InformAction Forums

NoScripters and WebSec nerds of all lands, unite!
https://forums.informaction.com/

Always allow some embedded external JS

https://forums.informaction.com/viewtopic.php?t=5005

Page 1 of 1

Always allow some embedded external JS

Posted: Thu Sep 09, 2010 7:42 am
by Robbsie
Hi,

is it possible to ALWAYS allow JS from a given external host, i.e. always allow "google-analytics.com", no matter on what page it's embedded?
Atm it seems that only the browser-url is recognized, so if I open "site.com" with embedded "google-analytics.com" JS via <script src="...">, it does not execute this external JS.

Any ideas how to solve this?

Thanks,
Robert

Re: Always allow some embedded external JS

Posted: Thu Sep 09, 2010 8:02 am
by Giorgio Maone
If the top-level page is not allowed to run scripts, no external script will be loaded and run because the scripting engine is off for that page.
Furthermore, in the Google Analytics specific case, there would be no point in running the external script alone because the analytics are configured and executed by scripts embedded in the page itself.

Re: Always allow some embedded external JS

Posted: Thu Sep 09, 2010 8:31 am
by Robbsie
Thanks,
If the top-level page is not allowed to run scripts, no external script will be loaded and run because the scripting engine is off for that page.
and there is no "hack" for that? :)

Re: Always allow some embedded external JS

Posted: Thu Sep 09, 2010 8:34 am
by Giorgio Maone
Robbsie wrote:Thanks,
If the top-level page is not allowed to run scripts, no external script will be loaded and run because the scripting engine is off for that page.
and there is no "hack" for that? :)
Nope. May I ask you why would you want this?
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited