Kingdom of Knuffel

-= A place for all Knuffel lovers =-
https://kingdomofknuffel.com/

Cross-Site Scripting Warning

https://kingdomofknuffel.com/viewtopic.php?t=60859

Page 1 of 1

Cross-Site Scripting Warning

Posted: Jul 14th, '17, 14:48
by Chrizine
Hello,

since yesterday evening, when I browse on KofK my NoScript is giving me a cross-site scripting warning on every page.
Here's the console output of noscript:
Spoiler

Code: Select all

[NoScript InjectionChecker] JavaScript Injection in ///u/0/se/0/_/ 1/fastbutton?usegapi=1&size=medium&origin=https://kofk.de&url=https://plus.google.com/101378544587147772429&gsrc=3p&ic=1&jsh=m;/_/scs/apps-static/_/js/k=oz.gapi.de.bjUzSw-xmIo.O/m=__features__/am=AQ/rt=j/d=1/rs=AGLTcCPGenVj7K3BD2rGooDHpdW09GWKIw#_methods=onPlusOne,_ready,_close,_open,_resizeMe,_renderstart,oncircled,drefresh,erefresh&id=I0_1500036166239&parent=https://kofk.de&pfname=&rpctoken=24087801
(function anonymous(
) {
_/scs/apps-static/_/js/k==oz.gapi.de.bjUzSw-xmIo.O/m==__features__
})
[NoScript XSS] Eine verdächtige Anfrage wurde bereinigt. Original-URL [https://apis.google.com/u/0/se/0/_/+1/fastbutton?usegapi=1&size=medium&origin=https%3A%2F%2Fkofk.de&url=https%3A%2F%2Fplus.google.com%2F101378544587147772429&gsrc=3p&ic=1&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.de.bjUzSw-xmIo.O%2Fm%3D__features__%2Fam%3DAQ%2Frt%3Dj%2Fd%3D1%2Frs%3DAGLTcCPGenVj7K3BD2rGooDHpdW09GWKIw#_methods=onPlusOne%2C_ready%2C_close%2C_open%2C_resizeMe%2C_renderstart%2Concircled%2Cdrefresh%2Cerefresh&id=I0_1500036166239&parent=https%3A%2F%2Fkofk.de&pfname=&rpctoken=24087801] angefordert von [https://kofk.de/findex.php]. Bereinigte URL: [https://apis.google.com/#7370956821011031378].
[NoScript InjectionChecker] JavaScript Injection in ///o/oauth2/postmessageRelay?parent=https://kofk.de&jsh=m;/_/scs/apps-static/_/js/k=oz.gapi.de.bjUzSw-xmIo.O/m=__features__/am=AQ/rt=j/d=1/rs=AGLTcCPGenVj7K3BD2rGooDHpdW09GWKIw#rpctoken=439843192&forcesecure=1
(function anonymous(
) {
_/scs/apps-static/_/js/k==oz.gapi.de.bjUzSw-xmIo.O/m==__features__
})
[NoScript XSS] Eine verdächtige Anfrage wurde bereinigt. Original-URL [https://accounts.google.com/o/oauth2/postmessageRelay?parent=https%3A%2F%2Fkofk.de&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.de.bjUzSw-xmIo.O%2Fm%3D__features__%2Fam%3DAQ%2Frt%3Dj%2Fd%3D1%2Frs%3DAGLTcCPGenVj7K3BD2rGooDHpdW09GWKIw#rpctoken=439843192&forcesecure=1] angefordert von [https://kofk.de/findex.php]. Bereinigte URL: [https://accounts.google.com/o/oauth2/postmessageRelay?parent=https%3A%2F%2Fkofk.de&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%20oz.gapi.de.bjUzSw-xmIo.O%2Fm%20__features__%2Fam%20AQ%2Frt%20j%2Fd%201%2Frs%20AGLTcCPGenVj7K3BD2rGooDHpdW09GWKIw#3895872973395461752].

To me it looks like something weird is going on with the google plus button.
Not sure if there's anything you can do about it, but since it persisted until today I thought I'd let you know.

Re: Cross-Site Scripting Warning

Posted: Jul 16th, '17, 21:57
by Chrizine
Not sure if you did anything about this, but it is not occuring anymore for me.

Re: Cross-Site Scripting Warning

Posted: Jul 17th, '17, 09:27
by Firn
I am not sure either (I put it on starkad's to do list, but he is not always giving feedback when taking care of something), but I am glad it's not happening anymore.

Re: Cross-Site Scripting Warning

Posted: Jul 17th, '17, 19:45
by Chrizine
Well, either way, I'm glad it's fixed :)
Thank you!
All times are UTC+02:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited