Page 1 of 1
Issue with code injection when using NS
Posted: Tue Oct 15, 2013 7:22 pm
by namslew
Hi,
I've been using NS for a while without problem but can't seem to figure out why I've just encountered the following problem. I was just visiting the website for
http://www.bothwellcheese.com/about-us/ ... lades.html and by having NS running and blocking scripts it seems to have allowed a few lines of spam to be injected into the page. When scripts are allowed for the page the injected code disappears and the page displays normally. Obviously I'm a novice user and can't seem to figure out if this is a problem on my end or something with their website. The problem also occurs on several other of their pages. Thanks for the help.
Re: Issue with code injection when using NS
Posted: Tue Oct 15, 2013 8:21 pm
by barbaz
The "problem" is on their end. Nothing is being "injected" into the page. That spam is being hidden by a script which is why it goes away with scripts allowed. I have no idea why they would do that however
Re: Issue with code injection when using NS
Posted: Tue Oct 15, 2013 9:16 pm
by namslew
Thanks barbaz. I just wasn't sure if it was a vulnerability on my system that was allowing code to be injected into webpages or something there. And were you asking why they'd use a script to hide the problem rather than solve it?
Re: Issue with code injection when using NS
Posted: Tue Oct 15, 2013 10:00 pm
by barbaz
namslew wrote:were you asking why they'd use a script to hide the problem rather than solve it?
No question intended, I was just trying to say that the whole thing seems really odd and implying that you should be extra careful about what scripts you allow on that site. The
icon is just the closest thing to a "confused" smiley that this board has. Sorry about the misunderstanding.
Re: Issue with code injection when using NS
Posted: Tue Oct 15, 2013 10:06 pm
by namslew
Ahh gotcha. I was rather confused by it also, hence why I asked about it. Again, thanks for your help and for taking the time to answer my question.
Re: Issue with code injection when using NS
Posted: Tue Oct 15, 2013 11:44 pm
by Thrawn
Although this website behavior is somewhat evil, it's actually rather clever! They know that an actual <noscript> element could be detected and neutralised by something like NoScript or an ad-blocker, so they instead put the ad in the page unconditionally, and remove it if you allow JavaScript! I have to tip my hat to their creativity.
The ID of the ad element doesn't seem to change, so you could try using a surrogate script to run the ad-hiding code.
In about:config, add a new string value 'noscript.surrogate.bothwell.sources' set to
and another value 'noscript.surrogate.bothwell.replacement' set to
Code: Select all
if(document.getElementById('bjyhplkvj') != null){document.getElementById('bjyhplkvj').style.display = 'none'; document.getElementById('bjyhplkvj').style.width = '0px'; document.getElementById('bjyhplkvj').style.height = '0px';}
Re: Issue with code injection when using NS
Posted: Sun Oct 20, 2013 10:00 pm
by Thrawn
OK, so it looks like the ID does change after all, and it is different on different pages.
But thus far, it has always been a string of 9 lowercase letters.
Try putting this in 'noscript.surrogate.bothwell.replacement':
Code: Select all
var divs = document.getElementsByTagName('div'); for (var i = 0; i < divs.length; i++) { if (/^[a-z]9$/.test(divs[i].id)) { divs[i].style.display = 'none'; divs[i].style.width = '0px'; divs[i].style.height = '0px'; } }
That seems to catch the spam, and thus far I haven't noticed it breaking anything.