Post Reply 
Firefox Noscript and Sidki's JS Insertion
Jan. 27, 2009, 02:20 AM
Post: #16
RE: Firefox Noscript and Sidki's JS Insertion
Hello again Inminente,

I don't know much about cross-site scripting, but isn't Firefox designed to stop that by itself? Or am I getting confused with something else, which may have a name a little like 'cross-site scripting attacks' ?

Lee
Add Thank You Quote this message in a reply
Jan. 27, 2009, 11:34 AM
Post: #17
RE: Firefox Noscript and Sidki's JS Insertion
I don't know Lee, have the same confussion, maybe both are the same. The only thing i know is wich NoScript is designed for Firefox, and it alerts me sometimes about doubtly scripts.

Info about cross-site in wikipedia: http://en.wikipedia.org/wiki/Cross-site_scripting
Add Thank You Quote this message in a reply
Mar. 03, 2009, 01:50 AM
Post: #18
RE: Firefox Noscript and Sidki's JS Insertion
I just had a brainwave; what if we create our own version of NoScript where all "http://local.ptron/" JS files are skipped, allowing them to load?

"\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}\components"
noscriptService.js, line 3390, the processScriptElements function.

Code:
processScriptElements: function(document, sites) {
    var scripts = document.getElementsByTagName("script");
    var scount = scripts.length;
    if (scount) {
      const HTMLElement = CI.nsIDOMHTMLElement;
      sites.scriptCount += scount;
      var script, scriptSrc;
      var nselForce = this.nselForce && sites.length && this.isJSEnabled(sites[sites.length - 1]);
      var isHTMLScript;
      while (scount-- > 0) {
        script = scripts.item(scount);
        isHTMLScript = script instanceof HTMLElement;
        if (isHTMLScript) {
          scriptSrc = script.src;
        } else if(script) {
          scriptSrc = script.getAttribute("src");
          if (!/^[a-z]+:\/\//i.test(scriptSrc)) continue;
        } else continue;
        
        scriptSrc = this.getSite(scriptSrc);
        if (scriptSrc) {
          sites.push(scriptSrc);
          if (nselForce && isHTMLScript && !this.isJSEnabled(scriptSrc)) {
            this.showNextNoscriptElement(script);
          }
        }
      }
    }
  },

We just need to throw in a "if (..src = "http://local.ptron") { ... } else { ... }" statement.

I wonder if there are any legal issues...

EDIT: Actually, I think it's around line 3339...
Visit this user's website
Add Thank You Quote this message in a reply
Mar. 03, 2009, 05:58 AM
Post: #19
RE: Firefox Noscript and Sidki's JS Insertion
I've spent a couple hours playing around with NoScript; no luck Sad

EDIT: I get the feeling that the solution would be modifying the above file, but I just don't know where to modify.

EDIT 2: I've emailed the author of NoScript; hopefully he'll respond and clarify =D
Visit this user's website
Add Thank You Quote this message in a reply
Mar. 03, 2009, 01:08 PM
Post: #20
RE: Firefox Noscript and Sidki's JS Insertion
Could someone explain to me why you need NoScript if you have Proxo? I think NoScript is the worse extension ever created for Fx. It is extremely irritating to use and breaks most websites. I don't understand why anyone would use it.
Add Thank You Quote this message in a reply
Mar. 03, 2009, 04:18 PM
Post: #21
RE: Firefox Noscript and Sidki's JS Insertion
@Kye-U, i really would like to help you, but i have no skills with javascript.

Just to throw a tip from here: Exactly what we (or at least I) want to do is not seeing/downloading ads written by scripts. Most of these ads are written with a document.write function while the page is loading. So... I'm wondering if we could modify the write function for offsite scripts while loading the page.

@Mele20, read my above posts
Add Thank You Quote this message in a reply
Post Reply 


Forum Jump: