memory leak (?) when allowing ebayrtm.com

[Jack Schmidt]

NoScript 5.1.4rc1, FireFox 56.0.2 (64-bit), Win7 Home Premium SP1
webpage: https://www.ebay.com/itm/QUICKLOCK-PIN- ... SwDmBY5nfg
When I deny ebayrtm.com the page loads fine, as far as I know. When I allow ebayrtm.com FireFox's CPU usage goes way up and memory usage goes from about 240k to 500k in a few seconds until I close the browser tab.

Other possibly useful information: bluekai and "demdex0823" (whatever that is) are not in my whitelist.

Browser console output:

Code: Select all

NoScript preferences backup on the WebExtension side  legacy.js:19
can't access dead object  WebRequestCommon.jsm:49
GET https://www.ebay.com/itm/QUICKLOCK-PIN-316-STAINLESS-STEEL-5-16-X-1-S0375-0825/151740382365 [HTTP/2.0 200 OK 0ms]
can't access dead object  WebRequestCommon.jsm:49
POST https://pulsar.ebay.com/plsr/mpe/0/SAND/9 [HTTP/1.1 200 OK 612ms]
can't access dead object  WebRequestCommon.jsm:49
can't access dead object  WebRequestCommon.jsm:49
GET https://ir.ebaystatic.com/rs/v/mocus445uy4fbks5rgpwxwpzjm5.css [HTTP/2.0 200 OK 0ms]
GET https://ir.ebaystatic.com/rs/v/m23le21x1q0ylk3ivevbm3mik2m.css [HTTP/2.0 200 OK 0ms]
GET https://ir.ebaystatic.com/rs/v/qf0enaf03iz0rfwfj1lceclxtal.css [HTTP/2.0 200 OK 0ms]
can't access dead object  WebRequestCommon.jsm:49
GET https://ir.ebaystatic.com/rs/c/templates-css-d6166f.css [HTTP/2.0 200 OK 0ms]
GET https://ir.ebaystatic.com/rs/v/ug5swannj2zhramycvq3mi4mwih.js [HTTP/2.0 200 OK 0ms]
GET https://ir.ebaystatic.com/rs/v/1njzwnf4fu5gbjntdkwllm1jm2e.js [HTTP/2.0 200 OK 0ms]
GET https://ir.ebaystatic.com/rs/v/0ljgcvzqlq5dtku2retglukrcab.js [HTTP/2.0 200 OK 0ms]
GET https://ir.ebaystatic.com/rs/v/qlg21htmryyfzaj5fuml1qe3zun.js [HTTP/2.0 200 OK 0ms]
GET https://ir.ebaystatic.com/rs/c/templates-js-438dd6.js [HTTP/2.0 200 OK 0ms]
GET https://ir.ebaystatic.com/rs/v/fxxj3ttftm5ltcqnto1o4baovyl.png [HTTP/2.0 200 OK 0ms]
can't access dead object  WebRequestCommon.jsm:49
can't access dead object  WebRequestCommon.jsm:49
can't access dead object  WebRequestCommon.jsm:49
GET https://secureir.ebaystatic.com/cr/v/c1/4504_092517_iPhoneDoodle_150x30_FINAL.png [HTTP/2.0 200 OK 0ms]
can't access dead object  WebRequestCommon.jsm:49
GET https://ir.ebaystatic.com/rs/c/collect-widget-init-v1-https-09272017.js [HTTP/2.0 200 OK 0ms]
can't access dead object  WebRequestCommon.jsm:49
GET https://secureinclude.ebaystatic.com/js/v/us/pulsar.js [HTTP/2.0 200 OK 0ms]
can't access dead object  WebRequestCommon.jsm:49
can't access dead object  WebRequestCommon.jsm:49
GET https://secureir.ebaystatic.com/cr/v/c1/ScandalSupportGFA-1.1.52.min.js [HTTP/2.0 200 OK 0ms]
can't access dead object  WebRequestCommon.jsm:49
GET https://rover.ebay.com/roverimp/0/0/9 [HTTP/1.1 200 OK 90ms]
can't access dead object  WebRequestCommon.jsm:49
GET https://srv.main.ebayrtm.com/rtm [HTTP/1.1 200 OK 472ms]
can't access dead object  WebRequestCommon.jsm:49
tab.url is undefined  tabManager.js:96
can't access dead object  WebRequestCommon.jsm:49
GET https://gha.ebay.com/nproxy/notification/v1/bullseye [HTTP/1.1 200 OK 4900ms]
can't access dead object  WebRequestCommon.jsm:49
can't access dead object  WebRequestCommon.jsm:49
can't access dead object  WebRequestCommon.jsm:49
can't access dead object  WebRequestCommon.jsm:49
can't access dead object  WebRequestCommon.jsm:49
XML Parsing Error: no root element found
Location: https://www.ebay.com/nap/napkinapi/v1/ticketing/redeem?ticket=0a42c03905464288b435e9c350e38eb4
Line Number 1, Column 1:  redeem:1:1
GET https://ir.ebaystatic.com/cr/v/c1/1x1.gif [HTTP/2.0 200 OK 0ms]
can't access dead object  WebRequestCommon.jsm:49
GET https://ir.ebaystatic.com/cr/v/c1/thirtysevens.jpg [HTTP/2.0 200 OK 224ms]
demdex0823  151740382365:11
can't access dead object  WebRequestCommon.jsm:49
GET https://ir.ebaystatic.com/cr/v/c1/adobe_short2.js [HTTP/2.0 200 OK 0ms]
can't access dead object  WebRequestCommon.jsm:49
 ------ [ I close the tab somewhere around here ]  -------
Overriding failed (2152398850) redirect callback for 7: https://stags.bluekai.com/site/17001?ret=html&limit=8&btp=1&phint=eid%3D283&phint=tcat%3D42905&phint=bin%3D14.16&phint=iid%3D151740382365&phint=type%3Dvisitor&phint=pid%3D&phint=meta%3D12576&phint=tps%3D&phint=crm%3D&phint=css%3D&phint=cg%3Dbee638af15e0a884a3544061fac7e1db&phint=item%3D%26%23034%3BQUICKLOCK%26%23034%3B+PIN+316+STAINLESS+STEEL+5%2F16%26%23034%3B+X+1%26%23034%3B+%28S0375-0825%29&phint=bread%3D%5BBusiness+%26+Industrial%2C+Fasteners+%26+Hardware%2C+Other+Fasteners+%26+Hardware%5D&phint=kw%3D&phint=lx%3D0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|&phint=ps%3D&phint=btf%3D0:0:0:0:0&phint=btp%3D0:0:0&phint=uid%3D&phint=encuser%3D&phint=fm_segment%3D&phint=list2%3D&phint=pageId%3D2047675&phint=MSD%3D0&phint=rlsa_seg%3D0,0&phint=userlogin%3D11&phint=split%3D1&phint=lp%3D,,,&phint=lb%3D,,, -> https://stags.bluekai.com/site/17001?ret=html&limit=8&btp=1&phint=eid%3D283&phint=tcat%3D42905&phint=bin%3D14.16&phint=iid%3D151740382365&phint=type%3Dvisitor&phint=pid%3D&phint=meta%3D12576&phint=tps%3D&phint=crm%3D&phint=css%3D&phint=cg%3Dbee638af15e0a884a3544061fac7e1db&phint=item%3D%26%23034%3BQUICKLOCK%26%23034%3B+PIN+316+STAINLESS+STEEL+5%2F16%26%23034%3B+X+1%26%23034%3B+%28S0375-0825%29&phint=bread%3D%5BBusiness+%26+Industrial%2C+Fasteners+%26+Hardware%2C+Other+Fasteners+%26+Hardware%5D&phint=kw%3D&phint=lx%3D0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|&phint=ps%3D&phint=btf%3D0:0:0:0:0&phint=btp%3D0:0:0&phint=uid%3D&phint=encuser%3D&phint=fm_segment%3D&phint=list2%3D&phint=pageId%3D2047675&phint=MSD%3D0&phint=rlsa_seg%3D0,0&phint=userlogin%3D11&phint=split%3D1&phint=lp%3D,,,&phint=lb%3D,,, - 2
can't access dead object  WebRequestCommon.jsm:49
POST https://pulsar.ebay.com/plsr/mpe/0/SAND/9 [HTTP/1.1 200 OK 90ms]

[barbaz]

As a test, does disabling NoScript's XSS filter (NoScript Options > Advanced > XSS, un-check both boxes) have any effect on this issue?

If that helps, try re-enabling the XSS filter and adding this exception -

Code: Select all

^https://stags\.bluekai\.com/

This is probably unsafe. So to make it safe, add this in NoScript Options > Advanced > ABE > USER -

Code: Select all

Site .bluekai.com
Deny

This blocks bluekai completely, so that it doesn't matter what the XSS filter does or doesn't do, the bluekai requests will be blocked anyway.

Does it work?

[Jack Schmidt]

Unchecking the two XSS boxes worked. So did re-enabling them, adding the XSS exception and the ABE code.

You nailed it! Really nailed it, in one message.

Thanks!

[barbaz]

You're welcome!

[Huxley123]

Thanks, that seems to have fixed a problem I've been having for a while.

After I applied the changes I was getting a notification popping up each time, unticking ABE notifications has stopped it.
Is the notification just to tell me I have denied Bluekai access, and safe enough to disable?

[barbaz]

After I applied the changes I was getting a notification popping up each time, unticking ABE notifications has stopped it.
Is the notification just to tell me I have denied Bluekai access, and safe enough to disable?

The notification popping up in this case is a bug - https://forums.informaction.com/viewtop ... 23&t=18996

Workaround: change the ABE rule to

Code: Select all

Site .bluekai.com
Deny INC
Deny