You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Nov 15, 2017. It is now read-only.
Although I have no idea why the static reference would not also sit in the in-memory cache..
Conditions for this bug to happen:
The script had to be allowed first (allow www.xenu-directory.net, than block www.xenu-directory.net)
Javascript must not be blocked for the page (www.raymondhill.net here)
Thus it won't happen if the script was never loaded, however I still consider this a serious bug: in that specific instance, HTTPSB doesn't do what it says it is doing.
Chrome doc says to call handlerBehaviorChanged(), but at the same time they say it "shouldn't be called often"... So I will have to find a solution which doesn't rely on handlerBehaviorChanged(), as there is no way I can control what the user does.
I will have to consider beforeload event.
The text was updated successfully, but these errors were encountered:
Trying to figure something else. Maybe I don't have the choice but use handlerBehaviorChanged(). If I do it in a very smart way, like using it only when a script object was formerly allowed is now being blocked.
Above is wrong. Problem is that for an embedded web page in an iframe, Content-Security-Policy directive with a value script-src 'none' on the embedded web page doesn't work. The sandbox value must be used instead for the CSP header of the iframe itself.
Test case:
http://www.raymondhill.net/httpsb/httpsb-test-js-1.html
www.raymondhill.net
andwww.xenu-directory.net
Javascript works, as expected.
www.xenu-directory.net
Javascript is blocked for the static reference to external file on blacklisted host, but (curiously) runs for dynamic reference to blacklisted host.
No explicit web request was fired by chromium for the dynamically constructed javascript tag. This must be the reason:
http://developer.chrome.com/extensions/webRequest.html#caching
Although I have no idea why the static reference would not also sit in the in-memory cache..
Conditions for this bug to happen:
www.xenu-directory.net
, than blockwww.xenu-directory.net
)www.raymondhill.net
here)Thus it won't happen if the script was never loaded, however I still consider this a serious bug: in that specific instance, HTTPSB doesn't do what it says it is doing.
Chrome doc says to call
handlerBehaviorChanged()
, but at the same time they say it "shouldn't be called often"... So I will have to find a solution which doesn't rely onhandlerBehaviorChanged()
, as there is no way I can control what the user does.I will have to consider
beforeload
event.The text was updated successfully, but these errors were encountered: