If this is the case, should I allow first-party in NoScript, but disable first party in uBlock? How should I configure NoScript's settings ("script," "object," "media," "frame," "font," "webgl," "ping," "noscript," "other") so the functionality doesn't overlap?
I have been learning about XSS. Whilst learning I have seen that XSS can be demonstrated by displaying an alert on the web page after inputing some java script into a search bar etc. However this is far from malicous and so I am wondering what can actually be done with XSS. An idea I have is to host a malicious payload that gives a reverse shell on a web server and use XSS to call the reverse shell from the target website, would this even be possbile?
Please share your thoughts and knowledge about the potential of XSS please.