Forum rules
Under no circumstances is spamming or advertising of any kind allowed. Do not post any abusive, obscene, vulgar, slanderous, hateful, threatening, sexually-orientated or any other material that may violate others security. Profanity or any kind of insolent behavior to other members (regardless of rank) will not be tolerated. Remember, what you don’t find offensive can be offensive to other members. Please treat each other with the kind of reverence you’d expect from other members.
Failure to comply with any of the above will result in users being banned without notice. If any further details are needed, contact: “The team” using the link at the bottom of the forum page. Thank you.
User avatar
Carlos996
Posts: 8
Joined: Mon Mar 23, 2015 5:45 am
Location: Same World as You!
Contact: Facebook

Cross-site scripting

Wed Nov 22, 2017 5:06 pm

What's this?

https://i.imgur.com/dSyFyO7.png
https://pt.wikipedia.org/wiki/Cross-site_scripting
https://en.wikipedia.org/wiki/Cross-site_scripting
https://www.acunetix.com/websitesecurit ... scripting/


NoScript detected a potential Cross-Site Scripting attack

from https://www.opensubtitles.org to https://www.facebook.com.

Suspicious data:

window.name,(POST) cd[Schema.org]=[{"type":"http://schema.org/Organization","properties":{"logo":"//static.opensubtitles.org/gfx/logo_64x64.gif","url":"/en"},"subscopes":[]},{"type":"http://schema.org/offer","properties":{"price":"Free","priceCurrency":"0.00","availability":"OnlineOnly"},"subscopes":[]},{"type":"http://schema.org/Movie","properties":{"url":"https://dl.opensubtitles.org/en/download/sub/7167879","name":"Swallows and Amazons subtitles Portuguese ","image":"//static7.opensubtitles.org/gfx/thumbs/3/8/1/7/1227183.jpg","datePublished":"2017-11-22T14:15:25+01:00","keywords":"The adventure begins","description":"Four children (the Swallows) on holiday in the Lake District sail on their own to an island and start a war with rival children (the Amazons). In the meantime, a mysterious man on a houseboat accuses them of a crime they did not commit."},"subscopes":[{"type":"http://schema.org/AggregateRating","properties":{"ratingValue":"6.2","bestRating":"10","ratingCount":"1495"},"subscopes":[]},{"type":"http://schema.org/Person","properties":{"url":"/en/search/sublanguageid-por/subjectid-1339400/philippa-lowthorpe","name":"Philippa Lowthorpe"},"subscopes":[]},{"type":"http://schema.org/Person","properties":{"url":"/en/search/sublanguageid-por/subjectid-7470907/bobby-mcculloch","name":"Bobby McCulloch"},"subscopes":[]},{"type":"http://schema.org/Movie","properties":{"url":"/en/search/sublanguageid-por/genre-war","genre":"War"},"subscopes":[]}]}]
Image

User avatar
oss
Site Admin
Posts: 4360
Joined: Sat Feb 25, 2006 11:26 pm
Contact: Website

Re: Cross-site scripting

Sat Nov 25, 2017 1:57 pm

very strange, there is no XSS on site. Maybe some error in addon?

User avatar
Carlos996
Posts: 8
Joined: Mon Mar 23, 2015 5:45 am
Location: Same World as You!
Contact: Facebook

Re: Cross-site scripting

Sun Nov 26, 2017 12:53 am

It's what happen recently everytime i try to download or upload any subtitle.
Image

User avatar
oss
Site Admin
Posts: 4360
Joined: Sat Feb 25, 2006 11:26 pm
Contact: Website

Re: Cross-site scripting

Mon Nov 27, 2017 4:18 am

I see some facebook there, so probably thats facebook problem

User avatar
SmallBrother
Site Admin
Posts: 2256
Joined: Sun Mar 04, 2012 12:59 pm
Location: Somewhere on this globe

Re: Cross-site scripting

Tue Nov 28, 2017 11:12 pm

That's the problem with embedding other websites into your own.
Basically you allow third parties to edit your pages...

Return to “Developing”

Who is online

Users browsing this forum: No registered users and 1 guest