[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Iceweasel + NoScript: Google search results href anomaly



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Thu, Nov 12, 2015 at 10:46:23PM +0200, Safwat wrote:
> I am running NoScript + Iceweasel, and I observed something weird.
> Consider a Google search result which has this "a href" value:
> 
> https://www.google.com/url?q=https://en.wikipedia.org/wiki/Hello_(Adele_song)&sa=U&ved=0CCsQFjAIahUKEwjPuq3H34vJAhWDWhQKHW7eCbA&usg=AFQjCNHJRKExeuRwwdFmAKkJ6dH7qv_TeQ
> 
> When I hover my mouse over it, the value instantly changes to
> https://en.wikipedia.org/wiki/Hello_%28Adele_song%29

I'm not going to test that, since

 (a) I excised Javascript out of my default browser profile and only
    use a JS enabled profile in rare exceptions (yeah, some would
    say I 'crippled' my browser. To each her own)
 (b) I avoid Google as much as possible

but: are you sure that the "value" changes? Perhaps it's just the
visualization what changes, due to some CSS trickery? The way I
understand what you describe, this should be achievable without
Javascript (non-builtin, that is).

> This should be impossible with NoScript, nothing should be able to
> modify the DOM. Google is not white-listed.
> 
> What's going on?

I'd have a look at the CSS. Perhaps that's it. And then, perhaps
NoScript isn't as watertight as it should be (there are enough
reasons to not dismiss *that* possibility, alas)

regards
- -- tomás
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlZFynoACgkQBcgs9XrR2kbPWQCeNWO1NI8LgdeCRIofHlvsuDoi
pisAn0BMxBgrUVgzHoRs9Xwsyem0eYLI
=a9gL
-----END PGP SIGNATURE-----


Reply to: