post
Share on other sites

  • Root Admin

Thanks for the feedback Delta_Echo 

 

Not sure why but for the past couple months at least there are lags and delays in general from Youtube but since I don't use the site daily I've not bothered to look into much but have noticed with a few other users that even on mobile phones, different PC, Macintosh, different browsers - that this can happen with videos so I assume it may just be that the demand is too high and they're unable to cache the steam well enough to always prevent it.  Doesn't seem to always happen either which any type of intermittent issue is difficult to track down.

 

Thank you again

Link to post
Share on other sites

Actually, it's not ads - it's the comments section. Apparently (this is my supposition based on past Youtube behavior) somebody decided to "tweak" the way things display, and (this is known) there's Java code inside URLs now in there, which is what Noscript looks for for XSS attempts.

 

The reason it loaded partway through the video is likely because you scrolled down, and the comments loaded - they don't load when you load the video, anymore - thus triggering NoScript's screeching.

 

There's a thread in the NoScript forum about this, including the guy who writes it providing exception scripts to add to the exceptions in NoScript to make it shut up; some people are having additional issues with video loading it seems, but it appears that the XSS flag is a false positive.

 

 

Thank you, that actually makes a lot of sense.

Link to post
Share on other sites

Sweet, glad thats fixed, also glad that it was just a bug.Out of curiosity, is there anything I should be doing to NoScript's options to have it work better, I ask because I have just been using the default settings. Would be nice to know if there is any tweaking I should be doing to the program.

Link to post
Share on other sites

  • Root Admin

There are certainly all types of "tweaks" one can do but you have to be careful.  I tweaked mine for a few things but at some point I tweaked a setting and could not find where it was and could not fix it so I ended up having to reset NoScript.  Had I been doing it correctly I would have had a periodic backup of my settings that I could have restored to.

 

If you do want to get into it then you might want lurk on the support site for NoScript and get a feel for it before doing anything. 

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.