Re: !@ surrogate not running on iframe when js is enabled
Posted: Thu Aug 12, 2010 8:54 pm
Not that I know.al_9x wrote:Is there a reliable way to detect this url inheriting to avoid executing the surrogate?
NoScripters and WebSec nerds of all lands, unite!
https://forums.informaction.com/
Not that I know.al_9x wrote:Is there a reliable way to detect this url inheriting to avoid executing the surrogate?
Surely it's possible to detect that a frame is written rather than navigated, and by whom? If you don't think it's worth pursuing, I am not going to argue, but could you explain it a bit more?Giorgio Maone wrote:Not that I know.al_9x wrote:Is there a reliable way to detect this url inheriting to avoid executing the surrogate?
Probably I could watch for network traffic and associate it somehow to the creation of the new JS global (no traffic = document.write), but it would be far from trivial (different contexts, different notification sources and different lifecycles) and probably pointless, since I can see more reasons for executing surrogates in such a case, rather than precluding this possibility.al_9x wrote:Surely it's possible to detect that a frame is written rather than navigated, and by whom?
Code: Select all
user_pref("noscript.surrogate.hotmail_ad.sources", "!@.mail.live.com/mail/InboxLight.aspx");
user_pref("noscript.surrogate.hotmail_ad.replacement", "var ad_div = document.getElementById('SkyscraperContent'); if (ad_div) ad_div.parentNode.removeChild(ad_div); var class_div = document.getElementById('contentRight'); if (class_div) class_div.classList.remove('WithSkyscraper'); if (typeof InboxPage !== 'undefined') InboxPage.hasSkyscraper = false;");