[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #26847 [Applications/Tor Browser]: Tor Browser 8.0, noscript pops up a full-browser-size window to warn me about x-site scripting
#26847: Tor Browser 8.0, noscript pops up a full-browser-size window to warn me
about x-site scripting
-------------------------------------------------+-------------------------
Reporter: arma | Owner: tbb-
| team
Type: defect | Status: new
Priority: Medium | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: tbb-8.0-issues, tbb-regression, | Actual Points:
noscript, tbb-usability |
Parent ID: | Points:
Reviewer: | Sponsor:
-------------------------------------------------+-------------------------
Comment (by gk):
Replying to [comment:9 ma1]:
> Replying to [comment:7 mikeperry]:
> > Hrmm, this situation does not seem to have improved. Doubleclick is
encoding URLs in like all of its ad query params (probably because of the
referer field not being present for https fetches), and this is getting
triggered multiple times all over the place.
>
> Could you please provide me with some URLs to test for false positives?
{{{
NoScript detected a potential Cross-Site Scripting attack
from https://5756926.fls.doubleclick.net to https://adservice.google.com.
Suspicious data:
https://adservice.google.com/ddm/fls/i/src=5756926;type=emark0;cat=remar0;ord=1;num=3897397787192;gtm=2wg7o0;auiddc=227660113.1564751486;u1=https://www.arla.se/recept/kladdkaka/;_dc_1=1;~oref=https://www.interesting.website.com
}}}
(I changed the website name but I assume that should not be a problem)
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/26847#comment:10>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs