possible parsing bug?

Post a reply


In an effort to prevent automatic submissions, we require that you complete the following challenge.
Smilies
:D :) ;) :( :o :shock: :? 8-) :lol: :x :P :oops: :cry: :evil: :twisted: :roll: :!: :?: :idea: :arrow: :| :mrgreen: :geek: :ugeek:

BBCode is ON
[img] is ON
[flash] is OFF
[url] is ON
Smilies are ON

Topic review
   

Expand view Topic review: possible parsing bug?

Re: possible parsing bug?

by barbaz » Fri May 03, 2019 4:27 pm

What you describe is not a NoScript issue. It's a website bug.

The URL of the blocked resource is -

Code: Select all

https://https://www.maskedname.com/piwik.php
Which the browser interprets as -

Code: Select all

https://https//www.maskedname.com/piwik.php
As you can see, the domain of that URL is indeed "https".

The webmaster needs to change the second line of that code snippet, either to this...

Code: Select all

  var u='https://www.maskedname.com/';
... or this -

Code: Select all

  var u='//www.maskedname.com/';

(aside: NoScript 10's behavior in this situation is not what I would expect. I would think NoScript should *not* display "...https" in the popup, instead showing that entry as "https://https", because the domain "https" has no dots and is not a TLD. NoScript Classic behaves as expected.)

possible parsing bug?

by okkiales » Fri May 03, 2019 10:17 am

Hi!
during navigation to a site, my attention has been catched by a "blocked site" that was showing a domain with name "https".

Looking at the web page source I found that noscript figured the name out from an embedded script section where it found the following code:
......
function() {
var u='//https://www.maskedname.com/';
_paq.push(['setTrackerUrl', u+'piwik.php']);
......

I'd expect that noscript should only report the domain "www.maskedname.com" and not the "https" part of the string.
I'm not sure if the right domain was found or not as it also appears everywhere in the page source.

Thanks for your attention
Andrea

Top