10.1.7.5: data:text/html url's scriptable by default
Posted: Sat Apr 14, 2018 7:26 am
Entering an arbitrary url in url bar, e.g. does not disable scripting in it by default. It appears to be like a privilleged page to noscript as shown in it's pop up, as there should be an option to toggle such scripting in settings or temporary in the page or something similar.
Firefox: 59.0.2
NoScript: 10.1.7.5
Code: Select all
data:text/html
Code: Select all
data:text/html, <html><head><title>Hello, World!</title><script>alert("This is scriptable by default");</script></html>
Firefox: 59.0.2
NoScript: 10.1.7.5