NoScript XSS Warning

I’m learning about Whonix - I’m using the Qubes 4.2 anon-whonix VM with the Tor browser.
I was using this VM to log into a website when I got this message:

NoScript XSS Warning
NoScript detected a potential Cross-Sight Scripting Attack
from to
Suspicious data:

(this forum doesn’t allow links)

The popup allowed me to block the message.

In this VM, I had no tab connected to FB.

Has anyone experienced this message before ?

FYI: I use a firewall appliance with Proton VPN. So all my traffic from this desktop goes through it.
The discussion forum here recommends not using a VPN with Whonix - so I won’t be using this setup again.

Thank you,

This issue is most likely unspecific to Whonix. Also unspecific to Qubes-Whonix.

The issue is most likely reproducible in Tor Browser outside of Whonix. It therefore can be resolved as per:

Looks like I placed this question under the wrong tag (Support). It was meant for end-users of Qubes-Whonix.

I’ll review other resources on XSS.


I moved it to support because Qubes-Whonix vs Non-Qubes-Whonix makes no difference here.