Issue with code injection when using NS

[namslew]

Hi,

I've been using NS for a while without problem but can't seem to figure out why I've just encountered the following problem. I was just visiting the website for http://www.bothwellcheese.com/about-us/ ... lades.html and by having NS running and blocking scripts it seems to have allowed a few lines of spam to be injected into the page. When scripts are allowed for the page the injected code disappears and the page displays normally. Obviously I'm a novice user and can't seem to figure out if this is a problem on my end or something with their website. The problem also occurs on several other of their pages. Thanks for the help.

[barbaz]

The "problem" is on their end. Nothing is being "injected" into the page. That spam is being hidden by a script which is why it goes away with scripts allowed. I have no idea why they would do that however

[namslew]

Thanks barbaz. I just wasn't sure if it was a vulnerability on my system that was allowing code to be injected into webpages or something there. And were you asking why they'd use a script to hide the problem rather than solve it?

[barbaz]

were you asking why they'd use a script to hide the problem rather than solve it?

No question intended, I was just trying to say that the whole thing seems really odd and implying that you should be extra careful about what scripts you allow on that site. The icon is just the closest thing to a "confused" smiley that this board has. Sorry about the misunderstanding.

[namslew]

Ahh gotcha. I was rather confused by it also, hence why I asked about it. Again, thanks for your help and for taking the time to answer my question.

[Thrawn]

Although this website behavior is somewhat evil, it's actually rather clever! They know that an actual <noscript> element could be detected and neutralised by something like NoScript or an ad-blocker, so they instead put the ad in the page unconditionally, and remove it if you allow JavaScript! I have to tip my hat to their creativity.

The ID of the ad element doesn't seem to change, so you could try using a surrogate script to run the ad-hiding code.

In about:config, add a new string value 'noscript.surrogate.bothwell.sources' set to

Code: Select all

!www.bothwellcheese.com

and another value 'noscript.surrogate.bothwell.replacement' set to

Code: Select all

if(document.getElementById('bjyhplkvj') != null){document.getElementById('bjyhplkvj').style.display = 'none'; document.getElementById('bjyhplkvj').style.width = '0px'; document.getElementById('bjyhplkvj').style.height = '0px';}

[Thrawn]

OK, so it looks like the ID does change after all, and it is different on different pages.

But thus far, it has always been a string of 9 lowercase letters.

Try putting this in 'noscript.surrogate.bothwell.replacement':

Code: Select all

var divs = document.getElementsByTagName('div'); for (var i = 0; i < divs.length; i++) { if (/^[a-z]9$/.test(divs[i].id)) { divs[i].style.display = 'none'; divs[i].style.width = '0px'; divs[i].style.height = '0px'; } }

That seems to catch the spam, and thus far I haven't noticed it breaking anything.