InformAction Forums

NoScripters and WebSec nerds of all lands, unite!
https://forums.informaction.com/

Inline javascript executing on non whitelisted sites

https://forums.informaction.com/viewtopic.php?t=18724

Page 1 of 1

Inline javascript executing on non whitelisted sites

Posted: Mon Dec 16, 2013 5:05 pm
by d_a
I noticed today that inline javascript is being executed on websites that aren't whitelisted. If you however mark the site as untrusted the Javascript will not execute.

You can test it here: http://www.isjavascriptenabled.com/

It should say "No" when the site isn't in the whitelist or in the untrusted list and only "Yes" if you explicitly allow the site.

Running OS X nightly build from: http://hg.mozilla.org/mozilla-central/rev/0d11fce4f845

Re: Inline javascript executing on non whitelisted sites

Posted: Mon Dec 16, 2013 9:00 pm
by Giorgio Maone
Looks like they pushed https://bugzilla.mozilla.org/show_bug.cgi?id=913734 and didn't even bother to CC me :(
I'll try to update ASAP.
In the meanwhile, as a work-around, you can set the noscript.docShellJSBlocking about:config preference to 2.
Fixed in latest development build 2.6.8.8rc2.
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited