(Classic) inclusionTypeChecking doesn't work?

Bug reports and enhancement requests
Post Reply
barbaz
Senior Member
Posts: 9028
Joined: Sat Aug 03, 2013 5:45 pm

(Classic) inclusionTypeChecking doesn't work?

Post by barbaz » Tue May 28, 2019 3:22 am

NoScript 5.1.9rc1
Firefox 56.0.2 or Waterfox 56.2.10
new profile

1) Host a Javascript file with .jsx extension on a server that is NOT configured to serve .jsx with a proper Javascript MIME type (on my server it gets application/octet-stream)

2) On another server (or a different domain on the same server), create a HTML page with a script tag that calls the jsx file on the other domain.

3) In Firefox/Waterfox with NoScript 5.1.9rc1 installed, visit the page from (2)

4) Temporarily allow all this page.

Expected results: The jsx file should be blocked by inclusion type checking.

Actual results: The jsx file is loaded and runs, despite noscript.inclusionTypeChecking being set to true (as it is by default).

No related messages in Browser Console.

EDIT I had created a webext implementation of inclusionTypeChecking that started as a copy-paste of NoScript Classic code, and that does correctly block the jsx - in Waterfox 68. I'm not sure if sending that to Giorgio would suggest anything about what's going on here in NoScript Classic?
*Always* check the changelogs BEFORE updating that important software!
-

Post Reply