Hello!
I've just noticed NoScript 2.9.0.14 and 2.9.5rc23 behave differently in the same conditions. Nightly 2016-11-13. STR:
Go to https://alogvinov.com/2016/11/rolik-o-s ... zero-dawn/
Allow alogvinov.com
Allow cloudflare.com
Scroll to the bottom of the page, allow disquscdn.com and disqus.com
Reload page, scroll to the bottom - disqus comments are loaded
Go to NS Options - Embeddings - Forbid iFrame, reload the page and scroll to the bottom.
That's where NS2.9.0.14 and NS2.9.5rc23 behave differently: in case with NS2.9.0.14 disqus comments are still loaded, in case with NS2.9.5rc23 disqus comments are no longer loaded though NS settings seem to be the same. Who is right? Is this a bug?
[FIXED] [2.9.5rc24] iFrames are blocked though shouldn't be?
[FIXED] [2.9.5rc24] iFrames are blocked though shouldn't be?
Last edited by GH113 on Mon Nov 14, 2016 5:09 pm, edited 1 time in total.
Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:52.0) Gecko/20100101 Firefox/52.0
Re: [2.9.5rc23] iFrames are blocked though they shouldn't be
It looks like I found simplier STR:
Install NoScript 2.9.0.14, go to https://vk.com/wall-51189706_74732 , allow vk.com, then go to https://vk.com/wall-51189706_74732 again
Hover the mouse over NoScript icon - there are blob:, mail.ru, vigo.ru, vk-cdn.net, vk.me domains.
Now try to do the same thing with NoScript 2.9.5rc23 - there will be only vk.com and mail.ru domains, all other domains are gone! Is this a bug?
Install NoScript 2.9.0.14, go to https://vk.com/wall-51189706_74732 , allow vk.com, then go to https://vk.com/wall-51189706_74732 again
Hover the mouse over NoScript icon - there are blob:, mail.ru, vigo.ru, vk-cdn.net, vk.me domains.
Now try to do the same thing with NoScript 2.9.5rc23 - there will be only vk.com and mail.ru domains, all other domains are gone! Is this a bug?
Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:52.0) Gecko/20100101 Firefox/52.0
Re: [2.9.5rc23] iFrames are blocked though they shouldn't be
Same problem with youtube, NoScript 2.9.5rc24:
Open https://www.youtube.com/watch?v=0NCk8h5cfFI and hover the mouse over NoScript icon. There should be googlevideo.com domain but it is not listed!
NoScript 2.9.0.14 lists googlevideo.com correctly.
Open https://www.youtube.com/watch?v=0NCk8h5cfFI and hover the mouse over NoScript icon. There should be googlevideo.com domain but it is not listed!
NoScript 2.9.0.14 lists googlevideo.com correctly.
Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:53.0) Gecko/20100101 Firefox/53.0
Re: [2.9.5rc24] iFrames are blocked though they shouldn't be
Same issue here with 2.9.5rc27. µMatrix shows googlevideo.com listed for XHR requests.GH113 wrote:There should be googlevideo.com domain but it is not listed!
NoScript 2.9.0.14 lists googlevideo.com correctly.
GH113, how does µMatrix (or similar) display these missing domains for you?
*Always* check the changelogs BEFORE updating that important software!
-
- Giorgio Maone
- Site Admin
- Posts: 9454
- Joined: Wed Mar 18, 2009 11:22 pm
- Location: Palermo - Italy
- Contact:
Re: [2.9.5rc24] iFrames are blocked though they shouldn't be
Please check latest development build rc29, thank you.
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:49.0) Gecko/20100101 Firefox/49.0
Re: [2.9.5rc24] iFrames are blocked though they shouldn't be
It looks like vk and youtube bug is fixed but NoScript 2.9.5rc29 and NoScript 2.9.0.14 still behave differently on alogvinov.com, same STR: 2.9.0.14 loads disqus comments after blocking iFrames while 2.9.5rc29 does not. Could anyone help me understand what's going on here, please? It seems to me it is a bug in rc29 because "Forbid iFrame" is the restriction for the untrusted sites and disqus.com with disquscdn are whitelisted!
It looks like this bug has been fixed but I will try out uMatrix later just in casebarbaz wrote:GH113, how does µMatrix (or similar) display these missing domains for you?
Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:53.0) Gecko/20100101 Firefox/53.0
Re: [2.9.5rc24] iFrames are blocked though they shouldn't be
I found a better example! STR:
Go to https://twitter.com/ma1
Allow twitter.com and twimg.com
NS Options - Embeddings - check Forbid iFrame, reload the page
Here is how NoScript 2.9.0.14 renders the page: http://i.imgur.com/hB2GvPd.png
And here is how NoScript 2.9.5rc29 renders the page: http://i.imgur.com/edTTHOJ.png
"Hacking team back to your Androids..." is missing!
Go to https://twitter.com/ma1
Allow twitter.com and twimg.com
NS Options - Embeddings - check Forbid iFrame, reload the page
Here is how NoScript 2.9.0.14 renders the page: http://i.imgur.com/hB2GvPd.png
And here is how NoScript 2.9.5rc29 renders the page: http://i.imgur.com/edTTHOJ.png
"Hacking team back to your Androids..." is missing!
Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:53.0) Gecko/20100101 Firefox/53.0
- Giorgio Maone
- Site Admin
- Posts: 9454
- Joined: Wed Mar 18, 2009 11:22 pm
- Location: Palermo - Italy
- Contact:
Re: [2.9.5rc24] iFrames are blocked though they shouldn't be
Please check latest development build rc30, thanks.
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:49.0) Gecko/20100101 Firefox/49.0
Re: [2.9.5rc24] iFrames are blocked though they shouldn't be
2.9.5rc31: it looks like both twitter and alogvinov bugs are fixed, that means all the bugs I reported in this thread are fixed! However, I've just come across a new bug, I don't create a new thread because I don't have STR but the idea is the following:
Open webpage example1.com with embedded video loading from example2.com
Allow both example1.com and example2.com, reload the page
Once the video starts playing, wait until the video buffering stops (that's important)
Hover the mouse over the NoScript icon - example2 is missing from the dropdown menu
I don't know if that helps or not, I'll try to find STR in the future!
Open webpage example1.com with embedded video loading from example2.com
Allow both example1.com and example2.com, reload the page
Once the video starts playing, wait until the video buffering stops (that's important)
Hover the mouse over the NoScript icon - example2 is missing from the dropdown menu
I don't know if that helps or not, I'll try to find STR in the future!
Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:53.0) Gecko/20100101 Firefox/53.0
Re: [2.9.5rc24] iFrames are blocked though they shouldn't be
I would suggest you start a new thread for that bug. Less clutter that way. Makes it easier to address stuff.
Marking this thread Fixed.
EDIT @GH113 I think I can reproduce that new bug on my local server. I will start a new thread for it and PM you the link.
EDIT2 Done and done.
Marking this thread Fixed.
EDIT @GH113 I think I can reproduce that new bug on my local server. I will start a new thread for it and PM you the link.
EDIT2 Done and done.
*Always* check the changelogs BEFORE updating that important software!
-