Hi,
When I visit either the forums or main website at openqa.org my script blocker tool in FireFox, (NoScript,
http://noscript.net) is indicating that it is blocking scripts from 'about:blank'
This is weird, I do not see this on any other website (or I'd be blaming my setup), nor does it happen when I am on your Jira site. Looking at your page source reveals no references to about:blank, nor does it show up on any of the page/object properties.
I am concerned because it may be a attack vector; some posts I see indicate it may be a 'Phishermans Friend', see:
http://www.dozleng.com/updates/index.php?s=cfaa7db32e0b513e7c9a20eace212dd1&showtopic=13234
http://seclists.org/fulldisclosure/2007/Feb/0427.html
Of course, that may be a total red-herring, and this is something you are doing intentionally, or it may not be specific to you at all and I only see it on your sites due to some other issue with my system. I just don't understand this well enough to investigate further. But I thought I should at least create this issue so that you are aware of it, just in case it is a serious problem.
Improvement
Open
Critical
Script blocker (noscript) in firefox seems to think about:blank is running scripts on your forum and main websites?
Looks like I was mistaken about this being a serious problem;
http://noscript.net/faq#qa1_9
It's just that you (or your CMS) are opening a empty document/frame with scripting injected, it has the title 'about:blank' by default, hence I see it in the script blocker. Because the scripting has to be injected by another script which I already allow, it's safe to allow this too.
Sorry about bothering you, I just failed to find this FAQ when I searched originally. I'm happy if you just close this.
Owen.