Website injecting and executing javascript inside url bar.
Posted: Sun Jan 29, 2017 9:41 am
Came across this problematic JavaScript code on a certain website:
http://pastebin.com/sMsYxL3s
From what I can tell, it's some kind of obfuscated fingerprinting script that, upon execution, generates a fingerprint hash and executes the following code on a new page:
I realize that NoScript prevents people from running "javascript:" urls, but it doesn't completely disable this behavior. It can be bypassed via bookmarks, etc.
Is there any way we could perhaps add a means to completely disable this behavior? I personally don't see any legitimate reason for this behavior outside of development, especially if it originates from a remote website.
http://pastebin.com/sMsYxL3s
From what I can tell, it's some kind of obfuscated fingerprinting script that, upon execution, generates a fingerprint hash and executes the following code on a new page:
Code: Select all
javascript:window.opener=null;setTimeout(function(){window.location.href='http://onderlea.info/*insert_encoded_fingerprint_hash*'},250)Is there any way we could perhaps add a means to completely disable this behavior? I personally don't see any legitimate reason for this behavior outside of development, especially if it originates from a remote website.