I run NoScript on Firefox, it just popped up a warning: NoScript filtered a potential cross-site scripting (XSS) attempt from (http://milepoint.com). Technical details have been logged to the console.It occurred on this page: http://milepoint.com/forums/threads/f-n-f-n-1-f-n-2.3070/ The console reference is: Timestamp: 2/20/2013 9:35:57 PM Warning: Unknown property '-moz-border-radius'. Declaration dropped. Source File: http://milepoint.com/forums/css.php?css=xenforo,form,public&style=6&dir=LTR&d=1361398692 Line: 446
Here's more from the xss console: [ABE] <LOCAL> Deny on {GET http://www.google-analytics.com/ga.js <<< http://milepoint.com/forums/threads/f-n-f-n-1-f-n-2.3070/ - 2} SYSTEM rule: Site LOCAL Accept from LOCAL Deny _______________________________ [NoScript InjectionChecker] JavaScript Injection in ///widgets/tweet_button.1360972506.html#_=1361418239795&count=horizontal&id=twitter-widget-0&lang=en&original_referer=http://milepoint.com/forums/threads/f-n-f-n-1-f-n-2.3070/&size=m&text=F(n) = F(n-1) + F(n-2)&url=http://milepoint.com/forums/threads/f-n-f-n-1-f-n-2.3070/ (function anonymous() { F(n) = F(n-1) /* COMMENT_TERMINATOR */ DUMMY_EXPR }) ________________________________ [NoScript XSS] Sanitized suspicious request. Original URL [http://platform.twitter.com/widgets...int.com/forums/threads/f-n-f-n-1-f-n-2.3070/] requested from [http://milepoint.com/forums/threads/f-n-f-n-1-f-n-2.3070/]. Sanitized URL: [http://platform.twitter.com/widgets/tweet_button.1360972506.html#11838017661665168658].
This appears to be beyond my pay grade. . I am absolutely certain this is beyond my pay grade. I'll report this to the first rocket scientist I find in the office in the morning. I didn't even understand the math being discussed in the thread you were linking to. Thanks for the education!
The math in the thread was related to the way Delta calculates sky miles redemption's, however they encrypt everything.
Hey Gargoyle, The programmer and I took a long look at this through the night and what we found is that "NoScript" is actually flagging the title of the thread. We did several test scenarios and when we remove the "=" sign there is no warning issued for the thread. On a further note; the site does utilize Java scripts. The two I know of are for Google Ads & for providing definitions of highlighted content. Please be aware of those when utilizing a script blocking utility. Thanks, -Bill System Administrator
Thanks for checking it out, good to know. Cross-site scripting can be dangerous, I'm glad it's not going on there. Nice thing with NoScript is I see what all the java scripts are, and can selectively allow them; so, for example, I can block google ads and facebook but allow google-analytics and livechatinc.
rocket scientist meet Gargoyle; Gargoyle meet rocket scientist. Excuse me guys, I think I hear someone calling my nameāgot to run .....
