InformAction Forums

Verizon wireless homepage, when flash is blocked, attempts to replace the flash navigation header with javascript but is blocked by NS.

1. Is this described in detail somewhere?
2. noscript.inclusionTypeChecking = false has no effect
3. what is noscript.inclusionTypeChecking.checkDynamic for
4. noscript.inclusionTypeChecking.exceptions works

al_9x wrote:Is this described in detail somewhere?

http://noscript.net/changelog#1.9.6.5

al_9x wrote:noscript.inclusionTypeChecking = false has no effect

Fixed, thanks

al_9x wrote:what is noscript.inclusionTypeChecking.checkDynamic

Enables/disables check for URLs which appear to be server-side scripts (i.e. "application/unknown" or textual content type).

Giorgio Maone wrote:

al_9x wrote:Is this described in detail somewhere?

http://noscript.net/changelog#1.9.6.5

Yes, I saw that, but I am looking for a detailed description of the attack scenario this protects against.

al_9x wrote: Yes, I saw that, but I am looking for a detailed description of the attack scenario this protects against.

Trusted site allows public uploads of some kinds of files (usually text, images, PDF documents and so on), but not JS/CSS/HTML for obvious security reasons (some Google properties do, for instance).
An attacker manages to inject a short HTML fragment in another trusted site, like where some_upload.txt is a file he previously uploaded to the public, popular and trusted by many trusted_uploads.com web site.
The upload had been allowed by the site because it was of the "innocuous" txt type (and it's served with the proper text/plain content type, which makes everybody feel safe), but in reality it contains a malicious script which now is much more likely to run than if it was sourced by an obscure and temporary Chinese domain. The inclusionType checks will prevent it from running anyway.