feature rq: intercept at-end javascripts such as "are you su
feature rq: intercept at-end javascripts such as "are you su
feature rq: intercept at-end javascripts such as "are you sure you want to navigate away from this page "
(Yes, I am quite certain, thanks. That's why I tried to leave the page.)
... is a complete pain, mousetrap code in javascript, can be used by any idiot who thinks it's cool to trap you on their page. There's even a script up there on the web for the script-kiddies to annoy us with.
(The mozzila support thread parentId=417592&forumId=1 was closed as "solved", BUT IT PATENTLY IS NOT SOLVED.
Also there are loads of completely useless 'answers' out there, involving disabling things you need, or spuriously blaming innocent products.)
What seems to be required is an intercept of this type of script, something standard popup detectors do not do, because it is basically using "at-end" processing.
In fact, I'd like any such potential 'mousetrap' should be sprung. I just hate when I get stuck on some clown's page, unable even to reach the tabs or navi bar. Nothing works but to restart the box.
Perhaps there is a problem in that some things have a genuine need for an at-end processes. Whether to execute them should be up to me, though, not them.
Over to you, chaps.
(Yes, I am quite certain, thanks. That's why I tried to leave the page.)
... is a complete pain, mousetrap code in javascript, can be used by any idiot who thinks it's cool to trap you on their page. There's even a script up there on the web for the script-kiddies to annoy us with.
(The mozzila support thread parentId=417592&forumId=1 was closed as "solved", BUT IT PATENTLY IS NOT SOLVED.
Also there are loads of completely useless 'answers' out there, involving disabling things you need, or spuriously blaming innocent products.)
What seems to be required is an intercept of this type of script, something standard popup detectors do not do, because it is basically using "at-end" processing.
In fact, I'd like any such potential 'mousetrap' should be sprung. I just hate when I get stuck on some clown's page, unable even to reach the tabs or navi bar. Nothing works but to restart the box.
Perhaps there is a problem in that some things have a genuine need for an at-end processes. Whether to execute them should be up to me, though, not them.
Over to you, chaps.
Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.1.3) Gecko/20090824 Firefox/3.0.6, Ant.com Toolbar 1.2
- Giorgio Maone
- Site Admin
- Posts: 9454
- Joined: Wed Mar 18, 2009 11:22 pm
- Location: Palermo - Italy
- Contact:
Re: feature rq: intercept at-end javascripts such as "are you su
Example page?
Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.9.1.3) Gecko/20090824 Firefox/3.5.3 (.NET CLR 3.5.30729)
Re: feature rq: intercept at-end javascripts such as "are you su
http://listen.grooveshark.com/Giorgio Maone wrote:Example page?
This is probably an innocuous use of this type of thing but I see how it could be put to worse use. It seems like to much power for a website I cannot even close firefox without getting this prompt ... I would have to send a kill signal to avoid this. Sorry if this is not a good example and hopefully I havent missed something simple I can do with noscript.
Thanks for your time
Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.14) Gecko/2009090216 Ubuntu/8.10 (intrepid) Firefox/3.0.14
- Giorgio Maone
- Site Admin
- Posts: 9454
- Joined: Wed Mar 18, 2009 11:22 pm
- Location: Palermo - Italy
- Contact:
Re: feature rq: intercept at-end javascripts such as "are you su
I get redirected to www.mynextmusic.it, and I don't get any confirmation dialog when I exit that page...
Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.9.1.3) Gecko/20090824 Firefox/3.5.3 (.NET CLR 3.5.30729)
Re: feature rq: intercept at-end javascripts such as "are you su
Allowing only Grooveshark and the Flash intro, I didn't even get redirected. Script from mynextmusic showed up in the block list.
No message at all. (Fx 2.0.0.20)
No message at all. (Fx 2.0.0.20)
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.20) Gecko/20081217 Firefox/2.0.0.20
Re: feature rq: intercept at-end javascripts such as "are you su
Well that is very weird. I don't get redirected. Grooveshark is site devoted to providing any music free of charge. It is a project run apparently by university of Florida students. It is controversial and is being sued by one of the major record labels although it is apparently trying to work out a deal with some record labels. The site uses a simple interface which I suppose uses various flash and java scripts ... I dont know much, but with the way you can drag and drop songs in the playlist it makes me think it is AJAX based. This site works great for me and I have never been redirected to anywhere there is a strip along the side that runs advertisements but that is apparently blocked by noscript. I had to allow grooveshark to run scripts for the page and interface to work. If I revoke the permissions to the page I can close the tab without getting this confirmation dialog but if I dont revoke those permissions I get that dialog which just warns you that if you navigate away from the page the music will stop. So ya redirection just doesnt seem like that type of site... dont know what to say?
Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.14) Gecko/2009090216 Ubuntu/8.10 (intrepid) Firefox/3.0.14
- Giorgio Maone
- Site Admin
- Posts: 9454
- Joined: Wed Mar 18, 2009 11:22 pm
- Location: Palermo - Italy
- Contact:
Re: feature rq: intercept at-end javascripts such as "are you su
OK, I managed to see the site by using an US proxy.
Apparently they redirect requests from outside US to similar sites (like in my first attempt).
The site is entirely done in Adobe Flash, and I still get no confirmation warning when leaving it.
Apparently they redirect requests from outside US to similar sites (like in my first attempt).
The site is entirely done in Adobe Flash, and I still get no confirmation warning when leaving it.
Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.9.1.3) Gecko/20090824 Firefox/3.5.3 (.NET CLR 3.5.30729)
Re: feature rq: intercept at-end javascripts such as "are you su
That explains something odd that I noticed in this thread about Google.de. Most of the rest of the page was in light gray, and non-functional, but the search feature worked fine. I had guessed that when it detected a US IP, it deliberately disabled features that would be useful only in Germany or perhaps Europe. Thanks for that unintentional tip.Giorgio Maone wrote:OK, I managed to see the site by using an US proxy.
Apparently they redirect requests from outside US to similar sites (like in my first attempt).
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.20) Gecko/20081217 Firefox/2.0.0.20
Re: feature rq: intercept at-end javascripts such as "are you su
Uhhhh-ohhhGiorgio Maone wrote:OK, I managed to see the site by using an US proxy.
Apparently they redirect requests from outside US to similar sites (like in my first attempt).
The site is entirely done in Adobe Flash, and I still get no confirmation warning when leaving it.
Maybe you have to be playing some music anyways this was just for demo purposes I dont think the website is malicious but now after your test I may have picked up something malicious darn
Screenshot:
Edit: yes I guess you do have to play some music to get the prompt sorry about that
Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.14) Gecko/2009090216 Ubuntu/8.10 (intrepid) Firefox/3.0.14
Re: feature rq: intercept at-end javascripts such as "are you su
What's malicious (other then you have one __h u g e__screen)?
(IOW, I can get that confirmation screen too.)
(IOW, I can get that confirmation screen too.)
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball NoScript FlashGot AdblockPlus
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5pre) Gecko/20091023 SeaMonkey/2.0.1pre
- Giorgio Maone
- Site Admin
- Posts: 9454
- Joined: Wed Mar 18, 2009 11:22 pm
- Location: Palermo - Italy
- Contact:
Re: feature rq: intercept at-end javascripts such as "are you su
OK, surrogate scripts FTW:
- noscript.surrogate.trap.replacement
__defineSetter__("onbeforeunload", function() {}) - noscript.surrogate.trap.sources
@*
Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.9.1.3) Gecko/20090824 Firefox/3.5.3 (.NET CLR 3.5.30729)
Re: feature rq: intercept at-end javascripts such as "are you su
Looks to do it.
Where did you find the 'onbeforeunload'. (I looked through various files for "load" & other terms but didn't find that, or missed it?)
Where did you find the 'onbeforeunload'. (I looked through various files for "load" & other terms but didn't find that, or missed it?)
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball NoScript FlashGot AdblockPlus
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5pre) Gecko/20091023 SeaMonkey/2.0.1pre
- Giorgio Maone
- Site Admin
- Posts: 9454
- Joined: Wed Mar 18, 2009 11:22 pm
- Location: Palermo - Italy
- Contact:
Re: feature rq: intercept at-end javascripts such as "are you su
I suppose it's attached directly from within the Flash applet. Don't you know Flash can do Javascript?
Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.9.1.3) Gecko/20090824 Firefox/3.5.3 (.NET CLR 3.5.30729)
Re: feature rq: intercept at-end javascripts such as "are you su
Found another source for this type of message.
http://mail.live.com/
Log in.
New (as in new message).
Type some text into the message box.
Click the Cancel button.
Unaffected by the above surrogate, though don't know if it should be?
http://mail.live.com/
Log in.
New (as in new message).
Type some text into the message box.
Click the Cancel button.
Code: Select all
Are you sure you want to navigate away from this page?
You're about to throw away this message without sending it.
Press OK to continue, or Cancel to stay on the current page.
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball NoScript FlashGot AdblockPlus
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5pre) Gecko/20091023 SeaMonkey/2.0.1pre