Closed Bug 148722 Opened 23 years ago Closed 21 years ago

Requesting ability to block scripts by source.

Categories

(SeaMonkey :: UI Design, enhancement)

Product:
SeaMonkey
Component:
UI Design
Platform:
x86
Windows 2000
Type:
enhancement
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED WORKSFORME

People

(Reporter: swh, Assigned: samir_bugzilla)

References

(
URL
)

Details

From Bugzilla Helper: User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:0.9.9) Gecko/20020311 BuildID: 2002031104 You can block images and/or cookies by domain/site, but scripts will be automatically called regardless of where they live, if javascript is turned on at all. This defeats one's other efforts to avoid being tracked by advertisers. In the exampl below, the script name is a long alphanumeric, looks just like the names used for "bug" images used for site-visitor tracking. Requesting, in future version, ability to block scripts by site/domain, or alternatively, at least a preference item to block third-party scripts. Reproducible: Always Steps to Reproduce: 1. Go to http://www.deviantart.com/ . While page is loading, observe in status line, "Transferring data from ad.doubleclick.net..." even with all variations of doubleclick domains blocked whenever they are encountered, both images and cookies. 2. Look at page source, find: <script language=Javascript1.1 src="http://ad.doubleclick.net/adj/dclk.deviantart/ros;dcopt=ist;abr=!webtv;sz=468x60;ord=230b270e608bfb6487c521ae66b7c280?"> Check preferences, find no preference to defeat this. 3. Actual Results: Always loads script from unwanted third party. Expected Results: Well, not necessarily expected, but would like to have an opt-out.
Sounds good. I guess this means adding a script manager in addition to image manager, with an option "Accept scripts that come from the originating server only" just like there is for images.
Status: UNCONFIRMED → NEW
Ever confirmed: true
Here's a variation on this theme - a page display is delayed waiting for a script to be loaded from an ad server: <script LANGUAGE="JavaScript1.1"> _krdDartInc++; document.write('<SCRIPT LANGUAGE="JavaScript1.1" SRC="http://ad.doubleclick.net/adj/mercurynews.news/news;kw=left1;c2=news_homepage;tile='+_krdDartInc+';sz=120x60;ord='+_krdDartOrd+'?" ><\/SCRIPT>'); </SCRIPT> Seen in various pages at http://www.bayarea.com/
In the light of the nasty JavaScript issues on ebay (fake login pages or faked recommendation profiles) I would also suggest an option to block the execution of every JavaScript piece (or - nicer - certain operations like changing form URLs etc., but that might be too much) in a page if it comes from a certain server. I think of something structured like the popup window blocker, which is structured similar. -FH
This already exists. The kind of users who want this feature can use about:config and these documents to get just what you propose. http://www.mozilla.org/projects/security/components/ConfigPolicy.html
Status: NEW → RESOLVED
Closed: 21 years ago
Resolution: --- → WORKSFORME
Adblock (http://adblock.mozdev.org/) allows blocking scripts by URL.
Product: Core → Mozilla Application Suite
You need to log in before you can comment on or make changes to this bug.