I wanted to buy something on http://linuxisos.de/ .
However, when I got to the Paypal page, NoScript notified me of a cross-scripting attempt.

Here's what I could copy from the console:
Is cross-scripting necessary in some cases or not?
Is there any valid reason for a website to do cross-scripting on paypal?

Is there a way to see the script that was sent to Paypal and know what it does?

If you read the NoScript FAQ you'll see you can get this message when you have the destination site whitelisted but the site from which the Javascript action originates not. If it's XSS this means an untrusted site is trying to make you believe it is OK to do stuff for it in a site you trust. OTOH if uploading data from one site to another is legitimate it shouldn't be called or tagged as XSS.


If you rephrase that more neutrally you're asking "is there a valid reason for a website to upload data to Paypal?". Since it involves HTTPS on both sides, the site probably mentioning Paypal transactions and it being the site you *expect* to do a transaction with that should be OK (me not having any idea about the way things are done by that site). If you are unsure you can always 0) enable Firefox to alert you when it thinks a site is bogus, 1) inspect the certificate more closely to see if it's valid, 2) check the 'net for problems with that site, 3) contact the owner (apparently he owns linuxisos.de, freesoft-shop.de and tuxonline-shop.de) or 4) use another site. If you are sure it's OK then just add this site to your whitelisting of trusted domains (for the duration of the transaction). BTW, also be careful about which plugins you have enabled: problems can occur when transforming plugins change data before NoScript sees it.


Per the NoScript FAQ at the time of the warning the details will be in Firefox' error console. You may be able to trap it either viewing the page or included sources or one of those plugins that intercepts data like Tamper Data, Firebug or the Web Developer one or a MITM proxy like Paros or Burp proxy.