(Had to truncate the line to fit in the subject. Makes it sound more ominous then it may be?)
Bug 656433 - Disallow javascript: and data: URLs entered into the location bar from inheriting the principal of the currently-loaded page
So now just what does that mean?
Kind of understand disallow javascript: & data: URLs.
But what does the "inheriting the principal of the currently-loaded page" part mean?
What can you do now (whatever this facebook exploit is aside) that is good & beneficial that you won't be able to do in the future?
Some of these code fragments that Giorgio & others have posted? Would it affect things like FlashGot's Build Gallery?
Disallow javascript: URLs entered into location bar
Disallow javascript: URLs entered into location bar
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball NoScript FlashGot AdblockPlus
Mozilla/5.0 (Windows NT 6.1; rv:2.0.1) Gecko/20110511 Firefox/4.0.1 SeaMonkey/2.1
Re: Disallow javascript: URLs entered into location bar
You might say that.What can you do now (whatever this facebook exploit is aside) that is good & beneficial that you won't be able to do in the future?
Some of these code fragments that Giorgio & others have posted?
Like, http://forums.informaction.com/viewtopi ... 870#p27870 & http://forums.informaction.com/viewtopi ... 983#p27983
Now that being the case, if you toggle (set to true) noscript.allowURLBarJS, what is the downside?
What is this Facebook exploit?
Are NoScript users affected? Only affected if the current page is Allowed?
Doesn't help me (understand) much more?
Bug 527530 - Social Engineering Issue with "javascript:" URLs
Social Engineering Issue With "javascript:" URLs
I know in days of old, there was a rapidshare hack, where you could use some javascript: to set their countdown counter to 0, bypassing the 60 second wait. That was good.
al's post, javascript: on about:blank not working (allowURLBarJS=true).
So Giorgio was being proactive on this matter, yes?
An understandable explanation, Facebook infested with cut and paste Javascript survey scams.
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball NoScript FlashGot AdblockPlus
Mozilla/5.0 (Windows NT 6.1; rv:2.0.1) Gecko/20110511 Firefox/4.0.1 SeaMonkey/2.1
Re: Disallow javascript: URLs entered into location bar
The bottom line is that they are intending to kill javascript: URIs executed via the urlbar with not even a hidden pref to restore this functionality. Killing advanced features because "average" users don't need or can't handle them is becoming Mozilla MO.
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.17) Gecko/20110420 Firefox/3.6.17
- Giorgio Maone
- Site Admin
- Posts: 9454
- Joined: Wed Mar 18, 2009 11:22 pm
- Location: Palermo - Italy
- Contact:
Re: Disallow javascript: URLs entered into location bar
Using the URL bar as a development and debugging tool to interact with the current web page. Nothing most users do daily.therube wrote:What can you do now (whatever this facebook exploit is aside) that is good & beneficial that you won't be able to do in the future?
No to both.therube wrote: Some of these code fragments that Giorgio & others have posted? Would it affect things like FlashGot's Build Gallery?
Mozilla/5.0 (Windows NT 5.2; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1