InformAction Forums

Arf =( I am not a huge fan of black magic,especially when it comes to security concerns… But it works and will do the trick for a PoC

I'll try to find more infos about what is happening, and will have a look at plugins API in Firefox, to have something that may be more robust.

Indeed, it works. Thanks a lot!

It's really weird that I have to return a function in the getter… Do you have any idea why is this happening? Especially as manually overriding mozRTCPeerConnection, brutally, was working, but only in the main window and not in the iframe.

Thanks

Well, I had a try with Object.defineProperty, but I could not get it to work fine with RTCPeerConnection. On the contrary, my (not so nice) solution to set brutally mozRTCPeerConnection to false seems to be working. I had a look with a debugger, and trying to access window.mozRTCPeerConnection retur...

Hmm, here is my extract aout:config: noscript.surrogate.test.replacement = window.RTCPeerConnection = false; window.mozRTCPeerConnection = false; noscript.surrogate.test.sources = @^(?!chrome:)[0-9A-Za-z-]+:; It works to block the first try to get RTCPeerConnection, but not the later with the iframe...

Hi,

Sorry for the delay, I did notice your response.

I managed to override the window.mozRTCPeerConnection object, but I did not find any way to override the trick used here : https://github.com/diafygi/webrtc-ips/b ... x.html#L41

Sadly, it seems to be really difficult to block this trick…

Something I've just found, how would you address such a thing? https://github.com/diafygi/webrtc-ips/b ... x.html#L41

The iframe trick is really nice and your method does not seem to work to prevent it.

Thanks

Ok for the way you handle it.

But, why using the location hash to handle it, and not a dedicated config storage as a plugin / localStorage?


And what about including such features in an advanced tab in NoScript?

Many webpages are not usable at all without JavaScript. For example, Discourse sites look completely different with and without JavaScript. https://fiddle.md/ is even worse as it simply displays a blank page and nothing else, if JavaScript is not enabled. Most of the websites I visit have poor desig...

Hi, I am currently looking for a way to block JavaScript on an API basis, rather than a per script basis, and to allow user to selectively enable the requested APIs on a per-site basis, if needed. One of the main things preventing users from using NoScript (and similar extensions), in my opinion, is...