feature rq: intercept at-end javascripts such as "are you su

[bill777]

feature rq: intercept at-end javascripts such as "are you sure you want to navigate away from this page "

(Yes, I am quite certain, thanks. That's why I tried to leave the page.)

... is a complete pain, mousetrap code in javascript, can be used by any idiot who thinks it's cool to trap you on their page. There's even a script up there on the web for the script-kiddies to annoy us with.

(The mozzila support thread parentId=417592&forumId=1 was closed as "solved", BUT IT PATENTLY IS NOT SOLVED.
Also there are loads of completely useless 'answers' out there, involving disabling things you need, or spuriously blaming innocent products.)

What seems to be required is an intercept of this type of script, something standard popup detectors do not do, because it is basically using "at-end" processing.
In fact, I'd like any such potential 'mousetrap' should be sprung. I just hate when I get stuck on some clown's page, unable even to reach the tabs or navi bar. Nothing works but to restart the box.
Perhaps there is a problem in that some things have a genuine need for an at-end processes. Whether to execute them should be up to me, though, not them.

Over to you, chaps.

[Giorgio Maone]

Example page?

[dasbooter]

Example page?

http://listen.grooveshark.com/


This is probably an innocuous use of this type of thing but I see how it could be put to worse use. It seems like to much power for a website I cannot even close firefox without getting this prompt ... I would have to send a kill signal to avoid this. Sorry if this is not a good example and hopefully I havent missed something simple I can do with noscript.
Thanks for your time

[Giorgio Maone]

I get redirected to www.mynextmusic.it, and I don't get any confirmation dialog when I exit that page...

[Tom T.]

Allowing only Grooveshark and the Flash intro, I didn't even get redirected. Script from mynextmusic showed up in the block list.
No message at all. (Fx 2.0.0.20)

[dasbooter]

Well that is very weird. I don't get redirected. Grooveshark is site devoted to providing any music free of charge. It is a project run apparently by university of Florida students. It is controversial and is being sued by one of the major record labels although it is apparently trying to work out a deal with some record labels. The site uses a simple interface which I suppose uses various flash and java scripts ... I dont know much, but with the way you can drag and drop songs in the playlist it makes me think it is AJAX based. This site works great for me and I have never been redirected to anywhere there is a strip along the side that runs advertisements but that is apparently blocked by noscript. I had to allow grooveshark to run scripts for the page and interface to work. If I revoke the permissions to the page I can close the tab without getting this confirmation dialog but if I dont revoke those permissions I get that dialog which just warns you that if you navigate away from the page the music will stop. So ya redirection just doesnt seem like that type of site... dont know what to say?

[Giorgio Maone]

OK, I managed to see the site by using an US proxy.
Apparently they redirect requests from outside US to similar sites (like in my first attempt).
The site is entirely done in Adobe Flash, and I still get no confirmation warning when leaving it.

[Tom T.]

OK, I managed to see the site by using an US proxy.
Apparently they redirect requests from outside US to similar sites (like in my first attempt).

That explains something odd that I noticed in this thread about Google.de. Most of the rest of the page was in light gray, and non-functional, but the search feature worked fine. I had guessed that when it detected a US IP, it deliberately disabled features that would be useful only in Germany or perhaps Europe. Thanks for that unintentional tip.

[dasbooter]

OK, I managed to see the site by using an US proxy.
Apparently they redirect requests from outside US to similar sites (like in my first attempt).
The site is entirely done in Adobe Flash, and I still get no confirmation warning when leaving it.

Uhhhh-ohhh

Maybe you have to be playing some music anyways this was just for demo purposes I dont think the website is malicious but now after your test I may have picked up something malicious darn

Screenshot:




Edit: yes I guess you do have to play some music to get the prompt sorry about that

[therube]

What's malicious (other then you have one __h u g e__screen)?
(IOW, I can get that confirmation screen too.)

[Giorgio Maone]

OK, surrogate scripts FTW:

• noscript.surrogate.trap.replacement
  __defineSetter__("onbeforeunload", function() {})
• noscript.surrogate.trap.sources
  @*

[therube]

Looks to do it.
Where did you find the 'onbeforeunload'. (I looked through various files for "load" & other terms but didn't find that, or missed it?)

[Giorgio Maone]

I suppose it's attached directly from within the Flash applet. Don't you know Flash can do Javascript?

[therube]

Found another source for this type of message.

http://mail.live.com/

Log in.
New (as in new message).
Type some text into the message box.
Click the Cancel button.

Code: Select all

Are you sure you want to navigate away from this page?
You're about to throw away this message without sending it.
Press OK to continue, or Cancel to stay on the current page.

Unaffected by the above surrogate, though don't know if it should be?