Anti "No JS, no page for you!" countermeasures?
Anti "No JS, no page for you!" countermeasures?
I run no-script on firefox because I don't want any random page I visit to be able to run whatever unknown crap they want on my system without my permission.
But doing this invokes a big annoyance: pages that work fine with no javascript, but redirect your browser to a "you need to turn on javascript for this page to work!" page. Is there anything I can do to eliminate these pages? I have adblock plus as well, obviously.
But doing this invokes a big annoyance: pages that work fine with no javascript, but redirect your browser to a "you need to turn on javascript for this page to work!" page. Is there anything I can do to eliminate these pages? I have adblock plus as well, obviously.
- Tunnelcat
- DBB Grand Master
- Posts: 13740
- Joined: Sat Mar 24, 2007 12:32 pm
- Location: Pacific Northwest, U.S.A.
Re: Anti "No JS, no page for you!" countermeasures?
I run it too and I've also run into this problem. I'm of the opinion now that if they want to force me to run JS and I don't trust their stupid page, it isn't worth the view. However, for cases like this, I decided to install Malwarebytes Anti-Exploit, just to be a little less worried if I accidentally get weak and allow JS in that instance. So far, it's working fine on my system and it hasn't hit any websites with zero day exploits from ads or anywhere else so far. But surfing the web is like walking through a minefield, so I try to tread carefully. You never know when your going to step on one even if you're trying to avoid them.
Cat (n.) A bipolar creature which would as soon gouge your eyes out as it would cuddle.
- Krom
- DBB Database Master
- Posts: 16137
- Joined: Sun Nov 29, 1998 3:01 am
- Location: Camping the energy center. BTW, did you know you can have up to 100 characters in this location box?
- Contact:
Re: Anti "No JS, no page for you!" countermeasures?
As long as the page renders fine I'm pretty sure you can use request policy or another plugin like it to deny the redirect.
- TigerRaptor
- DBB Fleet Admiral
- Posts: 2693
- Joined: Tue Feb 01, 2000 6:00 am
Re: Anti "No JS, no page for you!" countermeasures?
sandboxing doesn't address the issue of running random code.
Re: Anti "No JS, no page for you!" countermeasures?
I'll give Request Policy a shot.
Re: Anti "No JS, no page for you!" countermeasures?
Request policy is great and I'm gonna keep it, but it is not a countermeasure for those "no js? ★■◆● you!" pages.
How do they do that anyway?
How do they do that anyway?
- Sergeant Thorne
- DBB Material Defender
- Posts: 4641
- Joined: Sun Nov 25, 2001 3:01 am
- Location: Indiana, U.S.A.
Re: Anti "No JS, no page for you!" countermeasures?
Maybe a server-side redirect after JS fails to flips a switch? I wonder if the use of AJAX might be the biggest reason for this sort of thing.Avder wrote:How do they do that anyway?
- Krom
- DBB Database Master
- Posts: 16137
- Joined: Sun Nov 29, 1998 3:01 am
- Location: Camping the energy center. BTW, did you know you can have up to 100 characters in this location box?
- Contact:
Re: Anti "No JS, no page for you!" countermeasures?
I wonder if the "noredirect" addon would be able to do this.
The other possibility that I've seen is the "no java no page" is actually the plain text of the page and the site uses java to hide it which then displays what is underneath it normally. I've seen that trick used to both show annoying "don't use ad blockers" stuff and whole page "java is disabled" warnings. In which case they can be defeated by the stylish addon, just pull up the web development console and narrow down the element, then use stylish to set a custom style with "display:none !important" for that element, it will go away and you will be able to read what was hidden under it. You could also do that with greasemonkey if you already use that. (Greasemonkey is the ultimate addon for screwing with page content client side and can pretty much do anything. Stylish is a little more limited in that it can only really mess with the stylesheets instead of being able to inject your own java code/application/anything else into the page wholesale like greasemonkey can, but that also makes Stylish a lot easier to use.)
The other possibility that I've seen is the "no java no page" is actually the plain text of the page and the site uses java to hide it which then displays what is underneath it normally. I've seen that trick used to both show annoying "don't use ad blockers" stuff and whole page "java is disabled" warnings. In which case they can be defeated by the stylish addon, just pull up the web development console and narrow down the element, then use stylish to set a custom style with "display:none !important" for that element, it will go away and you will be able to read what was hidden under it. You could also do that with greasemonkey if you already use that. (Greasemonkey is the ultimate addon for screwing with page content client side and can pretty much do anything. Stylish is a little more limited in that it can only really mess with the stylesheets instead of being able to inject your own java code/application/anything else into the page wholesale like greasemonkey can, but that also makes Stylish a lot easier to use.)
- TigerRaptor
- DBB Fleet Admiral
- Posts: 2693
- Joined: Tue Feb 01, 2000 6:00 am
Re: Anti "No JS, no page for you!" countermeasures?
Krom what do you think of uMatrix and uBlock Origin? I don't use them in Firefox because of NoScript, Adblock Plus and Ghostery. But I'm currently using them in Google Chrome. Both of them together definitely make differences.
Thanks for clearing that up. I was thinking of something else.fliptw wrote:sandboxing doesn't address the issue of running random code.