InformAction Forums

NoScripters and WebSec nerds of all lands, unite!
https://forums.informaction.com/

Feature Request: Javascript Hyperlinks

https://forums.informaction.com/viewtopic.php?t=3031

Page 1 of 1

Feature Request: Javascript Hyperlinks

Posted: Fri Oct 30, 2009 2:28 pm
by panic
Clicking on a javascript hyperlink should be treated in the same as clicking on a placeholder. Its rather annoying to have to temporarily enable / reload, just to navigate away from a page. Ideally, the page permissions should not change, and other denied javascript on the page should not run. reuters.com is a decent example. Most articles on the site have a continue link at the bottom that is in javascript.

While acknowledging my complete lack of knowledge on how this stuff works internally, I see the process as follows:
1. trap hyperlink clicks that lead to javascript errors and pop a noscript "temporarily allow" dialog.
2. add javascript to the document (except for naked javascript not in a function), but don't reload, so that unrelated events don't fire.
3. reinject the javascript in the hyperlink
4. remove the js added in step 2.

Re: Feature Request: Javascript Hyperlinks

Posted: Fri Oct 30, 2009 3:54 pm
by therube
I believe this is already done, though not always successfully.

Options | Advanced -> Untrusted => Attempt to fix JavaScript links

In the case of Reuters, the "Continued..." JavaScript link does not get resolved properly, so you then need to Allow reuters.com to continue.

(I can't stand sites that use JavaScript for purposes like that.)

Re: Feature Request: Javascript Hyperlinks

Posted: Sat Oct 31, 2009 12:55 am
by Tom T.
therube wrote:Options | Advanced -> Untrusted => Attempt to fix JavaScript links

In the case of Reuters, the "Continued..." JavaScript link does not get resolved properly, so you then need to Allow reuters.com to continue.
Agree -- I have NoScript configured as therube said, yet I find that frequently, you must Temp Allow the page for the link to work, at many sites besides Reuters. (Guess that's why it says "Attempt" rather than "Fix". ;) )
therube wrote:(I can't stand sites that use JavaScript for purposes like that.)
Nor I. Non-rhetorical question: Do you have any idea *why* they do that? What do they gain as opposed to a simple HTML link?

Code: Select all

<a href="http://www.reuters.com/article/worldNews/idUSTRE59T12H20091030?pageNumber=2&virtualBrandChannel=11621">Continued...</a>
would do just as well, no?

Here it is as a live link in BBCode:
Continued...

I can understand how the link, "View entire article on one page" might use some JS to reformat the page, per some standard template, so that they don't have to do that for each article individually. But *what* is the "benefit" to them of using JS for a simple link to another page? :?:

Unless it's to *force* NS users to allow their scripting, so that more of their ads and other junk can run? :evil:
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited