[RESOLVED] samy.pl bypasses NS content blocking (Java)

Ask for help about NoScript, no registration needed to post
al_9x
Master Bug Buster
Posts: 931
Joined: Thu Mar 19, 2009 4:52 pm

Re: [RESOLVED] samy.pl bypasses NS content blocking (Java)

Post by al_9x »

My profile wasn't totally clean, I narrowed it down to specific settings.

Starting with a new profile:

1) Apply to trusted
2) remove about:blank from whitelist
3) noscript.consoleDump=4
4) load the test page
5) allow it
6) click PI
8) you should get the partial icon with about:blank in the menu, also, the following error, which is probably the cause:

Code: Select all

[NoScript] Error enumerating sites: [Exception... "Component is not available"  nsresult: "0x80040111 (NS_ERROR_NOT_AVAILABLE)"  location: "JS frame :: chrome://noscript/content/Main.js :: anonymous :: line 3784"  data: no],undefined
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
User avatar
Giorgio Maone
Site Admin
Posts: 9454
Joined: Wed Mar 18, 2009 11:22 pm
Location: Palermo - Italy
Contact:

Re: [RESOLVED] samy.pl bypasses NS content blocking (Java)

Post by Giorgio Maone »

al_9x wrote:My profile wasn't totally clean, I narrowed it down to specific settings.
[...]
3) noscript.consoleDump=4
[...]

Code: Select all

[NoScript] Error enumerating sites: [Exception... "Component is not available"  nsresult: "0x80040111 (NS_ERROR_NOT_AVAILABLE)"  location: "JS frame :: chrome://noscript/content/Main.js :: anonymous :: line 3784"  data: no],undefined
It's a side effect of logging itself.
The LiveConnect interception adds a dummy applet to the page and removes its immediately, in order to trigger the content policy and cause the "Blocked Sites" menu to be populated.
Since the applet has already been disconnected from the document by the time the site enumeration code is hit, when its cached reference gets logged its toSource() method fails because of some property (don't ask me which) not being available anymore.

I'm working around this by simply enclosing the logging code in a try {} cacth {} block, since this is quite an edge case.
Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.9.2.12) Gecko/20101026 Firefox/3.6.12
User avatar
Giorgio Maone
Site Admin
Posts: 9454
Joined: Wed Mar 18, 2009 11:22 pm
Location: Palermo - Italy
Contact:

Re: [RESOLVED] samy.pl bypasses NS content blocking (Java)

Post by Giorgio Maone »

Giorgio Maone wrote: It's a side effect of logging itself.
[...]
I'm working around this by simply enclosing the logging code in a try {} cacth {} block, since this is quite an edge case.
Fixed in latest development build.
Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.9.2.12) Gecko/20101026 Firefox/3.6.12
Post Reply