xQuartz download web page XSS blocked by noScript
bh@cs.berkeley.edu
Submitted byAssigned to Jeremy Huddleston Sequoia
Link to original bug (#106139)
Description
When I visit https://www.xquartz.org/ I get a message from noScript saying that it blocked a cross-site scripting attempt. If I don't allow the XSS, the "quick download" link doesn't work; it downloads a file with a long name full of digits and no extension.
At a minimum, the page should warn users that this will happen and that they should allow the XSS attempt. Better would be to redesign the web page so that this doesn't happen.
Thanks.
Version: 2.7.11 (xserver-1.18.4)