[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
LibreJS fails to block nonfree scripts on pages served through other pro
|
From: |
Wojciech Kosior |
|
Subject: |
LibreJS fails to block nonfree scripts on pages served through other protocols than http(s) |
|
Date: |
Sat, 23 Jan 2021 17:30:45 +0100 |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Icedove/68.9.0 |
LibreJS version: 7.20.2
Browser version: Parabola's Iceweasel 81.0.2-1
Actually affected versions: all LibreJS versions for Firefox Quantum (60
onwards) and its derivatives
Steps to reproduce:
1. Save any page together with nonfree scripts to an html file. You can
also write one from scratch or use the one I trained drag&drop on (added
as an attachment).
2. Open the file in Your browser with LibreJS enabled (put
file:///<path-to-html-file> in the URL box).
3. You can also try accessing ftp:// URLs or other ones.
Expected behaviour: LibreJS blocks the javascript in that html file or
marks it as free or marks it as trivial.
Actual behaviour: Scripts happily execute and LibreJS doesn't even know
about them.
Reason: LibreJS relies solely on the WebRequest API to block scripts and
the API only works for HTTP(S).
Workaround: Use NoScript or some other extension.
My remarks:
The developers must have deliberately omitted a crucial functionality
from the extension. That's not the worst, however. A bigger problem is
that the entire concept behind LibreJS is flawed. But this mail is not
the right place to paste my essay about that.
![]()
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- LibreJS fails to block nonfree scripts on pages served through other protocols than http(s),
Wojciech Kosior <=