Scriptlet injection banned by CSP #26
Comments
|
My guess is race condition. Because your rules works for me when I clicking into another site. It just not works with refreshing page. Edit: I tried Chromium (not Chrome) and it also not click the button sometimes. |
|
Possibly related: LiCybora/NanoDefenderFirefox@a8c12d6 |
|
If |
|
The first one is already
Btw, @jspenguin2017 how about add optional third argument for delay the click execution in the snippet? |
|
Inline scripts injected by extensions should bypass CSP. |
|
Allowing timeout would allow complex operations, which has security implications. Although privileged script snippets are suppose to be powerful, they should not be too dangerous. I'll need to think about it. |
Edit: See https://bugzilla.mozilla.org/show_bug.cgi?id=1267027
The reason I ask for setTimeout is because the button is created by xhr via script, not the document itself. This cause the button not available during document ready state claimed as complete, and thus the clicking script not always work. In worst situation, consider fixing in ND... |
LiCybora
added
Browser Bug
|
You can try this: https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/Sharing_objects_with_page_scripts I'm not sure why gorhill didn't do it that way, there may be gotchas along the way. |
|
I know the script snippets don't always work, and I have never claimed that they do. As I said, allowing custom timeout may have security implications, and I have to think about it. I will not add annoyance fixes to ND. |
LiCybora
added
wontfix
|
1st site will not be fixed due to limitation of snippets. |
LiCybora
changed the title
|
So if i understand correctly, some sites do not work with these snippets because of limitation? Strange i got it working with NB on Vivaldi (i said chrome, but tested with Vivaldi). |
|
The first site is a won't fix as per Filters Policy: https://github.com/NanoAdblocker/NanoFilters I'll land a fix for the second site for Chromium. |
|
The privileged script snippets are not designed to be a replacement for I Don't Care About Cookies. You can make an Userscript or extension for yourself to implement missing pieces. |
Describe the issue (Required)
Extra resources of nano (e.g. nanop-click-elements-onready.js) mostly don't work when using it in own filters (and setting advanced setting ""). While the exact same rules do work in chrome. So looks like problem with firefox version to use these extra resources correctly?
Screenshots (Required)
Screenshot of console (Required, press
F12to open the console)URLs where this issue occurs (Required if applicable)
https://radar.avrotros.nl/
https://www.gelderlander.nl
Reproduction Steps (Optional if trivial)
Go to site and see cookie wall/cookie message not getting clicked. Do it in chrome and the button will get clicked.
Anything else you believe to be useful (Optional)
Environment (Required)
Your filter lists (Required)
ootb
Your custom filters (Required if you have any)
avrotros.nl##+js(nanop-click-elements-onload.js, button.ccm_btn:nth-child(1))
myprivacy.persgroep.net##+js(nanop-click-elements-onready.js, button.button:nth-child(3))
The text was updated successfully, but these errors were encountered: