Skip to content

/ disable-javascript

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Security issue: Fails to block JS from webworkers #50

Open
telamon opened this issue May 8, 2019 · 2 comments
Open

Security issue: Fails to block JS from webworkers #50

telamon opened this issue May 8, 2019 · 2 comments
Labels
more information needed

Comments

@telamon
Copy link

@telamon telamon commented May 8, 2019

Just tried this plugin out after i got tired of no hotkey's in No-script plugin.
But disable-javascript failed to block already loaded webworkers, meaning if i temporarily enable
JS on a domain and then toggle it off again - Any webworkers registered during that pageload will continue to run unrestricted.

Content Security Policy: Directive ‘child-src’ has been deprecated. Please use directive ‘worker-src’ to 
control workers, or directive ‘frame-src’ to control frames respectively.
@dpacassi
Copy link
Owner

@dpacassi dpacassi commented May 22, 2019

Hi @telamon!

Thanks for your report.
I tried to reproduce the bug you've described but wasn't sucessful. I tried the following:

  1. Visit https://www.w3schools.com/html/tryit.asp?filename=tryhtml5_webworker
  2. Click on "Start Worker"
  3. Disable JS

-> The page gets reloaded with JS disabled, the worker doesn't run.

Could you give me additional information on how to reproduce this bug?
I would need:

  • Your Disable JavaScript settings
  • Your used browser and OS
  • The website with the web worker

I will then try to recreate the bug.
Thanks for your help!
@telamon
Copy link
Author

@telamon telamon commented May 27, 2019

@dpacassi Thanks for marking it up, I'm trying to remember what page i encountered and replicated this bug on. Should probably have mentioned that in the original post... I'll drop another comment if i encouter it again.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
more information needed
Projects
None yet
Milestone
No milestone
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
2 participants
@telamon @dpacassi