InformAction Forums

Posted: **Sun May 08, 2016 2:12 am**

Hi,

in the website http://home.arcor.de/stabil_baukasten_m ... index.html

a script http://static.plista.com/home.arcor.de_v1.js

is obviously not blocked.

I can see it only indirectly. If an adblocker (here adblock plus)
is active the display of the html file ist empty, white.
If I disable the adblock plus and reload the html file,
the display is ok.

Thank you.

Posted: **Sun May 08, 2016 5:10 am**

Site seems to work fine here with all scripts blocked AFAICT (I can't read the German so not 100% sure). Same if I Allow the top-level site.
Using both NoScript & uBlock Origin enabled.
(There is one 3rd-party <script> source on that site, it goes away when Allow the top-level site, but this is seemingly because the source code is such that those <script> element ends to be enclosed in <noscript> tag

)

I'm not seeing anything there go empty or white.

Not clear what you're asking, sorry. You do realize this is NoScript forum and not ABP forum right?

Posted: **Sun May 08, 2016 2:42 pm**

Code: Select all

<noscript>
<!-- --><BODY bgcolor="#ffffff"><!-- --><script src="http://static.plista.com/home.arcor.de_v1.js" type="text/javascript"></script>

<H2>Ihr Browser unterstützt keine Frames. Verwenden Sie den MS
Internet Explorer ab Version 5 oder den Firefox.</H2>
</noscript>

So is this code actually running - when arcor.de is not allowed?
Is it expected to be (because of the particular coding style in this case)?

Per the code, should "Ihr Browser unterstützt keine Frames. Verwenden Sie den MS
Internet Explorer ab Version 5 oder den Firefox." be displayed on the web page if JavaScript is blocked? (It does not.)

I can get the message to show if I block Frames (in Off By One Web Browser).

Posted: **Sun May 08, 2016 3:16 pm**

therube wrote:So is this code actually running - when arcor.de is not allowed?
Is it expected to be (because of the particular coding style in this case)?

Well, given that <noscript> elements are only shown when JavaScript is disabled or unsupported, and the contents of <noscript> elements made to plain text and hidden when JavaScript is enabled...

therube wrote:Per the code, should "Ihr Browser unterstützt keine Frames. Verwenden Sie den MS
Internet Explorer ab Version 5 oder den Firefox." be displayed on the web page if JavaScript is blocked? (It does not.)

You are getting correct/expected behavior. That should only display if your browser has no support for frames.

Posted: **Sun May 08, 2016 3:22 pm**

(Oh, and speaking of Adblock Plus and frames support...)

https://hg.adblockplus.org/adblockplus/file/3d6cba98fba5/lib/ui.js#l608 wrote: // Some people actually switch off browser.frames.enabled and are surprised
// that things stop working...

Posted: **Sun May 08, 2016 4:24 pm**

You are getting correct/expected behavior. That should only display if your browser has no support for frames.

Yes, blocking frames does cause it to display.
But should it display if JavaScript is blocked?
Again, it does not?
Now why not?

Code: Select all

<noscript>
<H2>Ihr Browser unterstützt keine Frames. Verwenden Sie den MS
Internet Explorer ab Version 5 oder den Firefox.</H2>
</noscript>

Now I put that into "blocked or not.html", & open blocked or not.html", then I either get or not, the message depending on whether I've allowed file: or not.

So if that is working as expected, locally from a html file, then why, when JavaScript is blocked, does that (similar) code (message) not display on the arcor.de website?

given that <noscript> elements are only shown when JavaScript is disabled or unsupported,

Yes, I understand that.

and the contents of <noscript> elements made to plain text and hidden when JavaScript is enabled...

Not quite following?
If JavaScript is enabled, <noscript> elements should not be effected, so the call to plista.com should not be (at least not from that point in the code, could be, possibly elsewhere).

"Hidden".
Hidden how? From display on the browser screen? Sure.

Now back to plista.com.
If JavaScript is disabled, the <noscript> element should kick in, & then what?
plista.com should get called?
And if called, should JavaScript from plista.com get run?

I don't see where plista.com is being called - at all?
(At last not seeing it in Browser Console -> Net)

browser.frames.enabled

Didn't realize you could (used to be able to) disable it, Last Comment Bug 1013457 - Remove the browser.frames.enabled pref.

Posted: **Sun May 08, 2016 5:43 pm**

therube wrote:So if that is working as expected, locally from a html file, then why, when JavaScript is blocked, does that (similar) code (message) not display on the arcor.de website?

I think it's because the <frameset> element on that page overwrites the content, and your local file doesn't have a <frameset>.

therube wrote:If JavaScript is enabled, <noscript> elements should not be effected,

They are affected - if JavaScript is enabled, the entire contents of <noscript> elements is interpreted to be plain-text, not HTML.

therube wrote:"Hidden".
Hidden how? From display on the browser screen?

Exactly.

therube wrote:Now back to plista.com.
If JavaScript is disabled, the <noscript> element should kick in, & then what?
plista.com should get called?
And if called, should JavaScript from plista.com get run?

I don't see where plista.com is being called - at all?
(At last not seeing it in Browser Console -> Net)

If JavaScript is disabled, the <noscript> element kicks in and.. er.. tries to add JavaScript, so nothing happens.
If JavaScript is enabled, the <noscript> element is hidden and, again, its contents is plain text - so basically it becomes equivalent to something like this:

Code: Select all

<span style="display:none;">blah blah content
<script src="hxxxx://whatever.si.te/blah/blah.js"></script>
blah blah content</span>

Either way, it's neutralised, so plista.com should never actually get called.

Posted: **Fri May 13, 2016 9:07 am**

Thank you all for your help.

You need some more info.
Take
http://home.arcor.de/stabil_baukasten_m ... ndere.html
You can see, that the problem has nothing to do with frames.

Have a look at the htmlcode. This code is created by arcor.de.

Code: Select all

  <title>Walther's andere Systeme</title><noscript>
</head><!-- --><body><!-- --><script src="http://static.plista.com/home.arcor.de_v1.js" type="text/javascript"></script>

  <a name="obex"></a></noscript><a name="oben"></a>

The original code is

Code: Select all

</head>
<body>
  <a name="obex"></a></noscript><a name="oben"></a>

The noscript tags were a first help to avoid, that the script was called.
And it worked for some time.

In the script the adblock plus is searced, specially with Firefox.
See lines 290 to 292 in static.plista.com/home.arcor.de_v1.js
Here their code in pretty print

Code: Select all

      PLISTA.adblockdetect = function () {
        var a = document.createElement('a'),
            d = document.createElement('div'),
            result = false,
            style;
        try {
          d.className = 'plistaList';
          a.className = 'itemLinkPET';
          a.href = 'ht' + 'tp://click.plista.com/pets/abp';
          a.style.display = 'block';
          a.innerHTML = ' ';
          d.appendChild(a);
          document.body.appendChild(d);
          style = window.getComputedStyle(a, null);
          if (style.display === 'none') {
            result = true;
          } else if (style.MozBinding && style.MozBinding.match(/url\("about:(abp|sab)/)) {
            result = true;
          }
        } catch (e) {}
        if (d.parentNode) {
          d.parentNode.removeChild(d);
        }
        return result;
      };

I checked the display of http://home.arcor.de/stabil_baukasten_modelle
with the adblocker "uBlock Origin" enabled and the site is displayed properly.
The plista people are only checking for abp or sab.

If I open the html file
http://home.arcor.de/stabil_baukasten_m ... ndere.html
and activate Firebug(F12 key) in firefox and double click the <body> tag
then some styles are displayed, which are not from the website :

Code: Select all

body:not([id]) { cursor: auto !important; }
body { display: none !important; }

The last of them makes the display white.

Their origial code is

Code: Select all

data:text/css;charset=utf8,body%3Anot([id]) { cursor%3A auto !important } .__noscriptOpaqued__ { opacity%3A 1 !important%3B visibility%3A visible%3B filter%3A none !important } iframe.__noscriptOpaqued__ { display%3A block !important%3B } object.__noscriptOpaqued__%2C embed.__noscriptOpaqued__ { display%3A inline !important } .__noscriptJustOpaqued__ { opacity%3A 1 !important } .__noscriptScrolling__ { overflow%3A auto !important%3B min-width%3A 52px !important%3B min-height%3A 52px !important } .__noscriptNoScrolling__ { overflow%3A hidden !important } .__noscriptHidden__ { visibility%3A hidden !important } .__noscriptBlank__ { background-color%3A white !important%3B color%3A white !important%3B border-color%3A white !important%3B background-image%3A none !important }

and

Code: Select all

data:text/css,.image > body{display%3A none !important%3B}%0A.teaserArea > body{display%3A none !important%3B}%0Abody{display%3A none !important%3B}

The last code causes the display going white.
If I disable adblock plus, this last code is not to be seen in Firebug.

So I am sure, that there is a means created by the plista people to run
their script, even if I do not allow arcor.de and plista.com in Noscript.

There is also a script arcor.js, which was - as I think - not called :

Code: Select all

<script type="text/javascript">
(function () {
        var file = "home.arcor.de_v1.js";
        var host = (("http:" === document.location.protocol) ?
                "http://static.plista.com/" :
                "https://plista.s3.amazonaws.com/");
        document.write(unescape("%3Cscript src='" + host + file +
                 "' type='text/javascript'%3E%3C/script%3E"));
}());
</script>

Posted: **Fri May 13, 2016 2:09 pm**

Cannot reproduce something going white on that second page.

Those data:text/css,... are from your Firefox extensions. The first one is from NoScript. The second one would appear to be from Adblock Plus itself.

This is what happens to the plista script there when scripts are Allowed:

Code: Select all

<noscript>
</head><!-- --><body><!-- --><script src="http://static.plista.com/home.arcor.de_v1.js" type="text/javascript"></script>

  <a name="obex"></a></noscript>

It can never run, same as at your first link.

rv12P2000 wrote:In the script the adblock plus is searced, specially with Firefox.
See lines 290 to 292 in static.plista.com/home.arcor.de_v1.js

That code would detect uBlock Origin but not in such a way that uBlock Origin can be positively identified as such, only that something in the browser is there blocking stuff. It does however explicitly detect Adblock Plus and "sab" as such.

rv12P2000 wrote:So I am sure, that there is a means created by the plista people to run
their script, even if I do not allow arcor.de and plista.com in Noscript.

So I am sure, that _if_ there is a means created by the plista people to always run their script, that it's hiding among your browser extensions.

rv12P2000 wrote:There is also a script arcor.js, which was - as I think - not called :

That script is not present in nor called by the page.

Posted: **Wed May 18, 2016 9:26 am**

Thank you, barbaz, for your foundamental help.

The error was caused by Adblock Plus, because there was
an error in the Easylist.

arcor.de or plista are NOT the creator of the problem.

Posted: **Wed May 18, 2016 9:34 am**

the wrong filter (easylist germany)

Code: Select all

arcor.de##[-abp-properties='margin-left: 10px; margin-right: 10px;']

the css property filters aren't supported by ubo
the same filters aren't listed by "blockable items list" in ABP for FF or the filters panel in ABP for chrome

see
https://forums.lanik.us/viewtopic.php?p=93932#p93932

Posted: **Wed May 18, 2016 11:33 am**

@stabi: You're welcome!

@ajaxmix: nice find, thank you for clearing that up

InformAction Forums

[Unrelated] a not-blocked script

[Unrelated] a not-blocked script

Re: a not-blocked script

Re: a not-blocked script

Re: a not-blocked script

Re: a not-blocked script

Re: a not-blocked script

Re: a not-blocked script

Re: a not-blocked script

Re: a not-blocked script

Re: [Unrelated] a not-blocked script

Re: [Unrelated] a not-blocked script

Re: [Unrelated] a not-blocked script