NoScript XSS Warning

alienoralien · January 29, 2024, 1:09am

Hi
I’m learning about Whonix - I’m using the Qubes 4.2 anon-whonix VM with the Tor browser.
I was using this VM to log into a website when I got this message:

NoScript XSS Warning
NoScript detected a potential Cross-Sight Scripting Attack
from to
Suspicious data:
…

(this forum doesn’t allow links)

The popup allowed me to block the message.

In this VM, I had no tab connected to FB.

Has anyone experienced this message before ?

FYI: I use a firewall appliance with Proton VPN. So all my traffic from this desktop goes through it.
The discussion forum here recommends not using a VPN with Whonix - so I won’t be using this setup again.

Thank you,
AorA

Patrick · January 29, 2024, 10:05am

This issue is most likely unspecific to Whonix. Also unspecific to Qubes-Whonix.

The issue is most likely reproducible in Tor Browser outside of Whonix. It therefore can be resolved as per:

alienoralien · January 30, 2024, 2:58am

Looks like I placed this question under the wrong tag (Support). It was meant for end-users of Qubes-Whonix.

I’ll review other resources on XSS.

-AoA

Patrick · January 30, 2024, 11:01am

I moved it to support because Qubes-Whonix vs Non-Qubes-Whonix makes no difference here.