ABE Anon HTTP: from HTTPS: rule breaks iframe blocking

[al_9x]

when the iframe is DNS cached

Code: Select all

Site http:
Anon INC from https:

Load this via https:

Code: Select all

<iframe src="http://example.org"></iframe>

Fx 3.6.12, NS 2.0.5.1

Before http://example.org is DNS cached, everything is fine, the iframe is blocked, the Anon rule is not triggered, and the page has a secure status.

But if http://example.org is loaded first, when loading the test page:

1. you can see the iframe briefly load, then get replaced by the placeholder
2. the iframe request makes it out to the network
3. Anon rule is triggered twice (error console)
4. page ends up with a mixed status

[Giorgio Maone]

Investigating, thanks.

[al_9x]

If the iframe is loaded by ip:

Code: Select all

<iframe src="http://192.0.32.10/"></iframe>

the problem manifests immediately, on first load of the secure page, since no dns caching is needed

[Giorgio Maone]

Fixed in latest development build.

[al_9x]

Fixed in latest development build.

Confirmed, but, when the iframe is included by ip, ABE reacts even though this request never happens. I believe a similar thing happens with the XSS filter, which also reacts to blocked requests. Can you, in these cases, kind of "look ahead" and not bother with requests that will be blocked?

Also, please look at this.

[Giorgio Maone]

Can you, in these cases, kind of "look ahead" and not bother with requests that will be blocked?

Unfortunately no.