[tor-bugs] #26847 [Applications/Tor Browser]: Tor Browser 8.0, noscript pops up a full-browser-size window to warn me about x-site scripting
Tor Bug Tracker & Wiki
blackhole at torproject.org
Fri Aug 2 13:17:21 UTC 2019
#26847: Tor Browser 8.0, noscript pops up a full-browser-size window to warn me
about x-site scripting
-------------------------------------------------+-------------------------
Reporter: arma | Owner: tbb-
| team
Type: defect | Status: new
Priority: Medium | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: tbb-8.0-issues, tbb-regression, | Actual Points:
noscript, tbb-usability |
Parent ID: | Points:
Reviewer: | Sponsor:
-------------------------------------------------+-------------------------
Comment (by gk):
Replying to [comment:9 ma1]:
> Replying to [comment:7 mikeperry]:
> > Hrmm, this situation does not seem to have improved. Doubleclick is
encoding URLs in like all of its ad query params (probably because of the
referer field not being present for https fetches), and this is getting
triggered multiple times all over the place.
>
> Could you please provide me with some URLs to test for false positives?
{{{
NoScript detected a potential Cross-Site Scripting attack
from https://5756926.fls.doubleclick.net to https://adservice.google.com.
Suspicious data:
https://adservice.google.com/ddm/fls/i/src=5756926;type=emark0;cat=remar0;ord=1;num=3897397787192;gtm=2wg7o0;auiddc=227660113.1564751486;u1=https://www.arla.se/recept/kladdkaka/;_dc_1=1;~oref=https://www.interesting.website.com
}}}
(I changed the website name but I assume that should not be a problem)
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/26847#comment:10>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list