markr 0 Posted October 4, 2008 Share Posted October 4, 2008 Go to http://news.google.co.ukIn the text box enter 'evernote news'Highlight the text you just enteredClick the Web Clipper icon in the browser toolbar"NoScript filtered a potential cross-site scripting (XSS) attempt from [http]."All domains involved are whitelisted.I tested this on several urls.As for why I would highlight text I had just entered - comments and feedback forms usually.Firefox 3.0.2NoScript 1.8.1.3Evernote Version 1.1.5 (36338) Link to comment
engberg 89 Posted October 4, 2008 Share Posted October 4, 2008 NoScript has known compatibility problems with Evernote. In particular, our little Javascript clipper looks like a "bad guy" to NoScript because we're taking content from your web page and then submitting it to another site. While this could theoretically be a bad thing, in your case it's doing exactly what you want to do.We'd recommend seeing whether you can configure any exceptions for Javascript from our web site, etc. Link to comment
heather 604 Posted October 4, 2008 Share Posted October 4, 2008 You can try this to fix the Noscript bug:1. Disable *Automatic Secure Cookie Management*, clear your cookies (at least those for the site you're trying to enter) from Firefox's *Options|Privacy|Cookies* and retry logging in. It should just work.2. If you've got a few minutes to investigate, - check your *Tools|Error Console* output for lines starting with "*[NoScript HTTPS] AUTOMATIC SECURE on https://www.evernote.com*"; - open *NoScript Options|Advanced|HTTPS|Cookies* and add "*.evernote.com" (without the quotes) to the *Ignore unsafe cookies...* list; - Close *NoScript Options* with "OK", clear your cookies (at least those for evernote.com) from Firefox's *Options|Privacy|Cookies*and try to log in.If, for instance, you can't login on http://www.ebay.com, the problem can be fixed adding **.ebay.com* to *NoScript Options|Advanced|HTTPS|Cookies|Ignore unsafe cookies...* and possibly resetting your cookies. If the problem happens on http://twitter.com(notice there's no "www." there), you'll need to put *both* *twitter.com* and **.twitter.com* to match both the top domain and the subdomains. Link to comment
markr 0 Posted October 4, 2008 Author Share Posted October 4, 2008 The thing is that if I want to use Evernote to catch this text then I need to add exceptions which moves away from the ease of use. I do recognise that this is a complex issue though and not easily solved. Link to comment
engberg 89 Posted October 5, 2008 Share Posted October 5, 2008 We've spent a few hours trying to detect NoScript so that we can give a more helpful warning to the user, but it appears that NoScript avoids any detection by the Javascript on a page. Link to comment
Tanman 0 Posted June 22, 2009 Share Posted June 22, 2009 @ Heather I tried this with Evernote and noscript and it does work. Thank you. Link to comment
Recommended Posts
Archived
This topic is now archived and is closed to further replies.