Youtube trying xss attacks?
Hello.
I have noticed that for the last few days NoScript has been giving me a warning saying "NoScript filtered a potential cross-site scripting (XSS) attempt from [https://www.youtube.com]. Technical details have been logged to the console."
Is anyone noticing the same? It has happened to me in both Tor Browser and regular firefox browser. Could youtube be trying something? Or maybe it's just an error on NoSript?
I am a member!
I've gotten that too. I have no idea what it means though.
Could be a Google glitch - this article explains: 'Cross Site Scripting (XSS) Attacks: Methodology and Prevention'
https://www.golemtechnologies.com/articles/prevent-xss
Sounds like a false positive to me ! Firefox under Xubuntu also reports this.
The corresponding elements have this URL:
https://apis.google.com/_/scs/apps-static/_.....
Giorgio (NoScript developer) is aware of this
I am a member!
On the same subject, I have been unable to stream youtube videos since installing firegloves (an extension that makes your browser appear less unique to prevent fingerprinting based tracking). When trying to play a video, all I get is a "static looking" screen with the NaN in the center. This happens both with html5 and with gnash. As soon as I disable firegloves, the videos play again. Any thoughts?
I've also had that happen; I presume YouTube requires some information dumped before playing videos and if it doesn't get it they freak out. You may want to try "Blender" firefox addon; it's not quite as good as firegloves but keeps some of the information hidden and YouTube still works with gnash. They also require cookies after about two videos so you'll need to enable them for session and delete them when done.
Alternatively just use youtube-dl/minitube.
I am a member!
Thanks for the advise. I use youtube-dl, especially for videos that I plan on playing again.
The big problem trying to evade tracking is that the business models of these companies depend on it. You don't realize its pervasiveness until you try to avoid it. I will take a look at blender. Firegloves is very good...I don't know if anyone has picked off where the initial developers left off. It would be nice to have an option to whitelist certain websites, for example.
I would rather not enable any cookie from google :)