What is JotForm?
JotForm is a free online form builder which helps you create online forms without writing a single line of code. No sign-up required.

At JotForm, we want to make sure that you’re getting the online form builder help that you need. Our friendly customer support team is available 24/7.

We believe that if one user has a question, there could be more users who may have the same question. This is why many of our support forum threads are public and available to be searched and viewed. If you’d like help immediately, feel free to search for a similar question, or submit your question or concern.

  • Profile Image

    Wishbox is recognized as a XSS attmept by browser

    Asked by Alex on April 10, 2012 at 05:16 AM


    We are currenlty thinking about implementing Wishbox on our site. However during tests we have noticed that NoScript for Firefox routinely filters Wishbox and flags it as a potential XSS attempt from jotform.com. Now we know that you're not trying to hack anyone, however this does not happen with competitor products such as getsatisfaction. Thus we potentially risk being seen as not trustworthy. We are in favour of Wishbox but before integrating it we would like to know whether you have noticed this "problem" and if it will be "fixed".

    Thank you.

  • Profile Image
    JotForm Support

    Answered by NeilVicente on April 10, 2012 at 06:46 AM


    I am not too sure but here's my two cents on your issue:

    Wishbox uses a script that is hosted on our server. Thus, when you embed it on your webpage, it will be seen as a cross-site script by whatever Firefox add-on you are using.

    Perhaps uploading the wishbox script on your webhost might do wonders.

    Anyway, I have forwarded this thread to our developers so we can get more accurate answers.

    P.S. I tried running NoScript plugin but could not find anything that says Wishbox is flagged for potential XSS attempt. Would you care to share a screenshot of this?