-
Notifications
You must be signed in to change notification settings - Fork 473
Issue with full Javascript blocking on Firefox 56/57 #902
Comments
I am going to transcribe your paragraph as steps for clarity -- tell me if I got something wrong:
Regarding the difference between uMatrix with javascript disabled and the browser with javascript disabled: With javascript disabled through the browser's config: With javascript disabled through uMatrix: The difference disappears when you remove the block rule for Now to ensure that uMatrix works best, do not test it with YesScript2: this extension listens to Aside this, it may happens that you need to reload and force the browser to bypass its cache: see #893. Aside these known issues for which there are workaround (you will have to disable YesScript2), uMatrix is completely reliable. Use the browser console to see that the browser reports inline script tags as blocked. |
I corrected myself above, I misread the code in YesScript2. In any case, please provide exact, clearly laid out repro steps to be sure I understand what exact scenario you say you have an issue. As said in my response, scripts were blocked all fine on my side. Using uMatrix as the only extension. |
Hi, First, and foremost, thank you for responding so fast ! I am testing with YesScript (not YesScript2) on Firefox 56 (to exclude that the issue is purely with Firefox 57). Let's ignore that part for a sec. I think the issue is this:
One thing I've noticed is that YesScript disables Javascript via internal calls to the Firefox 56 browser capability.policy, can uMatrix do something like this ? |
I don't know how YesScript plain works, a quick glance and I can't tell, I would need more time to find out. I can't try FF56 for the moment due to lack of time (need to download, new profile, etc.) However see if the browser console reports that inline script tags aren't executed, this is a telltale sign that uMatrix is blocking 1st-party scripts: By the way, mixing legacy extensions with WebExtensions ones is known to cause issues, it's something I've had to repeat often to people who were still using uBO with legacy extensions. |
Ok, based on your screenshot I think I know what the issue really is: I had the following Firefox preferences set to false for testing: security.csp.enable Both rlslog dot net, and fastpic ru are now working as they should ! Based on this can you confirm that your extension is in fact relying on CSP, and not on Firefox Capability policy (if there is one at all in Firefox 57) ? |
With WebExtensions there is no other way to control javascript execution of inline script. All WebExtensions which purpose is to control javascript now relies on CSP (YesScript2, NoScript, etc.) |
Damn, ok, sorry for taking up your time, in case someone runs into the same issue they will now know what's at fault. I have corrected my Firefox Addons review, please modify yours as well so the users don't get bothered by it. |
For the record :
I'm wonder it wouldn't be better to add one article on this matter ? Because on the moment, I haven't find these informations on the uMatrix Wiki.
As today, I had noticed a very strange behavior : an infinite loop on Twitter (under Windows 10 x64 with Firefox_v59 or Firefox_v57). That's why I can't read it (despite these rules).
Could you confirm it ? |
I have a specific use case and the extension is definitely not working as it should, there is a flaw somewhere - either in the extension or in Firefox:
Try this to see what I am talking about - I am developing an advert blocking solution:
www.google-analytics.com
counter.yadro.ru
jsc.traffic-media.co
buhman.letysheeps.ru
trafgid.com
am15.net
stablemoney.ru
adbetnet.advertserve.com
piguiqproxy.com
I have tested this on Firefox 56 as well with the same parameters, and using an extension called Yesscript:
p.s. Maybe it has something to do with the way the addons are blocking Javascript - Yesscript is blocking it like this I think:
prefs.setCharPref("capability.policy.yesscript.javascript.enabled", "noAccess");
The text was updated successfully, but these errors were encountered: