misbehaving javascript

Forum for discussion and implementation of project work to enhance mxlinux.org and other MX Websites
Post Reply
Message
Author
boruch
Posts: 3
Joined: Fri Dec 23, 2016 3:08 am

misbehaving javascript

#1 Post by boruch »

New participant in the forum here. Hello everyone.

At the beginning of the week, I installed mx-16 and intended to post a few comments here, but was alarmed at what happened when I attempted to register. The forum software requires javascript, so I went to my browser's no-script settings and temporarily enabled scripts from mxlinux.org only. The result was what alarmed me: At the time, I had other browser tabs open, including several open to urls at stackexchange.com, and all of the stackexchange.com tabs (and only those) responded to my enabling of mxlinux.org 's javascript by reloading the page. Now, I don't believe that stackexchange.com is some malicious outfit, or that you are, but something is potentially quite 'BAD' about this. My initial response was to bow out of registering here, but today I decided to take the plunge.

It's probably worth mentioning that I've been a careful user of noscript for many years and have never encountered this type of scenario before.

What's going on?

skidoo
Posts: 753
Joined: Tue Sep 22, 2015 6:56 pm

Re: misbehaving javascript

#2 Post by skidoo »

A reasonable troubleshooting step would be to temporarily suspend (i mean disable, via about:addons) the NoScript extension and retest. FWIW, in the absence of NoScript, I haven't witnessed the "reload all" behavior you've described.
user of noscript for many years
even so, across versions, quirks and breakages sometimes creep in

boruch
Posts: 3
Joined: Fri Dec 23, 2016 3:08 am

Re: misbehaving javascript

#3 Post by boruch »

Your suggestion would prove nothing. Turning off noscript means all scripts are enabled everywhere, so all the stackexchange scripts would load initially, even before navigating to this forum. Also, of all the other tabs I had open, only the stackexchange ones reloaded. If you're unfamiliar with 'noscript', what that means is that the script source that I did temporarily enable (mxlinux.org) was somehow linked or crossed or identied as equivalent to that of stackexchange.com. I can think of a few ways this could have happened, but I hesitated to offer a guess because I don't have the perspective of this site's sysadmin. I will say that it's unfortunately too common a case that people blindly copy for their own sites scripts that they saw on other sites.

User avatar
Jerry3904
Administrator
Posts: 21881
Joined: Wed Jul 19, 2006 6:13 am

Re: misbehaving javascript

#4 Post by Jerry3904 »

First time anyone in our 3 years has had a concern with that, so I don't know what to tell you. It may be part of Stop Forum Spam, a phpBB extension we use that queries the stop forum spam database on registration and posting.

We'll take a look.
Production: 5.10, MX-23 Xfce, AMD FX-4130 Quad-Core, GeForce GT 630/PCIe/SSE2, 16 GB, SSD 120 GB, Data 1TB
Personal: Lenovo X1 Carbon with MX-23 Fluxbox and Windows 10
Other: Raspberry Pi 5 with MX-23 Xfce Raspberry Pi Respin

antiX-Dave
Developer
Posts: 372
Joined: Mon Apr 16, 2012 4:51 pm

Re: misbehaving javascript

#5 Post by antiX-Dave »

I am not certain about this as I have not viewed the source of stack exchange vs forum registration. However my first thought would be to check if there is a common linked JS libraries or api's from organizations such as google that are made publicly available. Perhaps allowing the running of scripts on this forum also allowed one of these shared resources to load and therefor caused stack exchange to reload to make use of the now available library / api.

I think that you should be able to find this out by searching for the ("text/javascript") identifier and see if there is a common domain in the src="****" value whilst viewing the source via right click.

User avatar
richb
Administrator
Posts: 10322
Joined: Wed Jul 12, 2006 2:17 pm

Re: misbehaving javascript

#6 Post by richb »

antiX-Dave wrote:I am not certain about this as I have not viewed the source of stack exchange vs forum registration. However my first thought would be to check if there is a common linked JS libraries or api's from organizations such as google that are made publicly available. Perhaps allowing the running of scripts on this forum also allowed one of these shared resources to load and therefor caused stack exchange to reload to make use of the now available library / api.

I think that you should be able to find this out by searching for the ("text/javascript") identifier and see if there is a common domain in the src="****" value whilst viewing the source via right click.
Thanks for that tip. Not sure what forum pages to look for this but I checked several including the registration page and found no references to any outside source.
Forum Rules
Guide - How to Ask for Help

richb Administrator
System: MX 23 KDE
AMD A8 7600 FM2+ CPU R7 Graphics, 16 GIG Mem. Three Samsung EVO SSD's 250 GB

Post Reply

Return to “Website”