NoScript detects "cross-site scripting" on DDG searches from Abrowser address bar

I'm using the latest Abrowser on Flidas, with the latest NoScript. I have DDG set as my default search engine.

NoScript keeps thinking it detects a cross-site scripting attack when I search DDG from the address bar. AFAICT duckduckgo.com is the only domain involved, so how can it be a cross-site attack? The error message reads:

> NoScript detected a potential Cross-Site Scripting attack from [...] to https://duckduckgo.com.

> Suspicious data: Error: Timeout! DOS attack attempt?

This has happened a few times, on a few different days. Is this a false positive? A NoScript bug? An Abrowser bug? Something else? Is there anything I can do to figure out why it's happening?