Page 2 of 2
Re: Bank of America Logging Me Out Without JS?
Posted: Thu Mar 27, 2014 11:56 am
by therube
Yes, 2.6.8.18rc1.xpi & SeaMonkey 2.26a2 build 20140317013001 are likewise affected.
Re: Bank of America Logging Me Out Without JS?
Posted: Thu Mar 27, 2014 2:42 pm
by therube
> Are you still redirected like that in Gecko 29 if you don't forbid META redirections
> with NoScript, but instead use about:config -> set accessibility.blockautorefresh to true ?
Yes.
noscript.forbidMetaRefresh;false
accessibility.blockautorefresh;true
Re: Bank of America Logging Me Out Without JS?
Posted: Thu Mar 27, 2014 3:29 pm
by therube
And now FF29.0b2 & NoScript 2.6.8.17rc1 redirects!
(I'm confused.)
Re: Bank of America Logging Me Out Without JS?
Posted: Fri Mar 28, 2014 3:27 am
by barbaz
One other thought: Does setting noscript.docShellJSBlocking to 2 in about:config before visiting the bank site make any difference?
(note: last I checked, that has side effects like described
here, except it happens with any non-whitelisted site, not just those marked as Untrusted)
Re: Bank of America Logging Me Out Without JS?
Posted: Fri Mar 28, 2014 12:43 pm
by therube
> Does setting noscript.docShellJSBlocking to 2 in about:config before visiting the
> bank site make any difference?
Made no difference.
Re: Bank of America Logging Me Out Without JS?
Posted: Sun Apr 13, 2014 1:07 pm
by therube
(Not that there's intended to be, but no change with v2.6.8.20rc1.)
Re: Bank of America Logging Me Out Without JS?
Posted: Sun Apr 13, 2014 2:02 pm
by Giorgio Maone
Are all the tabs reloaded when permissions change?
If not, this behavior is easily explained, because while CAPS permissions where applied instantaneously, currently (post-CAPS) permissions are set per-window at load time, therefore in order for the change to be effective you need to reload the page/tab.
What I suppose it happens is that the warning is fired by an idle background tab which has been reloaded when scripts were allowed but never got reloaded after scripts have been forbidden back.
Does it sound likely?
Re: Bank of America Logging Me Out Without JS?
Posted: Sun Apr 13, 2014 6:45 pm
by therube
> Are all the tabs reloaded when permissions change?
The main BoA page you see once you have logged in does not reload, only that page.
Any other BoA tabs, individual accounts, anything in banking, billpay do reload, all the tabs. (I suppose timeout's are different, sooner for Banking as opposed to Online Billpay, as the banking end reload sooner then billpay.)
> you need to reload the page/tab
What I typically do, have done, is that I switch to the first page I see (after logging in), disable JavaScript, then cycle through (but not reload...) the other tabs. That (at least up through SeaMonkey 2.24, FF27) though not necessary, is just the way I'd gone about it. Now, whether I do it or not, the pages will reload.
> then cycle through (but not reload...) the other pages
> > to be effective you need to reload the page/tab
There is now a gotcha with that, cause if it sees JavaScript has been disabled, it throws up the "use JavaScript" dialog, so a reload would be effective:
Re: Bank of America Logging Me Out Without JS?
Posted: Sun Apr 13, 2014 7:53 pm
by Giorgio Maone
Please check
latest development build 2.6.8.20rc2, thank you.
BTW, the different behaviors (CAPS vs 2.6.8.19 vs 2.6.8.20rc2) can be easily observed on
http://evil.hackademix.net/timeout.html
Re: Bank of America Logging Me Out Without JS?
Posted: Mon Apr 14, 2014 10:34 am
by therube
Looking good
.