New participant in the forum here. Hello everyone.
At the beginning of the week, I installed mx-16 and intended to post a few comments here, but was alarmed at what happened when I attempted to register. The forum software requires javascript, so I went to my browser's no-script settings and temporarily enabled scripts from mxlinux.org only. The result was what alarmed me: At the time, I had other browser tabs open, including several open to urls at stackexchange.com, and all of the stackexchange.com tabs (and only those) responded to my enabling of mxlinux.org 's javascript by reloading the page. Now, I don't believe that stackexchange.com is some malicious outfit, or that you are, but something is potentially quite 'BAD' about this. My initial response was to bow out of registering here, but today I decided to take the plunge.
It's probably worth mentioning that I've been a careful user of noscript for many years and have never encountered this type of scenario before.
What's going on?
misbehaving javascript
Re: misbehaving javascript
A reasonable troubleshooting step would be to temporarily suspend (i mean disable, via about:addons) the NoScript extension and retest. FWIW, in the absence of NoScript, I haven't witnessed the "reload all" behavior you've described.
even so, across versions, quirks and breakages sometimes creep inuser of noscript for many years
Re: misbehaving javascript
Your suggestion would prove nothing. Turning off noscript means all scripts are enabled everywhere, so all the stackexchange scripts would load initially, even before navigating to this forum. Also, of all the other tabs I had open, only the stackexchange ones reloaded. If you're unfamiliar with 'noscript', what that means is that the script source that I did temporarily enable (mxlinux.org) was somehow linked or crossed or identied as equivalent to that of stackexchange.com. I can think of a few ways this could have happened, but I hesitated to offer a guess because I don't have the perspective of this site's sysadmin. I will say that it's unfortunately too common a case that people blindly copy for their own sites scripts that they saw on other sites.
Re: misbehaving javascript
First time anyone in our 3 years has had a concern with that, so I don't know what to tell you. It may be part of Stop Forum Spam, a phpBB extension we use that queries the stop forum spam database on registration and posting.
We'll take a look.
We'll take a look.
Production: 5.10, MX-23 Xfce, AMD FX-4130 Quad-Core, GeForce GT 630/PCIe/SSE2, 16 GB, SSD 120 GB, Data 1TB
Personal: Lenovo X1 Carbon with MX-23 Fluxbox and Windows 10
Other: Raspberry Pi 5 with MX-23 Xfce Raspberry Pi Respin
Personal: Lenovo X1 Carbon with MX-23 Fluxbox and Windows 10
Other: Raspberry Pi 5 with MX-23 Xfce Raspberry Pi Respin
-
- Developer
- Posts: 372
- Joined: Mon Apr 16, 2012 4:51 pm
Re: misbehaving javascript
I am not certain about this as I have not viewed the source of stack exchange vs forum registration. However my first thought would be to check if there is a common linked JS libraries or api's from organizations such as google that are made publicly available. Perhaps allowing the running of scripts on this forum also allowed one of these shared resources to load and therefor caused stack exchange to reload to make use of the now available library / api.
I think that you should be able to find this out by searching for the ("text/javascript") identifier and see if there is a common domain in the src="****" value whilst viewing the source via right click.
I think that you should be able to find this out by searching for the ("text/javascript") identifier and see if there is a common domain in the src="****" value whilst viewing the source via right click.
Re: misbehaving javascript
Thanks for that tip. Not sure what forum pages to look for this but I checked several including the registration page and found no references to any outside source.antiX-Dave wrote:I am not certain about this as I have not viewed the source of stack exchange vs forum registration. However my first thought would be to check if there is a common linked JS libraries or api's from organizations such as google that are made publicly available. Perhaps allowing the running of scripts on this forum also allowed one of these shared resources to load and therefor caused stack exchange to reload to make use of the now available library / api.
I think that you should be able to find this out by searching for the ("text/javascript") identifier and see if there is a common domain in the src="****" value whilst viewing the source via right click.
Forum Rules
Guide - How to Ask for Help
richb Administrator
System: MX 23 KDE
AMD A8 7600 FM2+ CPU R7 Graphics, 16 GIG Mem. Three Samsung EVO SSD's 250 GB
Guide - How to Ask for Help
richb Administrator
System: MX 23 KDE
AMD A8 7600 FM2+ CPU R7 Graphics, 16 GIG Mem. Three Samsung EVO SSD's 250 GB