Welcome!

Please read this important information about Spectre and Meltdown vulnerabilities.
Please read this important information about MX sources lists.
News
  • MX Linux on social media: here
  • Mepis support still here
Current releases
  • MX-17 Final release info here
  • MX-16.1 release info here
  • antiX-17 release info here
    New users
    • Please read this first, and don't forget to add system and hardware information to posts!
    • Read Forum Rules

misbehaving javascript

Forum for discussion and implementation of project work to enhance mepis.org and other MEPIS Websites
Message
Author
boruch
Forum Novice
Forum  Novice
Posts: 4
Joined: Fri Dec 23, 2016 3:08 am

misbehaving javascript

#1 Postby boruch » Fri Dec 23, 2016 3:25 am

New participant in the forum here. Hello everyone.

At the beginning of the week, I installed mx-16 and intended to post a few comments here, but was alarmed at what happened when I attempted to register. The forum software requires javascript, so I went to my browser's no-script settings and temporarily enabled scripts from mxlinux.org only. The result was what alarmed me: At the time, I had other browser tabs open, including several open to urls at stackexchange.com, and all of the stackexchange.com tabs (and only those) responded to my enabling of mxlinux.org 's javascript by reloading the page. Now, I don't believe that stackexchange.com is some malicious outfit, or that you are, but something is potentially quite 'BAD' about this. My initial response was to bow out of registering here, but today I decided to take the plunge.

It's probably worth mentioning that I've been a careful user of noscript for many years and have never encountered this type of scenario before.

What's going on?

skidoo
Forum Regular
Forum Regular
Posts: 675
Joined: Tue Sep 22, 2015 6:56 pm

Re: misbehaving javascript

#2 Postby skidoo » Fri Dec 23, 2016 5:17 am

A reasonable troubleshooting step would be to temporarily suspend (i mean disable, via about:addons) the NoScript extension and retest. FWIW, in the absence of NoScript, I haven't witnessed the "reload all" behavior you've described.

user of noscript for many years
even so, across versions, quirks and breakages sometimes creep in

boruch
Forum Novice
Forum  Novice
Posts: 4
Joined: Fri Dec 23, 2016 3:08 am

Re: misbehaving javascript

#3 Postby boruch » Fri Dec 23, 2016 6:49 am

Your suggestion would prove nothing. Turning off noscript means all scripts are enabled everywhere, so all the stackexchange scripts would load initially, even before navigating to this forum. Also, of all the other tabs I had open, only the stackexchange ones reloaded. If you're unfamiliar with 'noscript', what that means is that the script source that I did temporarily enable (mxlinux.org) was somehow linked or crossed or identied as equivalent to that of stackexchange.com. I can think of a few ways this could have happened, but I hesitated to offer a guess because I don't have the perspective of this site's sysadmin. I will say that it's unfortunately too common a case that people blindly copy for their own sites scripts that they saw on other sites.

User avatar
Jerry3904
Forum Veteran
Forum Veteran
Posts: 20622
Joined: Wed Jul 19, 2006 6:13 am

Re: misbehaving javascript

#4 Postby Jerry3904 » Fri Dec 23, 2016 6:52 am

First time anyone in our 3 years has had a concern with that, so I don't know what to tell you. It may be part of Stop Forum Spam, a phpBB extension we use that queries the stop forum spam database on registration and posting.

We'll take a look.
Production: 4.13.0-1-amd64, MX-17, AMD FX-4130 Quad-Core, GeForce GT 630/PCIe/SSE2, 8 GB, Kingston SSD 120 GB and WesternDigital 1TB
Testing: AAO 722: 4.13.0-1-386. MX-17, AMD C-60 APU, 4 GB

antiX-Dave
Forum Regular
Forum Regular
Posts: 337
Joined: Mon Apr 16, 2012 4:51 pm

Re: misbehaving javascript

#5 Postby antiX-Dave » Fri Dec 23, 2016 3:40 pm

I am not certain about this as I have not viewed the source of stack exchange vs forum registration. However my first thought would be to check if there is a common linked JS libraries or api's from organizations such as google that are made publicly available. Perhaps allowing the running of scripts on this forum also allowed one of these shared resources to load and therefor caused stack exchange to reload to make use of the now available library / api.

I think that you should be able to find this out by searching for the ("text/javascript") identifier and see if there is a common domain in the src="****" value whilst viewing the source via right click.

User avatar
richb
Administrator
Posts: 15997
Joined: Wed Jul 12, 2006 2:17 pm

Re: misbehaving javascript

#6 Postby richb » Fri Dec 23, 2016 4:26 pm

antiX-Dave wrote:I am not certain about this as I have not viewed the source of stack exchange vs forum registration. However my first thought would be to check if there is a common linked JS libraries or api's from organizations such as google that are made publicly available. Perhaps allowing the running of scripts on this forum also allowed one of these shared resources to load and therefor caused stack exchange to reload to make use of the now available library / api.

I think that you should be able to find this out by searching for the ("text/javascript") identifier and see if there is a common domain in the src="****" value whilst viewing the source via right click.

Thanks for that tip. Not sure what forum pages to look for this but I checked several including the registration page and found no references to any outside source.
Forum Rules
Guide - How to Ask for Help

Rich
SSD Production: MX-15- 64 - migrated to MX-16 RC1
HD Test: MX-16 RC1
AMD A8 7600 FM2+ CPU R7 Graphics, fglrx driver, 16 GIG Mem. Samsung EVO SSD 250 GB, 350 GB HD


Return to “Website”

Who is online

Users browsing this forum: No registered users and 1 guest