Page 1 of 1
[RESOLVED, qdmm.com] a bug
Posted: Thu Feb 17, 2011 4:42 am
by Jsid
noscript is not compatible with
http://www.qdmm.com
exemple:
http://www.qdmm.com/BookReader/1662656,28626520.aspx
if noscript's enabled i can't view content( i have already allowed all scripts in qdmm.com)
if noscript's disabled, everything is ok
Re: a bug
Posted: Thu Feb 17, 2011 9:23 am
by Giorgio Maone
The bug is in the site, which is (rather stupidly) loading a text file (with .txt extension and text/plain mime type) as a script (in fact, it contains JavaScript code):
Code: Select all
[NoScript] Blocking cross-site Javascript served from http://files.qidian.com/Author1/1662656/28626520.txt with wrong type info text/plain and included by http://www.qdmm.com/BookReader/1662656,28626520.aspx
NoScript prevents this to be parsed as JavaScript in order to block publicly accessible CMSes to be abused for serving malicious JavaScript by masking them as different types.
If you're OK with this specific site, you can workaround by adding "files.qidian.com" (without quotes, space separated) to your
noscript.inclusionTypeChecking.exceptions about:config preference.
Re: a bug
Posted: Thu Feb 17, 2011 11:21 am
by Jsid
Giorgio Maone wrote:The bug is in the site, which is (rather stupidly) loading a text file (with .txt extension and text/plain mime type) as a script (in fact, it contains JavaScript code):
Code: Select all
[NoScript] Blocking cross-site Javascript served from http://files.qidian.com/Author1/1662656/28626520.txt with wrong type info text/plain and included by http://www.qdmm.com/BookReader/1662656,28626520.aspx
NoScript prevents this to be parsed as JavaScript in order to block publicly accessible CMSes to be abused for serving malicious JavaScript by masking them as different types.
If you're OK with this specific site, you can workaround by adding "files.qidian.com" (without quotes, space separated) to your
noscript.inclusionTypeChecking.exceptions about:config preference.
thanks, it works
