Results 1 to 5 of 5
  1. #1
    Community Member Thalamask's Avatar
    Join Date
    Oct 2009
    Posts
    58

    Default Forum Bug - XSS Error

    Hi guys... I hope somebody can help me with this. I've tried everything I know, and my limited googlefu has revealed nothing useful.

    I've been editing my posts using the advanced editor for a while now, and all of a sudden I'm getting wierd errors. Everything's fine when I click Edit, but as soon as I click Go Advanced to get the full editor I'm now getting the following error :

    This page isn’t working

    Chrome detected unusual code on this page and blocked it to protect your personal information (for example, passwords, phone numbers, and credit cards).



    ERR_BLOCKED_BY_XSS_AUDITOR



    I've got no idea how to get around this. I haven't changed, installed, updated etc. anything recently, so is it me? My computer? Chrome? Or is it something on the forums that needs fixing?

    Thanks in advance!

  2. #2
    Community Manager
    Cordovan's Avatar
    Join Date
    Nov 2010
    Location
    Boston Area, MA
    Posts
    26,685

    Default

    I usually find this has to do with the content of the posts. I see someone reporting this error once every couple of years, and it's usually due to vBulletin thinking there's "dangerous" code in the post. Copy your post into Notepad or something, and try adding it to the advanced editor then hit preview one paragraph at a time until you find the culprit.
    Have fun, and don't forget to gather for buffs!
    Follow DDO on: Facebook Twitter Pinterest
    Join us on Twitch!
    Hello from Standing Stone Games! Facebook Twitter
    For Support: https://help.standingstonegames.com



  3. #3
    Community Member Thalamask's Avatar
    Join Date
    Oct 2009
    Posts
    58

    Default

    Thanks for getting back to me so quickly, Cordovan!

    You were right. It was something to do with the links I'd included in the thread. I dunno why the DDO forum seems to hate links to the DDO forum, but there you go!

    I'll work on a way to get around that.

    Thanks again!

  4. #4
    Community Member janave's Avatar
    Join Date
    Sep 2009
    Posts
    3,773

    Default

    Quote Originally Posted by Thalamask View Post
    Thanks for getting back to me so quickly, Cordovan!

    You were right. It was something to do with the links I'd included in the thread. I dunno why the DDO forum seems to hate links to the DDO forum, but there you go!

    I'll work on a way to get around that.

    Thanks again!
    You probably had your session id in the link. remove the ?s=... part. and you should be ok.

    Setting a known sessid by an attacker is one way to do XSS. So if an admin clicks it, the attacker can log in by setting up a cookie in browser with that sid.

  5. #5
    Community Member Thalamask's Avatar
    Join Date
    Oct 2009
    Posts
    58

    Default

    Quote Originally Posted by janave View Post
    You probably had your session id in the link. remove the ?s=... part. and you should be ok.

    Setting a known sessid by an attacker is one way to do XSS. So if an admin clicks it, the attacker can log in by setting up a cookie in browser with that sid.
    Thanks for the suggestion, but I don't think that's it.

    The post in question is this one : https://www.ddo.com/forums/showthrea...=1#post5980081

    It's the link section at the top of the post that's breaking things, and a quick check through them didn't show any ?s= unless I've completely misunderstood you.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

This form's session has expired. You need to reload the page.

Reload