Wishbox is recognized as a XSS attmept by browser

  • Profile Image
    Alex
    Asked on April 10, 2012 at 05:16 AM

    Hi,

    We are currenlty thinking about implementing Wishbox on our site. However during tests we have noticed that NoScript for Firefox routinely filters Wishbox and flags it as a potential XSS attempt from jotform.com. Now we know that you're not trying to hack anyone, however this does not happen with competitor products such as getsatisfaction. Thus we potentially risk being seen as not trustworthy. We are in favour of Wishbox but before integrating it we would like to know whether you have noticed this "problem" and if it will be "fixed".

    Thank you.

  • Profile Image
    NeilVicente
    Answered on April 10, 2012 at 06:46 AM

    Alex,

    I am not too sure but here's my two cents on your issue:

    Wishbox uses a script that is hosted on our server. Thus, when you embed it on your webpage, it will be seen as a cross-site script by whatever Firefox add-on you are using.

    Perhaps uploading the wishbox script on your webhost might do wonders.

    Anyway, I have forwarded this thread to our developers so we can get more accurate answers.

    P.S. I tried running NoScript plugin but could not find anything that says Wishbox is flagged for potential XSS attempt. Would you care to share a screenshot of this?