Some websites reopen the current page, focused, in a new tab, replacing the existing page (in the background) with "spam".
Actions:
You're on Site1
You click into the page on Site1
Results:
A new, focused tab is opened - the very page you were on, Site1
Existing (now background) tab is replaced by a "spam" page (be it from the same domain or totally different), Site2
How NoScript plays in...
Say you 'Disable Restrictions for "this tab"' with the intention of doing just that
Results:
Restrictions are disabled for "this tab", but because of the "redirect", "this tab" is now (a potentially totally unrelated), Site2
The foreground tab - of the page that you were initially on, does have defaulted permissions, because it is no longer "this tab", but instead a different tab
So:
NoScript is doing what it is supposed to be doing.
But as far as the user is concerned, it is not, because of the website "trickery" the "concept" of "this tab" changed, & you're now seeing, Site2.
Now granted, the very same would happen if you clicked (a link, or otherwise) in "this tab", & that link also opened Site2 - also in "this tab" - but because of "trickery", because of the redirect, you may not be aware that anything untoward had actually happened...
No, probably not, actually?And as I write this, I remember, dom.popup_allowed_events, which (by nuking its' values) would likely handle this situation?
Anyhow, if NoScript is able to catch a situation like this, & revoke the permissions of "this tab", might help.