[RESOLVED] Allow IFRAME vom specifc site on other site?

Discussions about the Application Boundaries Enforcer (ABE) module
NoScrUser
Posts: 6
Joined: Tue Feb 26, 2013 10:04 am

[RESOLVED] Allow IFRAME vom specifc site on other site?

Post by NoScrUser » Tue Feb 26, 2013 10:14 am

If I try to add a cover picture for an music album on musicbrainz.org with this url
and then choose a local saved *.jpg and type 'Front' and finally click on the button 'Enter Edit' to upload the picture, I always get a placeholder symbol for the IFRAME.

Whatever I try to setup in the ABE -> USER -> Rules, like
# CoverArt-Archiv allow rule
Site .musicbrainz.org
# the above is shortcut for *.musicbrainz.org
Accept ALL from .archive.org
Deny

I can't get it working on the first try. If I click on the placeholder-symbol and enter the informations a second time, the cover will be added without problems.

Could please someone tell me, how the ABE rule must be defined to allow the IFRAME from *.archive.org for the musicbrainz.org website only?
Last edited by Giorgio Maone on Thu Feb 28, 2013 11:48 am, edited 2 times in total.
Reason: Fixed truncated link
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:19.0) Gecko/20100101 Firefox/19.0

User avatar
Thrawn
Senior Member
Posts: 3106
Joined: Mon Jan 16, 2012 3:46 am
Location: Australia
Contact:

Re: Allow IFRAME vom specifc site on other site?

Post by Thrawn » Tue Feb 26, 2013 10:37 am

Nice try, and good on you for tackling ABE. As often happens, the rule that you are trying to use is backward.

ABE is request-oriented, not resource-oriented. 'Allow from example.com' does not mean 'allow resources from example.com to load', it means 'allow requests originating from example.com'. So, your rule should look like this:

Code: Select all

Site .archive.org
Accept from .musicbrainz.org
Deny

Ie 'requests sent to archive.org (and subdomains) will be allowed only if they come from musicbrainz.org (and subdomains)'

Well done for using the leading dot wildcard, though. Many people overlook it and use an asterisk instead, which isn't quite the same.
Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:19.0) Gecko/20100101 Firefox/19.0

NoScrUser
Posts: 6
Joined: Tue Feb 26, 2013 10:04 am

Re: Allow IFRAME vom specifc site on other site?

Post by NoScrUser » Tue Feb 26, 2013 10:56 am

Thank you very much for the fast answer!

Unfortunately, there must be something else stopping me to be successfull at the first try to upload a cover picture.
The IFRAME placeholder appears with your suggestion too.

What could that be?
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:19.0) Gecko/20100101 Firefox/19.0

User avatar
Thrawn
Senior Member
Posts: 3106
Joined: Mon Jan 16, 2012 3:46 am
Location: Australia
Contact:

Re: Allow IFRAME vom specifc site on other site?

Post by Thrawn » Tue Feb 26, 2013 11:06 am

Have you allowed musicbrainz.org and archive.org on the regular NoScript menu?
Which sites are still blocked?
Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:19.0) Gecko/20100101 Firefox/19.0

NoScrUser
Posts: 6
Joined: Tue Feb 26, 2013 10:04 am

Re: Allow IFRAME vom specifc site on other site?

Post by NoScrUser » Tue Feb 26, 2013 11:18 am

I have doublechecked my Whitelist ("Positivliste"). Both 'archive.org' and 'musicbrainz.org' are included.
(-> If I type the adresses in the URL-field, the button "Allow" change its status to disabled)

If I hoover over the placeholder, I get:
<IFRAME>, unknown@http://mbid-8cbac5aa-4211-44d0-8c75-0d380b8f7ca5.s3.us.archive.org/

The only thing changing is the number between mbid- and s3.us.archive.org.

What should I do?
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:19.0) Gecko/20100101 Firefox/19.0

User avatar
Thrawn
Senior Member
Posts: 3106
Joined: Mon Jan 16, 2012 3:46 am
Location: Australia
Contact:

Re: Allow IFRAME vom specifc site on other site?

Post by Thrawn » Tue Feb 26, 2013 10:55 pm

Under Options-Embeddings, have you enabled 'Apply these restrictions to whitelisted sites too'?
Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:19.0) Gecko/20100101 Firefox/19.0

NoScrUser
Posts: 6
Joined: Tue Feb 26, 2013 10:04 am

Re: Allow IFRAME vom specifc site on other site?

Post by NoScrUser » Tue Feb 26, 2013 11:12 pm

Yes, "Diese Einschränkungen auch auf vertrauenswürdige Websites anwenden" is enabled.
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:19.0) Gecko/20100101 Firefox/19.0

User avatar
Thrawn
Senior Member
Posts: 3106
Joined: Mon Jan 16, 2012 3:46 am
Location: Australia
Contact:

Re: Allow IFRAME vom specifc site on other site?

Post by Thrawn » Wed Feb 27, 2013 4:51 am

That's your trouble, then. You've told NoScript to give you a placeholder even on whitelisted sites, so naturally you will get a placeholder.

You can either:
  • uncheck this box, so trusted sites won't have placeholders; or
  • exclude IFRAME from this by unchecking the IFRAME box in Options-Embeddings; or
  • edit noscript.allowedMimeRegExp in about:config to allow IFRAME only at musicbrainz.org. If you don't understand how to do this one, then don't try...
Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:19.0) Gecko/20100101 Firefox/19.0

NoScrUser
Posts: 6
Joined: Tue Feb 26, 2013 10:04 am

Re: Allow IFRAME vom specifc site on other site?

Post by NoScrUser » Wed Feb 27, 2013 10:12 am

Thank you for the options!
Thrawn wrote:
  • edit noscript.allowedMimeRegExp in about:config to allow IFRAME only at musicbrainz.org.
Could you please help me with the matching regular expression?

My attempts (according to
If you want to match any frame (IFRAMEs or FRAMEs) independently of its actual MIME content type, you can use the FRAME pseudo content type. For any web font, instead, you can use the FONT pseudo content type. For example, setting the noscript.allowedMimeRegExp preference value to "FRAME@https?://somesite\.com FONT@https?://some-other-site\.com" will permanently allow any FRAME/IFRAME load from somesite.com and any web font load from some-other-site.com
with:

Code: Select all

FRAME@https?://archive\.org
or

Code: Select all

FRAME@http://archive.org
don't work.

This one

Code: Select all

*@http://archive.org
would allow what I want, just a little bit to wide "open" with the asterix.

How do I have to restrict the expression for IFRAME (or application/x-unknown or both)?
Image
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:19.0) Gecko/20100101 Firefox/19.0

Tom T.
Field Marshal
Posts: 3620
Joined: Fri Mar 20, 2009 6:58 am

Re: Allow IFRAME vom specifc site on other site?

Post by Tom T. » Thu Feb 28, 2013 6:19 am

Please try

Code: Select all

application/x-unknown <IFRAME> / http://*.s3.us.archive.org

or

Code: Select all

application/x-unknown <IFRAME>@http://*\.s3\.us\.archive\.org/*

The final wildcard may or may not be necessary.
If IFRAME doesn't work, substitute FRAME, but I seem to remember once having created an effective rule with IFRAME as the pseudo-MIME type.
Mozilla/5.0 (Windows NT 5.1; rv:19.0) Gecko/20100101 Firefox/19.0

NoScrUser
Posts: 6
Joined: Tue Feb 26, 2013 10:04 am

Re: Allow IFRAME vom specifc site on other site?

Post by NoScrUser » Thu Feb 28, 2013 9:31 am

Both suggestions works fine.

Thank you very much for your help, problem is solved!
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:19.0) Gecko/20100101 Firefox/19.0

Tom T.
Field Marshal
Posts: 3620
Joined: Fri Mar 20, 2009 6:58 am

Re: [RESOLVED] Allow IFRAME vom specifc site on other site?

Post by Tom T. » Fri Mar 01, 2013 6:40 am

You're very welcome.
Image
Mozilla/5.0 (Windows NT 5.1; rv:19.0) Gecko/20100101 Firefox/19.0

barbaz
Senior Member
Posts: 9280
Joined: Sat Aug 03, 2013 5:45 pm

Re: [RESOLVED] Allow IFRAME vom specifc site on other site?

Post by barbaz » Fri Aug 28, 2015 1:31 am

Sorry to bring up this old thread again, but the allowedMimeRegExp suggestions given here are dangerous & not what is expected, & given https://forums.informaction.com/viewtopic.php?f=7&t=21206 I feel the need to clarify what they are really doing.
Tom T. wrote:

Code: Select all

application/x-unknown <IFRAME> / http://*.s3.us.archive.org

This one is Allowing:
1) embeddings with a MIME type "application/x-unknown" on *all* sites,
2) embeddings with a MIME type "<IFRAME>" on *all* sites,
3) (I think) embeddings with a MIME type "/" (or is it an implicit */* ? I don't think so but not totally sure) on *all* sites, and
4) embeddings with a MIME type "http://*.s3.us.archive.org" on *all* sites.

Tom T. wrote:

Code: Select all

application/x-unknown <IFRAME>@http://*\.s3\.us\.archive\.org/*

Here again is Allowing same as (1) above, but additionally is Allowing all embeddings with MIME type "<IFRAME>" from all sites that match the regex "http://*\.s3\.us\.archive\.org/*" - i.e. http:/ followed by 0 or more / followed by ".s3.us.archive.org" followed by 0 or more /

Even despite the fact that "<IFRAME"> isn't a valid MIME type nor is it a pseudo-type usable in allowedMimeRegExp, in practice the <IFRAME> portion of this suggestion would not Allow anything on any site, because out of a URL like http://example.net/test/foo, only the "http://example.net" (called the "site") part is matched against, and as no domain starts with a . the pattern thus cannot match a valid site.



Here's a better link to the screenshot, as the link landing page isn't working for me:

Code: Select all

http://imagizer.imageshack.us/v2/900x600q90/16/noscriptmbiframe.png

The following suggestion for allowedMimeRegExp will probably work in this case & is not counter-intuitive in any way:

Code: Select all

FRAME@https?://mbid-[0-9a-f-]+\.s3\.us\.archive\.org



Bye
*Always* check the changelogs BEFORE updating that important software!
-

Post Reply