[RESOLVED] Allow IFRAME vom specifc site on other site?

Post a reply


In an effort to prevent automatic submissions, we require that you complete the following challenge.
Smilies
:D :) ;) :( :o :shock: :? 8-) :lol: :x :P :oops: :cry: :evil: :twisted: :roll: :!: :?: :idea: :arrow: :| :mrgreen: :geek: :ugeek:

BBCode is ON
[img] is ON
[flash] is OFF
[url] is ON
Smilies are ON

Topic review
   

Expand view Topic review: [RESOLVED] Allow IFRAME vom specifc site on other site?

Re: [RESOLVED] Allow IFRAME vom specifc site on other site?

by barbaz » Fri Aug 28, 2015 1:31 am

Sorry to bring up this old thread again, but the allowedMimeRegExp suggestions given here are dangerous & not what is expected, & given https://forums.informaction.com/viewtopic.php?f=7&t=21206 I feel the need to clarify what they are really doing.
Tom T. wrote:

Code: Select all

application/x-unknown <IFRAME> / http://*.s3.us.archive.org

This one is Allowing:
1) embeddings with a MIME type "application/x-unknown" on *all* sites,
2) embeddings with a MIME type "<IFRAME>" on *all* sites,
3) (I think) embeddings with a MIME type "/" (or is it an implicit */* ? I don't think so but not totally sure) on *all* sites, and
4) embeddings with a MIME type "http://*.s3.us.archive.org" on *all* sites.

Tom T. wrote:

Code: Select all

application/x-unknown <IFRAME>@http://*\.s3\.us\.archive\.org/*

Here again is Allowing same as (1) above, but additionally is Allowing all embeddings with MIME type "<IFRAME>" from all sites that match the regex "http://*\.s3\.us\.archive\.org/*" - i.e. http:/ followed by 0 or more / followed by ".s3.us.archive.org" followed by 0 or more /

Even despite the fact that "<IFRAME"> isn't a valid MIME type nor is it a pseudo-type usable in allowedMimeRegExp, in practice the <IFRAME> portion of this suggestion would not Allow anything on any site, because out of a URL like http://example.net/test/foo, only the "http://example.net" (called the "site") part is matched against, and as no domain starts with a . the pattern thus cannot match a valid site.



Here's a better link to the screenshot, as the link landing page isn't working for me:

Code: Select all

http://imagizer.imageshack.us/v2/900x600q90/16/noscriptmbiframe.png

The following suggestion for allowedMimeRegExp will probably work in this case & is not counter-intuitive in any way:

Code: Select all

FRAME@https?://mbid-[0-9a-f-]+\.s3\.us\.archive\.org



Bye

Re: [RESOLVED] Allow IFRAME vom specifc site on other site?

by Tom T. » Fri Mar 01, 2013 6:40 am

You're very welcome.
Image

Re: Allow IFRAME vom specifc site on other site?

by NoScrUser » Thu Feb 28, 2013 9:31 am

Both suggestions works fine.

Thank you very much for your help, problem is solved!

Re: Allow IFRAME vom specifc site on other site?

by Tom T. » Thu Feb 28, 2013 6:19 am

Please try

Code: Select all

application/x-unknown <IFRAME> / http://*.s3.us.archive.org

or

Code: Select all

application/x-unknown <IFRAME>@http://*\.s3\.us\.archive\.org/*

The final wildcard may or may not be necessary.
If IFRAME doesn't work, substitute FRAME, but I seem to remember once having created an effective rule with IFRAME as the pseudo-MIME type.

Re: Allow IFRAME vom specifc site on other site?

by NoScrUser » Wed Feb 27, 2013 10:12 am

Thank you for the options!
Thrawn wrote:
  • edit noscript.allowedMimeRegExp in about:config to allow IFRAME only at musicbrainz.org.
Could you please help me with the matching regular expression?

My attempts (according to
If you want to match any frame (IFRAMEs or FRAMEs) independently of its actual MIME content type, you can use the FRAME pseudo content type. For any web font, instead, you can use the FONT pseudo content type. For example, setting the noscript.allowedMimeRegExp preference value to "FRAME@https?://somesite\.com FONT@https?://some-other-site\.com" will permanently allow any FRAME/IFRAME load from somesite.com and any web font load from some-other-site.com
with:

Code: Select all

FRAME@https?://archive\.org
or

Code: Select all

FRAME@http://archive.org
don't work.

This one

Code: Select all

*@http://archive.org
would allow what I want, just a little bit to wide "open" with the asterix.

How do I have to restrict the expression for IFRAME (or application/x-unknown or both)?
Image

Re: Allow IFRAME vom specifc site on other site?

by Thrawn » Wed Feb 27, 2013 4:51 am

That's your trouble, then. You've told NoScript to give you a placeholder even on whitelisted sites, so naturally you will get a placeholder.

You can either:
  • uncheck this box, so trusted sites won't have placeholders; or
  • exclude IFRAME from this by unchecking the IFRAME box in Options-Embeddings; or
  • edit noscript.allowedMimeRegExp in about:config to allow IFRAME only at musicbrainz.org. If you don't understand how to do this one, then don't try...

Re: Allow IFRAME vom specifc site on other site?

by NoScrUser » Tue Feb 26, 2013 11:12 pm

Yes, "Diese Einschränkungen auch auf vertrauenswürdige Websites anwenden" is enabled.

Re: Allow IFRAME vom specifc site on other site?

by Thrawn » Tue Feb 26, 2013 10:55 pm

Under Options-Embeddings, have you enabled 'Apply these restrictions to whitelisted sites too'?

Re: Allow IFRAME vom specifc site on other site?

by NoScrUser » Tue Feb 26, 2013 11:18 am

I have doublechecked my Whitelist ("Positivliste"). Both 'archive.org' and 'musicbrainz.org' are included.
(-> If I type the adresses in the URL-field, the button "Allow" change its status to disabled)

If I hoover over the placeholder, I get:
<IFRAME>, unknown@http://mbid-8cbac5aa-4211-44d0-8c75-0d380b8f7ca5.s3.us.archive.org/

The only thing changing is the number between mbid- and s3.us.archive.org.

What should I do?

Re: Allow IFRAME vom specifc site on other site?

by Thrawn » Tue Feb 26, 2013 11:06 am

Have you allowed musicbrainz.org and archive.org on the regular NoScript menu?
Which sites are still blocked?

Re: Allow IFRAME vom specifc site on other site?

by NoScrUser » Tue Feb 26, 2013 10:56 am

Thank you very much for the fast answer!

Unfortunately, there must be something else stopping me to be successfull at the first try to upload a cover picture.
The IFRAME placeholder appears with your suggestion too.

What could that be?

Re: Allow IFRAME vom specifc site on other site?

by Thrawn » Tue Feb 26, 2013 10:37 am

Nice try, and good on you for tackling ABE. As often happens, the rule that you are trying to use is backward.

ABE is request-oriented, not resource-oriented. 'Allow from example.com' does not mean 'allow resources from example.com to load', it means 'allow requests originating from example.com'. So, your rule should look like this:

Code: Select all

Site .archive.org
Accept from .musicbrainz.org
Deny

Ie 'requests sent to archive.org (and subdomains) will be allowed only if they come from musicbrainz.org (and subdomains)'

Well done for using the leading dot wildcard, though. Many people overlook it and use an asterisk instead, which isn't quite the same.

[RESOLVED] Allow IFRAME vom specifc site on other site?

by NoScrUser » Tue Feb 26, 2013 10:14 am

If I try to add a cover picture for an music album on musicbrainz.org with this url
and then choose a local saved *.jpg and type 'Front' and finally click on the button 'Enter Edit' to upload the picture, I always get a placeholder symbol for the IFRAME.

Whatever I try to setup in the ABE -> USER -> Rules, like
# CoverArt-Archiv allow rule
Site .musicbrainz.org
# the above is shortcut for *.musicbrainz.org
Accept ALL from .archive.org
Deny

I can't get it working on the first try. If I click on the placeholder-symbol and enter the informations a second time, the cover will be added without problems.

Could please someone tell me, how the ABE rule must be defined to allow the IFRAME from *.archive.org for the musicbrainz.org website only?

Top