WordPress.org

Ready to get started?Download WordPress

Forums

Shareaholic | share buttons & related posts
Cross-site scripting (XSS) error in FireFox (4 posts)

  1. Quimbly
    Member
    Posted 3 months ago #

    I am encountering a NoScript error in FireFox stating that there is a potential cross-site scripting (XSS) attempt. I've tracked down this error to the Shareaholic plugin version 7.4.0.5 and the last version.

    What's this all about? I'm concerned that this might affect my search rankings.

    https://wordpress.org/plugins/shareaholic/

  2. ericatshareaholic
    Member
    Posted 3 months ago #

    Our plugin, and many others, make javascript calls to other locations, or "sites," on the web. This "cross-site scripting" is a perfectly legitimate method of exchanging information on the web through the browser and should not in itself affect search rankings.

    To permit our plugin to run on your blog with NoScript activated, the following sites must be whitelisted in your NoScript plugin:

    shareaholic.com
    s3.amazonaws.com

    The following additional sites may also need to be whitelisted:

    google.analytics.com
    googleusercontent.com
    cloudfront.com

  3. Quimbly
    Member
    Posted 3 months ago #

    Well, here's the thing...
    I don't see this warning message when I browse ANY legit sites. I've only ever come across it a couple of times, and they were on sketchy sites that I wouldn't trust ever. So, if the activity is so legitimate, why are there no sites out there where I see this?

    Also, this is a new development with the plugin. I've been using this plugin for several months and have never encountered this problem before. Now I'm seeing it. I think it's just been in the last two versions. Why the change? What's it needed for?

  4. ericatshareaholic
    Member
    Posted 3 months ago #

    Could you record (and send us) a screencast of the warnings you are getting, the sites you are seeing them on, and your settings?

Reply

You must log in to post.

About this Plugin

About this Topic