noscript icon indicating copy to clipboard operation
noscript copied to clipboard
verified publisher icon hackademix

Recent update breaks SVG files

Open glynnc opened this issue 1 month ago • 0 comments

Mozilla bug 2005357 turns out to be a NoScript issue.

Essentially, latest NoScript (updated 2025-12-09 ) nulls the onload= attribute in the root node for a SVG page loaded via a file: URI (security.fileuri.strict_origin_policy is set to false).

This used to work a few days ago (presumably before the update). It works with NoScript disabled. It works when loading from a https: URI (self-signed cert, no CSP headers are sent).

glynnc avatar Dec 11 '25 12:12 glynnc