disable-javascript
disable-javascript copied to clipboard
Security issue: Fails to block JS from webworkers
Just tried this plugin out after i got tired of no hotkey's in No-script plugin.
But disable-javascript
failed to block already loaded webworkers, meaning if i temporarily enable
JS on a domain and then toggle it off again - Any webworkers registered during that pageload will continue to run unrestricted.
Content Security Policy: Directive ‘child-src’ has been deprecated. Please use directive ‘worker-src’ to
control workers, or directive ‘frame-src’ to control frames respectively.
Hi @telamon!
Thanks for your report. I tried to reproduce the bug you've described but wasn't sucessful. I tried the following:
- Visit https://www.w3schools.com/html/tryit.asp?filename=tryhtml5_webworker
- Click on "Start Worker"
- Disable JS
-> The page gets reloaded with JS disabled, the worker doesn't run.
Could you give me additional information on how to reproduce this bug? I would need:
- Your Disable JavaScript settings
- Your used browser and OS
- The website with the web worker
I will then try to recreate the bug. Thanks for your help!
@dpacassi Thanks for marking it up, I'm trying to remember what page i encountered and replicated this bug on. Should probably have mentioned that in the original post... I'll drop another comment if i encouter it again.