InformAction Forums

Hello,

I've created a webpage with embedded external css-stylesheet. In the css-file, I defined the image for the cursor.
It doesn't matter if the webpage is whitelisted or not in NoScript, the image for the cursor isn't displaying.
Only if i disable ClearClick in NoScript, the image for the cursor is displaying.

Maybe a Bug?

URL: http://www.truck-trial-modelle.de/
Browser: Firefox 33.1 on Windows+Linux
NoScript: 2.6.9.3

Greetings, Masso

It's the ClearClick setting that is causing it.
If either Untrusted or Trusted are enabled, the cursor fails to change.
No idea why?

NoScript | Options | Advanced -> ClearClick

Try giving the body of that page an id attribute

Why should i change a valid W3C standard, if the problem is created by NoScript?

http://jigsaw.w3.org/css-validator/vali ... g=&lang=en

Because of this.
Actually, upon review, I'm gonna change this countermeasure in the near future: specifying an id won't work anymore, but custom cursors won't be affected unless there's a subdocument embedded in the page.

Giorgio Maone wrote:custom cursors won't be affected unless there's a subdocument embedded in the page.

Personally, I'd like to leave this protection on regardless of subdocument presence. When this change is made, could we please have an about:config-only preference that toggles whether the cursorjacking protection applies to all pages or only pages with subdocuments?

barbaz wrote:

Giorgio Maone wrote:custom cursors won't be affected unless there's a subdocument embedded in the page.

Personally, I'd like to leave this protection on regardless of subdocument presence. When this change is made, could we please have an about:config-only preference that toggles whether the cursorjacking protection applies to all pages or only pages with subdocuments?

OK. Applying it independently from subdocument presence will probably add little or no security, but it's likely to be more efficient (no need to hit the DOM for checking).