www.liberoquotidiano.it

[Laser12]

www.liberoquotidiano.it doesn't work even using 'Temporarily allow page"

[therube]

Possibly related to XSS issues from googlecode?
But disabling the XSS settings does not look to rectify the problem?

[Giorgio Maone]

These morons are using googlecode.com (which is a code repository, where anyone can check in arbitrary and possible malicious JavaScript) like a CDN, to spare some cents on their bandwidth bill:

Code: Select all

[NoScript] Blocking cross-site Javascript served from http://lesscss.googlecode.com/files/less-1.0.30.min.js with wrong type info text/x-c++, attachment; filename="less-1.0.30.min.js" and included by http://www.liberoquotidiano.it/

As you can see, Google Code states clearly that the file is meant to be downloaded as an attachment, not executed as a JavaScript include.

Anyway, if they refuse to fix their idiocy, you can work around by adding lesscss.googlecode.com to your noscript.inclusionTypeChecking.exceptions about:config preference (space-separated).

[Thrawn]

using googlecode.com (which is a code repository, where anyone can check in arbitrary and possible malicious JavaScript) like a CDN, to spare some cents on their bandwidth bill.

Uh, oh...sounds a bit like getting all of your drinking water from the pond at the local park...

you can work around by adding lesscss.googlecode.com to your noscript.inclusionTypeChecking.exceptions about:config preference (space-separated).

NB ABE probably can't save you here, since their deliberately-included JavaScript could be compromised.

[Giorgio Maone]

Notice that the exception mentioned in my previous message has eventually been included in recent NoScript versions.
Nonetheless, the practice of including JavaScript libraries from code repositories remains idiotic and dangerous.
Read here for more reasons.

[Thrawn]

Notice that the exception mentioned in my previous message has eventually been included in recent NoScript versions.

Nonetheless, the practice of including JavaScript libraries from code repositories remains idiotic and dangerous.
Read here for more reasons.

Er...is adding an exception for that a good idea? I mean, yeah, the site breaks without it, but OTOH, isn't allowing it inherently dangerous? Not just on liberoquotidiano, but on any site that might foolishly try the same trick? Better, I would think, to let sites like that break, and have users go digging around, find out about the sloppy coding, and make an informed decision about whether or not to trust their safety to these webmasters. Otherwise, I might decide to trust a site that I want to get working, oblivious to the fact that they're importing scripts that aren't under their control.