[RESOLVED, qdmm.com] a bug

[Jsid]

noscript is not compatible with http://www.qdmm.com

exemple: http://www.qdmm.com/BookReader/1662656,28626520.aspx

if noscript's enabled i can't view content( i have already allowed all scripts in qdmm.com)


if noscript's disabled, everything is ok

[Giorgio Maone]

The bug is in the site, which is (rather stupidly) loading a text file (with .txt extension and text/plain mime type) as a script (in fact, it contains JavaScript code):

Code: Select all

 
[NoScript] Blocking cross-site Javascript served from http://files.qidian.com/Author1/1662656/28626520.txt with wrong type info text/plain and included by http://www.qdmm.com/BookReader/1662656,28626520.aspx

NoScript prevents this to be parsed as JavaScript in order to block publicly accessible CMSes to be abused for serving malicious JavaScript by masking them as different types.

If you're OK with this specific site, you can workaround by adding "files.qidian.com" (without quotes, space separated) to your noscript.inclusionTypeChecking.exceptions about:config preference.

[Jsid]

The bug is in the site, which is (rather stupidly) loading a text file (with .txt extension and text/plain mime type) as a script (in fact, it contains JavaScript code):

Code: Select all

 
[NoScript] Blocking cross-site Javascript served from http://files.qidian.com/Author1/1662656/28626520.txt with wrong type info text/plain and included by http://www.qdmm.com/BookReader/1662656,28626520.aspx

NoScript prevents this to be parsed as JavaScript in order to block publicly accessible CMSes to be abused for serving malicious JavaScript by masking them as different types.

If you're OK with this specific site, you can workaround by adding "files.qidian.com" (without quotes, space separated) to your noscript.inclusionTypeChecking.exceptions about:config preference.

thanks, it works