[Resolved] ABE thinks JS in bookmarklet is from current page

Discussions about the Application Boundaries Enforcer (ABE) module
JavaSavant

[Resolved] ABE thinks JS in bookmarklet is from current page

Post by JavaSavant » Fri Aug 07, 2015 6:41 pm

I have a bookmarklet that has some javascript in it. ABE blocks it because it thinks it was triggered by the current page.

[ABE] <LOCAL> Deny on {GET http://site.im.going.to.com/some/path/c ... javascript <<< https://site.im.viewing.com/the/page/im/on/there.php - 6}
SYSTEM rule:
Site LOCAL
Accept from LOCAL other.sites.ive.allowed.com site.im.going.to.com
Deny

I can't create a "to" rule, and even if I could I don't think I'd want to. Is there some way to make ABE recognize that a bookmarklet triggered the action, and not the current webpage?
Last edited by barbaz on Mon Aug 10, 2015 12:23 am, edited 2 times in total.
Reason: mark resolved
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0

barbaz
Senior Member
Posts: 9282
Joined: Sat Aug 03, 2013 5:45 pm

Re: ABE thinks Javascript in a bookmarklet is from current p

Post by barbaz » Fri Aug 07, 2015 10:44 pm

Please check the "Do not automatically parse URLs" box below the posting box when submitting "example" links not wrapped in code tags, otherwise the board will linkify them automatically, and neither you nor us know what's on the other end of those links. Thanks

JavaSavant wrote:I can't create a "to" rule, and even if I could I don't think I'd want to. Is there some way to make ABE recognize that a bookmarklet triggered the action, and not the current webpage?

No, and a bookmarklet is technically indistinguishable from the page for ABE, so it has no way to do what you're asking.

So let me make sure I have this straight... you are on some random page (could be any page), and you run a bookmarklet that takes you to a page that's in LOCAL?
Given that it's not possible to tell whether something is requested by a bookmarklet, what other options can you consider?
*Always* check the changelogs BEFORE updating that important software!
-

JavaSavant

Re: ABE thinks Javascript in a bookmarklet is from current p

Post by JavaSavant » Sat Aug 08, 2015 1:08 am

Sorry, I meant to Code it.

The bookmarklet prompts me for data and uses it to construct a URL to a site in our LAN. I have a similar bookmarklet that goes to an external site, and it works fine. It is basically a way to jump directly to a trouble ticket.

Code: Select all

javascript:(function(){location.href='http://trouble/ticket/'+prompt('Enter%20Trouble%20Ticket#:','');})();


If I use this one, I get the above mentioned error.
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0

barbaz
Senior Member
Posts: 9282
Joined: Sat Aug 03, 2013 5:45 pm

Re: ABE thinks Javascript in a bookmarklet is from current p

Post by barbaz » Sat Aug 08, 2015 1:15 am

Can you try put this code in a user script instead, such that it's triggered by a user script menu command, see if that makes a difference?
(I mean like a Greasemonkey / Scriptish user script.)
*Always* check the changelogs BEFORE updating that important software!
-

JavaSavant

Re: ABE thinks Javascript in a bookmarklet is from current p

Post by JavaSavant » Sat Aug 08, 2015 3:04 am

I don't know GreaseMonkey at all. I'm sure I'm not calling the function correctly. I created a new User Script with the Name "Trouble" and the following contents:

Code: Select all

function FindTrouble() {
  location.href='http://trouble/ticket/'+prompt('Enter%20Trouble%20Ticket#:','');
}

I changed my bookmarklet to this:

Code: Select all

javascript:FindTrouble();

But i get the following error:

Code: Select all

ReferenceError: FindTrouble is not defined


I also tried this:

Code: Select all

javascript:Trouble.FindTrouble();

But i get the following error:

Code: Select all

ReferenceError: Trouble is not defined


I removed the function declaration and refreshed a web page, then got into an endless loop going to my page, so it worked, but not how I want. :-D

Is there a way to declare it with a function name and have my bookmarklet call that function, or would that still be considered being executed from the page?
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0

barbaz
Senior Member
Posts: 9282
Joined: Sat Aug 03, 2013 5:45 pm

Re: ABE thinks Javascript in a bookmarklet is from current p

Post by barbaz » Sat Aug 08, 2015 4:32 am

Yeah, as you found out you can't run code defined only in a user script, in a bookmarklet - in order to do that, you'd have to make your custom function a part of some object in the page - and then when you try to run that you'd be back to square one / where you were in the OP.

To make effective use of a user script's privileged position for your use case, you'd need to attach that function to a user script command (menu item) with the GM_registerMenuCommand() function (make sure to @grant it to your user script!); then instead of using a bookmarklet, you would click the menu item in the user script commands menu.

[edited to clarify and expand on some things that I realized I left kind of vague]
*Always* check the changelogs BEFORE updating that important software!
-

JavaSavant

Re: ABE thinks Javascript in a bookmarklet is from current p

Post by JavaSavant » Sat Aug 08, 2015 8:11 pm

Yuck.

IS there a way to write a "to" rule, so ABE doesn't block scripts from redirecting to a certain local address?

I'd rather not disable ABE, but it is starting to look like I will have to.

By the way, thanks for all your help!
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0

barbaz
Senior Member
Posts: 9282
Joined: Sat Aug 03, 2013 5:45 pm

Re: ABE thinks Javascript in a bookmarklet is from current p

Post by barbaz » Sun Aug 09, 2015 11:11 am

JavaSavant wrote:IS there a way to write a "to" rule, so ABE doesn't block scripts from redirecting to a certain local address?

add above the default SYSTEM rule

Code: Select all

Site [local-address-you-dont-want-protected]
Accept


JavaSavant wrote:By the way, thanks for all your help!

You're welcome.
*Always* check the changelogs BEFORE updating that important software!
-

JavaSavant

Re: ABE thinks Javascript in a bookmarklet is from current p

Post by JavaSavant » Mon Aug 10, 2015 12:20 am

I had to put it before my current LOCAL settings,but that worked, thanks again!
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0

barbaz
Senior Member
Posts: 9282
Joined: Sat Aug 03, 2013 5:45 pm

Re: [Resolved] ABE thinks JS in bookmarklet is from current

Post by barbaz » Mon Aug 10, 2015 12:24 am

Image Glad I could help.
*Always* check the changelogs BEFORE updating that important software!
-

Post Reply