[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: JavaScript in iframe allowed

From: takuwan
Subject: Re: JavaScript in iframe allowed
Date: Thu, 24 Dec 2020 11:12:25 +0100

Ian Kelling writes:
> writes:
> > Hi all,
> >
> > I noticed that JS loaded from within an <iframe> is transparent to LibreJS:
> > there’s no report of it in the extension tab (neither accepted nor blocked).
> >
> > Here is an example with an embedded OpenStreetMap map at the bottom of the 
> > page:
> >
> >
> > If I follow the link bellow the map to open it in the OSM website, the 
> > script is
> > blocked and the map can’t be displayed because it’s not free. Why is it not
> > blocked directly in the <iframe>?
> Looks like a bug to me. Thanks for reporting.
You are welcome.

Another odd behaviour I noticed on this page as well: an external script
‘spam-protection.js’ is loaded through a <script> in the <head> with a ‘defer’
attribute. When looking at the script source code, it defines a @license magnet
tag for the Apache License 2.0. However, LibreJS does not recognise it and
blocks it as a non-free external script.

I am running Iceweasel 81.0.2 with LibreJS 7.20.2 for the record.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]