10.1.7.5: data:text/html url's scriptable by default

Bug reports and enhancement requests
Post Reply
User avatar
juozas
Junior Member
Posts: 22
Joined: Sat Nov 25, 2017 8:44 am

10.1.7.5: data:text/html url's scriptable by default

Post by juozas » Sat Apr 14, 2018 7:26 am

Entering an arbitrary

Code: Select all

data:text/html
url in url bar, e.g.

Code: Select all

data:text/html, <html><head><title>Hello, World!</title><script>alert("This is scriptable by default");</script></html>
does not disable scripting in it by default. It appears to be like a privilleged page to noscript as shown in it's pop up, as there should be an option to toggle such scripting in settings or temporary in the page or something similar.

Firefox: 59.0.2
NoScript: 10.1.7.5
Last edited by juozas on Sun Apr 15, 2018 5:30 am, edited 2 times in total.
Сделано в СССР
Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:59.0) Gecko/20100101 Firefox/59.0

barbaz
Senior Member
Posts: 9583
Joined: Sat Aug 03, 2013 5:45 pm

Re: 10.1.7.5: data:text/html url's scriptable by default

Post by barbaz » Sat Apr 14, 2018 3:34 pm

Not sure it's technically possible for a WebExtension to block scripts on data: URLs manually entered in address bar.

(NoScript Classic didn't disable scripts on such URLs either, it just blocked them loading and included a about:config pref to allow them.)
*Always* check the changelogs BEFORE updating that important software!
-

User avatar
therube
Ambassador
Posts: 7641
Joined: Thu Mar 19, 2009 4:17 pm
Location: Maryland USA

Re: 10.1.7.5: data:text/html url's scriptable by default

Post by therube » Sun Apr 15, 2018 1:32 pm

(NoScript Classic didn't disable scripts on such URLs either, it just blocked them loading and included a about:config pref to allow them.)
That (javascript: & data: URI blocking) does not look to be working in NoScript 5.x. (in SeaMonkey) ?
It does work with NoScript 2.9.x.
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball NoScript FlashGot AdblockPlus
Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:52.0) Gecko/20100101 Firefox/52.0 SeaMonkey/2.49.3 Lightning/5.4

Post Reply