InformAction Forums

NoScripters and WebSec nerds of all lands, unite!
https://forums.informaction.com/

NOScript filtering bypassed by third-party advertising site

https://forums.informaction.com/viewtopic.php?t=17080

Page 1 of 1

NOScript filtering bypassed by third-party advertising site

Posted: Thu Sep 19, 2013 11:07 pm
by NSUser
I found NoScript filtering being bypassed by a third-party advertising site on this site http://marienkatn.blog.cz/1205/zlin-fest-2012. It seems to be using document.write() using split strings, for example: document.write('<scr' + 'ipt language=javascript>'); etc. to escape detection by ns. Is there any way to configure ns to stop this from happening?

Re: NOScript filtering bypassed by third-party advertising s

Posted: Fri Sep 20, 2013 1:12 am
by therube

Code: Select all

document.write('<scr'+'ipt language="javascript1.1" src="http://adserver.adtech.de/addyn|3.0|1045.1|2439364|0|170|ADTECH;cookie=info;alias=Rectangle_2_Blog.cz_U_Blogs_ostatni-u-blogs;loc=100;target=_blank;sub1=[subst];key=key1+key2+key3+key4;grp='+window.adgroupid+';misc='+new Date().getTime()+'"></scri'+'pt>');
But is it actually something like this that you are seeing, which is not using JavaScript?:

Code: Select all

<noscript><a href="http://adserver.adtech.de/adlink|3.0|1045.1|2439364|0|170|ADTECH;loc=300;alias=Rectangle_2_Blog.cz_U_Blogs_ostatni-u-blogs;key=key1+key2+key3+key4;sub1=[subst]" target="_blank"><img src="http://adserver.adtech.de/adserv|3.0|1045.1|2439364|0|170|ADTECH;cookie=info;loc=300;alias=Rectangle_2_Blog.cz_U_Blogs_ostatni-u-blogs;key=key1+key2+key3+key4" border="0" width="300" height="250" alt="" /></a></noscript>

Re: NoScript filtering bypassed by third-party advertising s

Posted: Fri Sep 20, 2013 6:51 am
by NSUser
Thank you. Yes, that was apparently it. Deselecting "Advanced > Trusted > Show the <NOSCRIPT> element..." in "Options" did the trick.
The ad site "adserver.adtech.de" is not present in the "Allow..."/"Temporarily allow..." menu when <NOSCRIPT> is displayed. It would seem I've misunderstood the boundaries within which NS does its job. It isn't a blanket ad blocker, if indeed there is such a thing.

Re: NOScript filtering bypassed by third-party advertising s

Posted: Fri Sep 20, 2013 6:53 am
by Giorgio Maone
therube wrote: But is it actually something like this that you are seeing, which is not using JavaScript?:
Indeed, there's no script running there, just a static image you can nuke with Adblock Plus or ABE.
NoScript doesn't rely on naive source parsing (unlike Proximitron and similar solutions), therefore it can't be fooled by "tricks" like that.
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited