I noticed today that inline javascript is being executed on websites that aren't whitelisted. If you however mark the site as untrusted the Javascript will not execute.
You can test it here: http://www.isjavascriptenabled.com/
It should say "No" when the site isn't in the whitelist or in the untrusted list and only "Yes" if you explicitly allow the site.
Running OS X nightly build from: http://hg.mozilla.org/mozilla-central/rev/0d11fce4f845
Inline javascript executing on non whitelisted sites
Inline javascript executing on non whitelisted sites
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:29.0) Gecko/20100101 Firefox/29.0
-
Giorgio Maone
- Site Admin
- Posts: 9524
- Joined: Wed Mar 18, 2009 11:22 pm
- Location: Palermo - Italy
- Contact:
Re: Inline javascript executing on non whitelisted sites
Looks like they pushed https://bugzilla.mozilla.org/show_bug.cgi?id=913734 and didn't even bother to CC me 
I'll try to update ASAP.
In the meanwhile, as a work-around, you can set the noscript.docShellJSBlocking about:config preference to 2.
Fixed in latest development build 2.6.8.8rc2.
In the meanwhile, as a work-around, you can set the noscript.docShellJSBlocking about:config preference to 2.
Fixed in latest development build 2.6.8.8rc2.
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:26.0) Gecko/20100101 Firefox/26.0