Re: JavaScript in iframe allowed

help-librejs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: JavaScript in iframe allowed

From:	takuwan
Subject:	Re: JavaScript in iframe allowed
Date:	Thu, 24 Dec 2020 11:12:25 +0100

Ian Kelling writes:
> takuwan@libertymail.net writes:
> 
> > Hi all,
> >
> > I noticed that JS loaded from within an <iframe> is transparent to LibreJS:
> > there’s no report of it in the extension tab (neither accepted nor blocked).
> >
> > Here is an example with an embedded OpenStreetMap map at the bottom of the 
> > page:
> > https://zazenmarseille.org
> >
> > If I follow the link bellow the map to open it in the OSM website, the 
> > script is
> > blocked and the map can’t be displayed because it’s not free. Why is it not
> > blocked directly in the <iframe>?
> 
> Looks like a bug to me. Thanks for reporting.
> 
You are welcome.

Another odd behaviour I noticed on this page as well: an external script
‘spam-protection.js’ is loaded through a <script> in the <head> with a ‘defer’
attribute. When looking at the script source code, it defines a @license magnet
tag for the Apache License 2.0. However, LibreJS does not recognise it and
blocks it as a non-free external script.

I am running Iceweasel 81.0.2 with LibreJS 7.20.2 for the record.

-- 
takuwan

[Prev in Thread]

Current Thread

[Next in Thread]

Re: JavaScript in iframe allowed, Ian Kelling, 2020/12/23
- Re: JavaScript in iframe allowed, takuwan <=

Prev by Date: Re: JavaScript in iframe allowed
Previous by thread: Re: JavaScript in iframe allowed
Index(es):
- Date
- Thread