WordPress.org

Support

Support » Plugins and Hacks » Cross-site scripting (XSS) error in FireFox

Cross-site scripting (XSS) error in FireFox

  • I am encountering a NoScript error in FireFox stating that there is a potential cross-site scripting (XSS) attempt. I’ve tracked down this error to the Shareaholic plugin version 7.4.0.5 and the last version.

    What’s this all about? I’m concerned that this might affect my search rankings.

    https://wordpress.org/plugins/shareaholic/

Viewing 3 replies - 1 through 3 (of 3 total)
  • Our plugin, and many others, make javascript calls to other locations, or “sites,” on the web. This “cross-site scripting” is a perfectly legitimate method of exchanging information on the web through the browser and should not in itself affect search rankings.

    To permit our plugin to run on your blog with NoScript activated, the following sites must be whitelisted in your NoScript plugin:

    shareaholic.com
    s3.amazonaws.com

    The following additional sites may also need to be whitelisted:

    google.analytics.com
    googleusercontent.com
    cloudfront.com

    Well, here’s the thing…
    I don’t see this warning message when I browse ANY legit sites. I’ve only ever come across it a couple of times, and they were on sketchy sites that I wouldn’t trust ever. So, if the activity is so legitimate, why are there no sites out there where I see this?

    Also, this is a new development with the plugin. I’ve been using this plugin for several months and have never encountered this problem before. Now I’m seeing it. I think it’s just been in the last two versions. Why the change? What’s it needed for?

    Could you record (and send us) a screencast of the warnings you are getting, the sites you are seeing them on, and your settings?

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Cross-site scripting (XSS) error in FireFox’ is closed to new replies.