Cross script scripting block disabling sitepal
We have noticed that our avatar is blocked by some corporate networks that don't permit cross site scripting... it sees scripts coming from sitepal instead of scripts from the requested domain. Is there a workaround to this? or can these large corporates not use our Sitepal implementation?
Customer support service by UserEcho
This is a bit unusual. We have never received any report of SitePal being blocked due to XSS concerns.
I think it is more likely that a specific corporate network has restrictions in place to block traffic from any domain that has not been specifically whitelisted with the corporate authorities. Some companies go overboard in trying to prevent their employees to interact with anything but work. Such restrictions would affect not only SitePal bu many other services as well.
In general, this does not seem to be a significant concern - but we would look into it further if you could provide more info (i.e. a Fiddler printout etc.)
Which browser was used? Was the demo done on your computer (i.e. laptop you brought with you) or on the host company computer?
I'm thinking possibly restrictive browser settings.
Also - was the page loaded in http or https?