[FIXED] [2.9.5rc24] iFrames are blocked though shouldn't be?

[GH113]

Hello!
I've just noticed NoScript 2.9.0.14 and 2.9.5rc23 behave differently in the same conditions. Nightly 2016-11-13. STR:
Go to https://alogvinov.com/2016/11/rolik-o-s ... zero-dawn/
Allow alogvinov.com
Allow cloudflare.com
Scroll to the bottom of the page, allow disquscdn.com and disqus.com
Reload page, scroll to the bottom - disqus comments are loaded
Go to NS Options - Embeddings - Forbid iFrame, reload the page and scroll to the bottom.

That's where NS2.9.0.14 and NS2.9.5rc23 behave differently: in case with NS2.9.0.14 disqus comments are still loaded, in case with NS2.9.5rc23 disqus comments are no longer loaded though NS settings seem to be the same. Who is right? Is this a bug?

[GH113]

It looks like I found simplier STR:
Install NoScript 2.9.0.14, go to https://vk.com/wall-51189706_74732 , allow vk.com, then go to https://vk.com/wall-51189706_74732 again
Hover the mouse over NoScript icon - there are blob:, mail.ru, vigo.ru, vk-cdn.net, vk.me domains.

Now try to do the same thing with NoScript 2.9.5rc23 - there will be only vk.com and mail.ru domains, all other domains are gone! Is this a bug?

[GH113]

Same problem with youtube, NoScript 2.9.5rc24:
Open https://www.youtube.com/watch?v=0NCk8h5cfFI and hover the mouse over NoScript icon. There should be googlevideo.com domain but it is not listed!
NoScript 2.9.0.14 lists googlevideo.com correctly.

[barbaz]

There should be googlevideo.com domain but it is not listed!
NoScript 2.9.0.14 lists googlevideo.com correctly.

Same issue here with 2.9.5rc27. µMatrix shows googlevideo.com listed for XHR requests.

GH113, how does µMatrix (or similar) display these missing domains for you?

[Giorgio Maone]

Please check latest development build rc29, thank you.

[GH113]

It looks like vk and youtube bug is fixed but NoScript 2.9.5rc29 and NoScript 2.9.0.14 still behave differently on alogvinov.com, same STR: 2.9.0.14 loads disqus comments after blocking iFrames while 2.9.5rc29 does not. Could anyone help me understand what's going on here, please? It seems to me it is a bug in rc29 because "Forbid iFrame" is the restriction for the untrusted sites and disqus.com with disquscdn are whitelisted!

GH113, how does µMatrix (or similar) display these missing domains for you?

It looks like this bug has been fixed but I will try out uMatrix later just in case

[GH113]

I found a better example! STR:
Go to https://twitter.com/ma1
Allow twitter.com and twimg.com
NS Options - Embeddings - check Forbid iFrame, reload the page
Here is how NoScript 2.9.0.14 renders the page: http://i.imgur.com/hB2GvPd.png
And here is how NoScript 2.9.5rc29 renders the page: http://i.imgur.com/edTTHOJ.png
"Hacking team back to your Androids..." is missing!

[Giorgio Maone]

Please check latest development build rc30, thanks.

[GH113]

2.9.5rc31: it looks like both twitter and alogvinov bugs are fixed, that means all the bugs I reported in this thread are fixed! However, I've just come across a new bug, I don't create a new thread because I don't have STR but the idea is the following:
Open webpage example1.com with embedded video loading from example2.com
Allow both example1.com and example2.com, reload the page
Once the video starts playing, wait until the video buffering stops (that's important)
Hover the mouse over the NoScript icon - example2 is missing from the dropdown menu

I don't know if that helps or not, I'll try to find STR in the future!

[barbaz]

I would suggest you start a new thread for that bug. Less clutter that way. Makes it easier to address stuff.

Marking this thread Fixed.

EDIT @GH113 I think I can reproduce that new bug on my local server. I will start a new thread for it and PM you the link.
EDIT2 Done and done.