When log into ANZ.com, faced with a Noscript XSS (ANZ) script warning by Noscript, which offers me to either save the file, or open, or cancel, what to do?
When I open the ANZ.com website (and I have Noscript operating), Noscript identifies a XSS javascript (written by ANZ as part of its new internet banking website).
When I go to log in the login window pops up but within up to 50 seconds stalls then a javascript XSS warning shows (with a source from https://waf1x.anz.com). That window offers me a choice of (a) saving the javascript as a file, (b) opening the javascript with a program of my(?) choice, or cancelling the error window. The ANZ site becomes very sluggish until I cancel the error window, though even afterwards it is still slow.
The Javascript is " ... javascript__(function(){function i(){if(typeof XMLHttpRequest!='undefined'){return new XMLHttpRequest()}try{return new ActiveXObject(_Msxml2.XMLHTTP_)}catch(e){try{return new ActiveXObject(_Microsoft.XMLHTTP_)}catch(e){}}}function j(a){if(typeof(a)==_string_) ... "
How should I set up Firefox or Noscript to deal with the ANZ XSS script?
Semua Balasan (1)
reldepad said
When I open the ANZ.com website (and I have Noscript operating), Noscript identifies a XSS javascript (written by ANZ as part of its new internet banking website). When I go to log in the login window pops up but within up to 50 seconds stalls then a javascript XSS warning shows (with a source from https://waf1x.anz.com). That window offers me a choice of (a) saving the javascript as a file, (b) opening the javascript with a program of my(?) choice, or cancelling the error window. The ANZ site becomes very sluggish until I cancel the error window, though even afterwards it is still slow. The Javascript is " ... javascript__(function(){function i(){if(typeof XMLHttpRequest!='undefined'){return new XMLHttpRequest()}try{return new ActiveXObject(_Msxml2.XMLHTTP_)}catch(e){try{return new ActiveXObject(_Microsoft.XMLHTTP_)}catch(e){}}}function j(a){if(typeof(a)==_string_) ... " How should I set up Firefox or Noscript to deal with the ANZ XSS script?