forum web page is stalling with "waiting for"...

I don’t know when this started, but since quite some months I do experience performance issues when browsing the openSUSE forum.
More precisely, my Google Chrome browser [Version 60.0.3112.113 (Official Build) (64-bit)] stalls again and again with the following message
being visible in the browsers status bar: “Waiting for”. The delay/stall takes about 30 s…

The DevTools of Chrome (invoked by hitting F12) shows the following message (again and again):

A Parser-blocking, cross site (i.e. different eTLD+1) script,, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message.See for more details.

Any idea what I could do to avoid this unpleasant delay?

This was reported also a few days ago in this thread

As I wrote at the time it wasn’t an issue I was seeing, and still don’t. (Possibly because I’m using the Firefox extension “NoScript” which blocks cross-site scripting).

There didn’t appear to be a resolution other than, as the OP wrote, to block that particular *.php file (comment #4).

When I am using Firefox 52.4.0, I don’t experience any delay either (with no add-ons nor extensions installed).

Google Chrome however seems to block DOM-based XSS since version 53. As this seems to be done for good reasons,
I am wondering if the forums web page shouldn’t get rid of this technique sooner or later.

I found some more insight into that problem here:

Just saw this again (and yes, I observe this quite frequently and it is​ annoying).

I concur, I had to go back to blocking the .php AGAIN.

If the forums still work with that blocked, which evidently they do, then I wonder why it’s needed?


In the thread you opened previously you wrote

It’s rather weird - I wonder what it even does.

If one actually browses to it returns the following: (heavily redacted!)


var LASTNAME="";
var EMAIL="";
var ADDRESS1="";
var ADDRESS2="";
var ADDRESS3="";
var CITY="";
var STATE="";
var ZIP="";
var COUNTRY="";
var COMPANY="";


var isLoggedIn = true;

var holy_moly = 'no';

function crossAuthenticate() {
    if(typeof isTest == "undefined") {
        var isTest = false;
    if(typeof isStage == "undefined") {
        var isStage = false;
    var randomNum = Math.floor((Math.random()*100)+1);
    var authImage_novell = new Image();
    authImage_novell.src = "https://secure-www" + ((isTest) ? "test.provo" : ((isStage) ? "stage.provo" : "")) + ""+randomNum;
    var authImage_suse = new Image();
    authImage_suse.src = "https://www" + ((isTest) ? "test" : ((isStage) ? "stage" : "")) + ""+randomNum;
    var authImage_netiq = new Image();
    authImage_netiq.src = "https://www" + ((isTest) ? "test" : ((isStage) ? "stage" : "")) + ""+randomNum;
if(isLoggedIn) {

var holy_moly = ‘no’; should clearly be var holy_moly = ‘yes’; in my case :wink:

That being said, forums work fine without it.