InformAction Forums

NoScripters and WebSec nerds of all lands, unite!
https://forums.informaction.com/

Google appeared in whitelist after update

https://forums.informaction.com/viewtopic.php?t=19321

Page 1 of 1

Google appeared in whitelist after update

Posted: Sun Mar 02, 2014 6:20 pm
by Google appeared in whitelist after update
I updated NoScript today and it appeared that bloody Google was added to the whitelist! WTF, it is bad enough that on a fresh install so many malware distributors are enabled, but to have these clowns added again? They are the world's biggest advertising company, have they paid you off like they did with Wlad?


Oh yeah, on Google (nee recaptcha) captchas you only have to enter the difficult to read word. So above I have an near illegible sesTalk and a clear KAN, but if I enter sestalk and googleareabunchofspammingwankers then the captcha will think I'm human. Tada:

Oh, FFS: "Ooops, something in your posting triggered my antispam filter...
Please use the "Back" button to modify your content and retry."

Re: Google appeared in whitelist after update

Posted: Sun Mar 02, 2014 6:23 pm
by Guest
Oh, no post edit. Bleh, the anti-spam looks to be underpinned by a spellchecker or similar as trying to post the Google garbage after the captcha was causing the false positive (There is an irony that there appears to be tight control of advertising here, but that philosophy does not seem to be extended to the users and NoScript proper).

Re: Google appeared in whitelist after update

Posted: Sun Mar 02, 2014 9:07 pm
by Giorgio Maone
FYI, this is the code which, on specific version changes (not including anything recent) added items to the whitelist conditionally: if and only if user has already a certain origin there, in order to keep the service/website working after a service/website change:

Code: Select all

  onVersionChanged: function(prev) {
    // update hacks
    var versions = {
      "2.1.1.2rc6": {
        "hotmail.com": "wlxrs.com", // required by Hotmail/Live webmail
        "google.com": "googleapis.com gstatic.com", // required by most Google services and also by external resources
        "addons.mozilla.org": "paypal.com paypalobjects.com" // required for the "Contribute" AMO feature not to break badly with no warning
      },
      
      "2.2.9rc2": {
        "addons.mozilla.org": "persona.org"
      },
      
      "2.4.9rc2": {
        "!browserid.org": "persona.org"
      },
      "2.5.9rc3": {
        "live.com": "gfx.ms afx.ms" // fully Microsoft-controlled (no user content), now required by MS mail services
      },
      "2.6.5.9rc2": {
        "live.com": "sfx.ms" // fully Microsoft-controlled (no user content), now required by MS mail services
      },
      "2.6.6rc5": {
        "live.com": "outlook.com live.net" // fully Microsoft-controlled (no user content), now required by MS mail services
      }
    };
As you can see, there's nothing here adding google.com: if you upgrade from a version below 2.1.1.2rc6 and you already had google.com in your whitelist, you get googleapis.com and gstatic.com added because at a certain point they become required by most Goolge apps, but not viceversa.
Therefore, please watch your WTFs or show us either the code which did it or clear steps to reproduce what we would consider a bug to be fixed.
Otherwise we will just assume you accidentally added Google to your whitelist by yourself.
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited