InformAction Forums

NoScripters and WebSec nerds of all lands, unite!
https://forums.informaction.com/

NoScript unable to block dynamic src?

https://forums.informaction.com/viewtopic.php?t=8907

Page 1 of 1

NoScript unable to block dynamic src?

Posted: Fri Jun 15, 2012 5:06 pm
by apam.smh
Is there a configuration option to disable this, or is NoScript unable to prevent execution of dynamic sources?

http://www.smh.com.au/text

Despite having the whole site blocked, it still managers to execute a script with
src="#staticUrl()/js/behave.js"

which is served off the same host.

Any ideas?

Re: NoScript unable to block dynamic src?

Posted: Mon Jun 18, 2012 10:33 am
by Thrawn
NoScript should be able to block any kind of script. What symptoms are you seeing to tell you that this script is running? With the top-level site blocked, I don't see anything on that page that appears to be dynamic, just a list of plain headings and hyperlinks.

Please give details; if there really is a way to bypass NoScript, then I guarantee Giorgio will jump on it as top priority.

Re: NoScript unable to block dynamic src?

Posted: Mon Jun 18, 2012 2:48 pm
by therube

Code: Select all

<script type="text/javascript" src="#staticUrl()/js/behave.js"></script>
If com.au (actually it looks like smh.com.au) is not allowed, seemingly nothing should be running?
Giorgio wrote: Inline scripts are blocked by default on non-whitelisted sites.
You cannot disable them selectively on whitelisted sites, if that's what you're asking for, but you can modify their execution environment to "cripple" them or otherwise change their behavior by writing your own page-level script surrogates.
http://forums.informaction.com/viewtopi ... 936#p34936
Inline Script Blockage
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited