Anti "No JS, no page for you!" countermeasures?

[Avder]

I run no-script on firefox because I don't want any random page I visit to be able to run whatever unknown crap they want on my system without my permission.

But doing this invokes a big annoyance: pages that work fine with no javascript, but redirect your browser to a "you need to turn on javascript for this page to work!" page. Is there anything I can do to eliminate these pages? I have adblock plus as well, obviously.

[Tunnelcat]

I run it too and I've also run into this problem. I'm of the opinion now that if they want to force me to run JS and I don't trust their stupid page, it isn't worth the view. However, for cases like this, I decided to install Malwarebytes Anti-Exploit, just to be a little less worried if I accidentally get weak and allow JS in that instance. So far, it's working fine on my system and it hasn't hit any websites with zero day exploits from ads or anywhere else so far. But surfing the web is like walking through a minefield, so I try to tread carefully. You never know when your going to step on one even if you're trying to avoid them.

[Krom]

As long as the page renders fine I'm pretty sure you can use request policy or another plugin like it to deny the redirect.

[TigerRaptor]

Mozilla has been working on sandboxing.

https://wiki.mozilla.org/Security/Sandbox

[fliptw]

sandboxing doesn't address the issue of running random code.

[Avder]

I'll give Request Policy a shot.

[Avder]

Request policy is great and I'm gonna keep it, but it is not a countermeasure for those "no js? ★■◆● you!" pages.

How do they do that anyway?

[Sergeant Thorne]

How do they do that anyway?

Maybe a server-side redirect after JS fails to flips a switch? I wonder if the use of AJAX might be the biggest reason for this sort of thing.

[Krom]

I wonder if the "noredirect" addon would be able to do this.

The other possibility that I've seen is the "no java no page" is actually the plain text of the page and the site uses java to hide it which then displays what is underneath it normally. I've seen that trick used to both show annoying "don't use ad blockers" stuff and whole page "java is disabled" warnings. In which case they can be defeated by the stylish addon, just pull up the web development console and narrow down the element, then use stylish to set a custom style with "display:none !important" for that element, it will go away and you will be able to read what was hidden under it. You could also do that with greasemonkey if you already use that. (Greasemonkey is the ultimate addon for screwing with page content client side and can pretty much do anything. Stylish is a little more limited in that it can only really mess with the stylesheets instead of being able to inject your own java code/application/anything else into the page wholesale like greasemonkey can, but that also makes Stylish a lot easier to use.)

[TigerRaptor]

Krom what do you think of uMatrix and uBlock Origin? I don't use them in Firefox because of NoScript, Adblock Plus and Ghostery. But I'm currently using them in Google Chrome. Both of them together definitely make differences.

sandboxing doesn't address the issue of running random code.

Thanks for clearing that up. I was thinking of something else.