Search found 244 matches
- Tue Sep 01, 2020 12:49 pm
- Forum: NoScript Development
- Topic: 11.0.41
- Replies: 26
- Views: 10462
Re: 11.0.41
Looks like special handling of onload in body needs to be done a bit later, so that it's certain the body has been parsed. DOMContentLoaded seems a good candidate. Doing it in a mutationobserver is also a possibility. But it's not just onload. Also onunload and onpagehide share the same problem. The...
- Sun Aug 30, 2020 7:52 am
- Forum: NoScript Development
- Topic: 11.0.41
- Replies: 26
- Views: 10462
Re: 11.0.41
Noticed that onload event attribute on body was not getting caught by the eventSuppressor. document.addEventListener() didn't even catch the event. Using plain addEventListener() did, but turns out load is non-cancelable. (https://developer.mozilla.org/en-US/docs/Web/API/Window/load_event) That's no...
- Sun Aug 30, 2020 6:10 am
- Forum: NoScript Development
- Topic: 11.0.41
- Replies: 26
- Views: 10462
Re: 11.0.41
This approach (document.write) does not work with XHTML or XML(SVG) files.
- Sat Aug 29, 2020 9:23 pm
- Forum: NoScript Development
- Topic: 11.0.41
- Replies: 26
- Views: 10462
Re: 11.0.41
I suspect that's because you forgot to change to document also the removeEventListener() call in finalize(), therefore bodySuspender gets called after finalization. :oops: Interestingly, if I use the original plain addEventListener() and remove the removeEventListener() from finalize(), I get prett...
- Sat Aug 29, 2020 11:11 am
- Forum: NoScript Development
- Topic: 11.0.41
- Replies: 26
- Views: 10462
Re: 11.0.41
Event attribute suppression looking good. And to test the suspending on DOMContentLoaded: Document used for testing: <!DOCTYPE html> <html> <head> <meta charset='UTF-8'> </head> <body> <script src="script.js"></script> </body> </html> script.js: console.log("External script hello!&quo...
- Fri Aug 28, 2020 4:17 am
- Forum: NoScript Development
- Topic: 11.0.41
- Replies: 26
- Views: 10462
Re: (11.0.40rc2 and up) Local files external JS files sometimes cannot listen on DOMContentLoaded
Pointed this problem out in my 11.0.41 thread already.
Giorgio is working on it, but I'm afraid it's not a easy one.
Giorgio is working on it, but I'm afraid it's not a easy one.
- Wed Aug 26, 2020 1:34 pm
- Forum: NoScript Development
- Topic: 11.0.41
- Replies: 26
- Views: 10462
Re: 11.0.41
It's not, actually. We remove the event suppression as soon as we install the CSP (in order to avoid unespected side effects in the "normal" user interaction with a scriptless page), and this could be abused by including a very slow loading script / stylesheet / whatever in the head causi...
- Wed Aug 26, 2020 10:14 am
- Forum: NoScript Development
- Topic: 11.0.41
- Replies: 26
- Views: 10462
11.0.41
Interesting update again. Some remarks. The event attribute removal would appear to be redundant now that there is a method to "suppress" them. However, the list of the eventTypes is not complete. For example beforescriptexecute is a valid event, that could be put e.g. in head and would cu...
- Fri Aug 21, 2020 6:25 am
- Forum: NoScript Support
- Topic: Noscript puts FF in a reload loop
- Replies: 37
- Views: 13423
Re: Noscript puts FF in a reload loop
staticNS.js:104 documentCSP.apply(new Set()); // block everything to prevent leaks from page's event handlers Is the above actually necessary? The root attributes are already removed in the beginning of this file. Sure, they are put back in the setup(), but they should be subject for the CSP now. .3...
- Thu Aug 20, 2020 10:45 am
- Forum: NoScript Support
- Topic: Noscript puts FF in a reload loop
- Replies: 37
- Views: 13423
Re: Noscript puts FF in a reload loop
11.0.39rc6 on linux. Can't reproduce the original bug with any config, so not able to say anything about how the fix handles that, BUT... While changing permissions on any file, the permissions are not always actually changed after the reload. This would appear to be caused by the onBeforeUnload not...
- Sat Aug 15, 2020 1:38 pm
- Forum: NoScript Development
- Topic: [Fixed] Ability to refresh page file:///tmp/page#13 with scripts enabled
- Replies: 3
- Views: 3950
Re: Ability to refresh page file:///tmp/page#13 with scripts enabled
Can confirm. Problem is in Policy.js: Sites.parse() let path = url.pathname; siteKey = url.origin; if (siteKey === "null") { siteKey = site; } else if (path !== '/') { siteKey += path; } Since origin is null for file:, the fragment (hash) ends up in the siteKey and the url is not matched. ...
- Thu Aug 13, 2020 9:15 am
- Forum: NoScript Development
- Topic: 11.0.37 src script
- Replies: 7
- Views: 4182
Re: 11.0.37 src script
Looks good now. Thanks!
- Thu Aug 13, 2020 6:40 am
- Forum: NoScript Development
- Topic: 11.0.37 src script
- Replies: 7
- Views: 4182
Re: 11.0.37 src script
Synchronous XHR suspends the current JS execution flow by pushing the current state into a kind of stack. Oh, I knew about that. Should have realized it would be a problem. :oops: Why does NoScript need to do any suspending at all in Firefox? Also "Disable restrictions for this tab" relie...
- Wed Aug 12, 2020 11:23 am
- Forum: NoScript Development
- Topic: 11.0.37 src script
- Replies: 7
- Views: 4182
Re: 11.0.37 src script
Of course there is another problem with the above. <html onclick="console.log('CLICK')"></html> Any event attribute in element that gets parsed before the CSP is inserted, is not blocked. For documentElement (<html>) this happens by default as it exists already when contentscripts run. How...
- Wed Aug 12, 2020 7:06 am
- Forum: NoScript Development
- Topic: 11.0.37 src script
- Replies: 7
- Views: 4182
11.0.37 src script
Problem with 11.0.37 Since no more beforescriptexecute safety net, the script in the next sample will not be blocked on file: protocol. Does not appear to cause problems on http:. <html> <head> <script src="notblocked.js"></script> </head> <body></body> </html> After doing some testing, it...