Skip to main content
Customer Support Customer Support
Solved

XSS attempt from webroot community site?

  • April 10, 2013
  • 9 replies
  • 55 views
A
Bronze VIP
Hi,
 
Why does NoScript keeps saying, 'NoScript filtered a potential cross-site scripting (XSS) attempt from [.]http://community.webroot.com]. Technical details have been logged to the Console.'?
 
Best Wishes,
Amit

Best answer by JimM

I just did some testing, and it looks like our analytics is setting it off in this case. It doesn't look to be a Community-specific issue either. It's actually doing what NoScript is designed to do, but it's providing no actual protection in this particular case. It's blocking a cookie from Webroot, which is not a threat. You can choose to close the message or you could turn off XSS notifications in NoScript while you visit the Webroot website.

9 replies

Rakanisheu Retired
I will check this out tomorrow as I cant really restart Firefox at the moment to install Noscript.
MikeR
A
Bronze VIP
  • ams963
  • Author
  • Bronze VIP
  • April 10, 2013
Okay.
JimM
  • JimM
  • Retired Webrooter
  • April 10, 2013
It was how the fonts were being pulled from the main website last time that happened. Generally this means community.webroot.com is asking for something (a picture, resource, etc) from webroot.com. NoScript is pretty picky about that. If we determine which resource it is, we could perhaps mirror it on Community instead. Ultimately it's not a threat though - just a matter of how the site pulls in certain resources.
 
Roy, if you notice anything otherwise, please let me know.
/// JimM /// /// Former Community Manager - Now Humble Internet Citizen/// /// Also Formerly a Technical Support Escalations Engineer ///
A
Bronze VIP
  • ams963
  • Author
  • Bronze VIP
  • April 11, 2013
@Jim
Oh! I understand.
A
Bronze VIP
  • ams963
  • Author
  • Bronze VIP
  • April 18, 2013
@Rakanisheu Did you check the issue Roy? Did you notice anything other than what Jim had said? I understand what Jim said but how do I stop NoScript from saying that without compromising NS's protection? It keeps showing the **bleep** notification at the top of the page.
JimM
  • JimM
  • Retired Webrooter
  • Answer
  • April 18, 2013
I just did some testing, and it looks like our analytics is setting it off in this case. It doesn't look to be a Community-specific issue either. It's actually doing what NoScript is designed to do, but it's providing no actual protection in this particular case. It's blocking a cookie from Webroot, which is not a threat. You can choose to close the message or you could turn off XSS notifications in NoScript while you visit the Webroot website.
/// JimM /// /// Former Community Manager - Now Humble Internet Citizen/// /// Also Formerly a Technical Support Escalations Engineer ///
A
Rakanisheu Retired
Sorry yes I did test it and its not a threat, forgot to post it 😃
A
Bronze VIP
  • ams963
  • Author
  • Bronze VIP
  • April 18, 2013
Oh thank you for explaining so deeply Jim. I'll turn off the notifications in NS when visiting this site.:)
A
Bronze VIP
  • ams963
  • Author
  • Bronze VIP
  • April 18, 2013
No worries Roy. Thanks for testing and assuring. 🙂
Terms & ConditionsAccessibility statement