Solved

XSS attempt from webroot community site?

  • 10 April 2013
  • 9 replies
  • 2474 views

Userlevel 7
Hi,
 
Why does NoScript keeps saying, 'NoScript filtered a potential cross-site scripting (XSS) attempt from [.]http://community.webroot.com]. Technical details have been logged to the Console.'?
 
Best Wishes,
Amit
icon

Best answer by JimM 18 April 2013, 06:45

I just did some testing, and it looks like our analytics is setting it off in this case. It doesn't look to be a Community-specific issue either. It's actually doing what NoScript is designed to do, but it's providing no actual protection in this particular case. It's blocking a cookie from Webroot, which is not a threat. You can choose to close the message or you could turn off XSS notifications in NoScript while you visit the Webroot website.
View original

9 replies

Userlevel 7
I will check this out tomorrow as I cant really restart Firefox at the moment to install Noscript.
Userlevel 7
Okay.
Userlevel 7
It was how the fonts were being pulled from the main website last time that happened. Generally this means community.webroot.com is asking for something (a picture, resource, etc) from webroot.com. NoScript is pretty picky about that. If we determine which resource it is, we could perhaps mirror it on Community instead. Ultimately it's not a threat though - just a matter of how the site pulls in certain resources.
 
Roy, if you notice anything otherwise, please let me know.
Userlevel 7
@Jim
Oh! I understand.
Userlevel 7
@Rakanisheu Did you check the issue Roy? Did you notice anything other than what Jim had said? I understand what Jim said but how do I stop NoScript from saying that without compromising NS's protection? It keeps showing the **bleep** notification at the top of the page.
Userlevel 7
I just did some testing, and it looks like our analytics is setting it off in this case. It doesn't look to be a Community-specific issue either. It's actually doing what NoScript is designed to do, but it's providing no actual protection in this particular case. It's blocking a cookie from Webroot, which is not a threat. You can choose to close the message or you could turn off XSS notifications in NoScript while you visit the Webroot website.
Userlevel 7
Sorry yes I did test it and its not a threat, forgot to post it 😃
Userlevel 7
Oh thank you for explaining so deeply Jim. I'll turn off the notifications in NS when visiting this site.:)
Userlevel 7
No worries Roy. Thanks for testing and assuring. 🙂

Reply