possible parsing bug?

Ask for help about NoScript, no registration needed to post
okkiales

possible parsing bug?

Post by okkiales » Fri May 03, 2019 10:17 am

Hi!
during navigation to a site, my attention has been catched by a "blocked site" that was showing a domain with name "https".

Looking at the web page source I found that noscript figured the name out from an embedded script section where it found the following code:
......
function() {
var u='//https://www.maskedname.com/';
_paq.push(['setTrackerUrl', u+'piwik.php']);
......

I'd expect that noscript should only report the domain "www.maskedname.com" and not the "https" part of the string.
I'm not sure if the right domain was found or not as it also appears everywhere in the page source.

Thanks for your attention
Andrea
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:60.0) Gecko/20100101 Firefox/60.0

barbaz
Senior Member
Posts: 9266
Joined: Sat Aug 03, 2013 5:45 pm

Re: possible parsing bug?

Post by barbaz » Fri May 03, 2019 4:27 pm

What you describe is not a NoScript issue. It's a website bug.

The URL of the blocked resource is -

Code: Select all

https://https://www.maskedname.com/piwik.php
Which the browser interprets as -

Code: Select all

https://https//www.maskedname.com/piwik.php
As you can see, the domain of that URL is indeed "https".

The webmaster needs to change the second line of that code snippet, either to this...

Code: Select all

  var u='https://www.maskedname.com/';
... or this -

Code: Select all

  var u='//www.maskedname.com/';

(aside: NoScript 10's behavior in this situation is not what I would expect. I would think NoScript should *not* display "...https" in the popup, instead showing that entry as "https://https", because the domain "https" has no dots and is not a TLD. NoScript Classic behaves as expected.)
*Always* check the changelogs BEFORE updating that important software!
-

Post Reply