Author Topic: Cross site scripting problems on Freereg  (Read 7740 times)

Offline Duodecem

  • RootsChat Senior
  • ****
  • Posts: 463
  • Census information Crown Copyright, from www.nationalarchives.gov.uk
    • View Profile
Cross site scripting problems on Freereg
« on: Tuesday 13 December 11 13:47 GMT (UK) »
I use Windows Vista and I'm having a problem with Freereg.
As you know, you get a list of possible names and need to click on the number to see the details. This works fine.
Then you need to back click in order to check details for the next possible entry in the list. At this point I get the message "Internet Explorer has modified this page to prevent cross site scripting" Instead of the list on the previous page there is a blank page with a tiny hash symbol.
Eventually after much back clicking I get back to the search page, but usually the place that I've laboriously selected from the huge list has gone and I have to start again.
The most annoying thing is that it doesn't happen every time it seems quite random.
Any suggestions please?
Cooper- Berks, Herts, Wrexham,Birmingham
Garrett- London, Berks
Morton-Berkshire
Harvey- Essex
Hambling, Royal,Dale,Jackson, Tann, Boatwright Edridge/Etheridge/Uttridge -all Norfolk
Osborne-Norfolk and Northumberland/Durham

Offline japeflakes

  • RootsChat Marquessate
  • *******
  • Posts: 7,289
    • View Profile
Re: Cross site scripting problems on Freereg
« Reply #1 on: Tuesday 13 December 11 13:54 GMT (UK) »
It is not recommended to turn off the XSS Filter in IE8 and IE9. Doing so will leave you vulnerable to cross-site scripting attacks

Offline [Ray]

  • RootsChat Marquessate
  • *******
  • Posts: 6,270
  • UK Census information Crown Copyright
    • View Profile
Re: Cross site scripting problems on Freereg
« Reply #2 on: Tuesday 13 December 11 14:01 GMT (UK) »
Hi

If someone does not come up with an answer for IE8/9, then you can do it using Firefox.
Tools/Options/Tabs
"Open new windows in a new tab instead"

You've then got the original page in the original tab.
As you said "Click on the number to view the details" and you can then do what you want in the new tab(s).

R
 
"The wise man knows how little he knows, the foolish man does not". My Grandfather & Father.

"You can’t give kindness away.  It keeps coming back". Mark Twain (?).

Offline corieltauvi

  • RootsChat Extra
  • **
  • Posts: 23
    • View Profile
Re: Cross site scripting problems on Freereg
« Reply #3 on: Tuesday 13 December 11 22:53 GMT (UK) »
You could try using compatibility mode  :D. It seems quite good for a lot of sites that don't work.
In IE8/9 click on tools > compatibility view and see how you get on.

Torven
Burgoyne
Gorwyn
Zeffertt
Young (Nottingham)


Offline Duodecem

  • RootsChat Senior
  • ****
  • Posts: 463
  • Census information Crown Copyright, from www.nationalarchives.gov.uk
    • View Profile
Re: Cross site scripting problems on Freereg
« Reply #4 on: Wednesday 14 December 11 07:23 GMT (UK) »
Thank you all -but I'm sorry I don't understand what IE8/9 is or how I access it.
I did think of using Firefox or google Chrome but I have the site bookmarked on Google andChrome does not offer that facility.
Thanks again, Jan
Cooper- Berks, Herts, Wrexham,Birmingham
Garrett- London, Berks
Morton-Berkshire
Harvey- Essex
Hambling, Royal,Dale,Jackson, Tann, Boatwright Edridge/Etheridge/Uttridge -all Norfolk
Osborne-Norfolk and Northumberland/Durham

Offline andycand

  • RootsChat Marquessate
  • *******
  • Posts: 4,384
  • Census information Crown Copyright, from www.nationalarchives.gov.uk
    • View Profile
Re: Cross site scripting problems on Freereg
« Reply #5 on: Wednesday 14 December 11 08:04 GMT (UK) »
Hi

IE8/9 is Internet Explorer 8 or 9 and is the browser you are probably using. When you log onto the Internet is the icon an E with a circle round it like an orbit? If so that is Internet Explorer. I have Windows Vista and my browser is IE8 (Internet Explorer 8) I use Compatability View as Torvan suggested and I did a quick test of FreeReg and can go back and forth with no problem

Andy

Offline falcybe

  • RootsChat Veteran
  • *****
  • Posts: 840
  • Census information Crown Copyright, from www.nationalarchives.gov.uk
    • View Profile
Re: Cross site scripting problems on Freereg
« Reply #6 on: Wednesday 14 December 11 22:00 GMT (UK) »
Quote
you get a list of possible names and need to click on the number to see the details. This works fine. Then you need to back click in order to check details for the next possible entry
Furthur to what Ray wrote:
In Internet Explorer, if you hold down the Ctrl key when you click on a number, the page will open up in a new tab, which you close after you have looked at it and the original list is always on your screen.

cheers, falcybe
Hayden Cowan Weir Jowett Barclay Howard Gooch Joiner Rayner Ash Travers Coltman Samuel Falconer Lacey Croton Clarke Robinson Alden Burroughs
Ford Lusty Jones Wice Wise Scorey Rayner Harding Bacon Chambers and lots more
Click on the little house on the left to go to our site

Offline wrjones

  • RootsChat Marquessate
  • *******
  • Posts: 8,481
    • View Profile
Re: Cross site scripting problems on Freereg
« Reply #7 on: Wednesday 14 December 11 23:13 GMT (UK) »
I'm using Windows 7 and IE9,I keep getting a message on the bottom of the page;"Internet Explorer has modified this page to prevent cross site scripting"

Regards
William Russell Jones.
Jones, Griffiths. Stephens, Parry, Gabriel, Conway, Hughes, Evans, Roberts, Lea, Hanmer. Peake, Edwards. Newnes, Davies. Thomas. "Blythin".
All North Wales.
Conway, Durber, Cartlidge, Lovatt, Bebington. Brindley, Sankey, Brunt. Dean. Clewes. Rhodes. Mountford,Walker,Bache, "Gibbons"Hood. Taylor
All Stoke-on-Trent.
Francis - Nantwich Cheshire.
Dennell - Cheshire/Staffordshire.
Talbot-Shropshire
Census Information Is Crown Copyright,from www.nationalarchives.gov.uk

Offline [Ray]

  • RootsChat Marquessate
  • *******
  • Posts: 6,270
  • UK Census information Crown Copyright
    • View Profile
Re: Cross site scripting problems on Freereg
« Reply #8 on: Thursday 15 December 11 06:45 GMT (UK) »

"IE8/9 has a Cross-Site Scripting (XSS) Filter feature (default switched on) that can help prevent one website from adding potentially malicious script code to another website. It analyzes how websites interact, and when it recognizes a potential attack, it will automatically block script code from running. When this happens, you will see a message in the Notification bar letting you know that the webpage was modified to help protect your privacy and security."


"The wise man knows how little he knows, the foolish man does not". My Grandfather & Father.

"You can’t give kindness away.  It keeps coming back". Mark Twain (?).