C|Net and ABE

[wtrhzrd]

With ABE enabled I can't seem to get the photos of review products to work. It's a mouseover and see the image like you see
here as example: http://reviews.cnet.com/smartphones/t-m ... ag=nl.e723.
If I disable ABE it works fine. I tried playing with adding various rules, but I don't really know what I'm doing other than
toying around with variations of the other rules I see on the FAQ. Is there a way to make those pages work that I'm
missing?

[al_9x]

You probably have twitter.com inclusions blocked in abe. The cnet page has a bug, their test for the existence of the twttr object (if (twttr)), itself throws an error and breaks the page. Your quickest solution is to allow twitter on cnet.

@Giorgio

If twitter were blocked by the NS script module, the following surrogate would take care of it:

Code: Select all

user_pref("noscript.surrogate.twitter.sources", "platform.twitter.com");
user_pref("noscript.surrogate.twitter.replacement", "twttr=function() { var p = Proxy.createFunction({get: function(proxy, name) { return name in Object.prototype ? Object.prototype[name] : p; }}, function() { return p; }); return p; }();");

but it looks like when a script is blocked by abe, script surrogates don't run. Is that an omission or by design? I think it would make sense if they did.

[wtrhzrd]

Hmm, actually that was it... it works now with NO rules for cnet at all. I had added:

#Deny INCLUSION(SCRIPT, OBJ, SUBDOC)
Site .twitter.com .twimg.com
Accept from .twitter.com .twimg.com
Deny INCLUSION

at some point in time from somewhere, either the forums here, or the faq page, can't remember now.

If I pull that out, it works perfectly fine with no specific cnet rules at all. That seems strange but oh well,
it worked. Thanks.

[wtrhzrd]

And like you asked, I wonder also is that by design. If so, no problem but not knowing much about
the advanced "stuff" in noscript it does seem strange that that particular function no a site like
cnet wouldn't work just because of something to do with twitter. Or is it just that somehow the
script on that site for twitter happened first and everything after that in the scripts from the site
didn't run properly?

[al_9x]

You're wondering about something different, why cnet breaks without twitter. That has nothing to do with NS, their test for the twitter object is bad, throws an exception.

[Giorgio Maone]

but it looks like when a script is blocked by abe, script surrogates don't run. Is that an omission or by design? I think it would make sense if they did.

It is an omission by design: one of the design criteria was keeping at the bare minimum the intersection between NoScript and ABE, and load type awareness (i.e. "this is a script, that is a frame") was not included in the first specification (before INCLUSION was added).
However at this point relaxing a bit this criterion may make sense, and this use case surely deserves attention.

[Giorgio Maone]

However at this point relaxing a bit this criterion may make sense, and this use case surely deserves attention.

Done in latest development build.

[al_9x]

verified

About the surrogate, what is this for:

Code: Select all

if(typeof Proxy==='undefined')return arguments.callee

It doesn't seem like it would do anything useful in 3.x, as there's usually a call on a twttr child object.

[Giorgio Maone]

Code: Select all

if(typeof Proxy==='undefined')return arguments.callee

It doesn't seem like it would do anything useful in 3.x, as there's usually a call on a twttr child object.

Indeed, in next build it will be changed into

Code: Select all

if(typeof Proxy==='undefined')return{events: {__noSuchMethod__: arguments.callee}}

[al_9x]

I've seen another sub-object used ("anywhere"), which required the following surrogate:

Code: Select all

twttr={anywhere:function(){}};twttr.anywhere.__noSuchMethod__=function(){};

anywhere was itself called and also had its methods called.

[al_9x]

Code: Select all

if(typeof Proxy==='undefined')return{events: {__noSuchMethod__: arguments.callee}}

Why "arguments.callee" ?

[Giorgio Maone]

Code: Select all

if(typeof Proxy==='undefined')return{events: {__noSuchMethod__: arguments.callee}}

Why "arguments.callee" ?

Habit. Since it's not anonymous, using "twttr" is OK too to make the hack recursive.

[al_9x]

Code: Select all

if(typeof Proxy==='undefined')return{events: {__noSuchMethod__: arguments.callee}}

Why "arguments.callee" ?

Habit. Since it's not anonymous, using "twttr" is OK too to make the hack recursive.

Returning twttr is perhaps slightly better than constructing a new object each call, but either way it seems to serve no real purpose. It supports the following chaining:

twttr.events.whatever1()
.events.whatever1()
.events.whatever2()

which I don't think is in use now or ever would be.

[al_9x]

the 3.6 fallback is still wrong,

1. anywhere needs to be a function, not just an object
2. __noSuchMethod__ needs to be a function, not twttr object
3. twttr is not defined in the function

let me write it and you can review it.

Code: Select all

twttr = function () {
	var srgt;
	if (typeof Proxy === 'undefined') {
		srgt = { events: { __noSuchMethod__: function() {} },
					anywhere: function() {} };
		srgt.anywhere.__noSuchMethod__ = function() {};
	}
	else
		srgt = Proxy.createFunction({
				get: function (proxy, name) {
				return name in Object.prototype ? Object.prototype[name] : srgt;
			}},
			function() {
				return srgt;
			});
	return srgt;
}();

[Giorgio Maone]

Why creating 3 empty anonymous functions (each one is a different object)?

Code: Select all

if (typeof Proxy === 'undefined') {
  var f=arguments.callee;
  return f.__noSuchMethod__=f.events=f.anywhere=f;
}