Why about:blank if is allowed?

General discussion about the NoScript extension for Firefox
Post Reply
turson
Posts: 6
Joined: Fri Jan 15, 2010 10:04 pm

Why about:blank if is allowed?

Post by turson » Fri Jan 15, 2010 10:18 pm

Hi forumers, yes that question, Why about:blank is enabled in the NoScript's default settings??

PD: For test, I returned to its default settings, after a long time. Is this unwise?
Last edited by turson on Fri Jan 15, 2010 10:28 pm, edited 1 time in total.
Mozilla/5.0 (Windows; U; Windows NT 5.1; es-ES; rv:1.9.1.7) Gecko/20091221 Firefox/3.5.7

User avatar
Giorgio Maone
Site Admin
Posts: 8935
Joined: Wed Mar 18, 2009 11:22 pm
Location: Palermo - Italy
Contact:

Re: Why about:blank if is allowed?

Post by Giorgio Maone » Fri Jan 15, 2010 10:27 pm

Because from time to time a few compatibility issues (mostly if not exclusively with extensions) have surfaced involving about:blank being forbidden, and because there's no security risk associated to having it allowed.
Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.9.1.7) Gecko/20091221 Firefox/3.5.7 (.NET CLR 3.5.30729)

turson
Posts: 6
Joined: Fri Jan 15, 2010 10:04 pm

Re: Why about:blank if is allowed?

Post by turson » Fri Jan 15, 2010 10:48 pm

Mozilla/5.0 (Windows; U; Windows NT 5.1; es-ES; rv:1.9.1.7) Gecko/20091221 Firefox/3.5.7

User avatar
Giorgio Maone
Site Admin
Posts: 8935
Joined: Wed Mar 18, 2009 11:22 pm
Location: Palermo - Italy
Contact:

Re: Why about:blank if is allowed?

Post by Giorgio Maone » Fri Jan 15, 2010 10:56 pm


Irrelevant: for this (and other about:blank-related exploits), JavaScript needs to be enabled on the web page launching the attack (which of course is different than about:blank, an empty page by definition).
Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.9.1.7) Gecko/20091221 Firefox/3.5.7 (.NET CLR 3.5.30729)

turson
Posts: 6
Joined: Fri Jan 15, 2010 10:04 pm

Re: Why about:blank if is allowed?

Post by turson » Fri Jan 15, 2010 11:23 pm

Concerning default options: ¿Why gstatic.com and googlesyndication.com are allowed?
Thanks :!:.
Mozilla/5.0 (Windows; U; Windows NT 5.1; es-ES; rv:1.9.1.7) Gecko/20091221 Firefox/3.5.7

User avatar
Giorgio Maone
Site Admin
Posts: 8935
Joined: Wed Mar 18, 2009 11:22 pm
Location: Palermo - Italy
Contact:

Re: Why about:blank if is allowed?

Post by Giorgio Maone » Fri Jan 15, 2010 11:31 pm

Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.9.1.7) Gecko/20091221 Firefox/3.5.7 (.NET CLR 3.5.30729)

Post Reply