I visited a rogue website that injects a "javascript:" command into my url bar and executes it. This is very problematic as not only does it bypass the local popup blocker, but it also bypasses NoScript and any other protection.
Is there any way to permanently disable this behavior? I'm not sure I quite understand why the url bar can execute javascript by default.
Need help - website injecting JavaScript into my URL bar
-
- New Member
- Posts: 1
- Joined: January 29th, 2017, 12:32 am
- Reflective
- Posts: 2283
- Joined: February 15th, 2007, 11:13 am
Re: Need help - website injecting JavaScript into my URL bar
Click File --> Work Offline. This will disconnect Firefox from the Internet.
Then on the menu at the top (hit the ALT key if you can't see it) click Help --> Troubleshooting information.
In the menu which opens, click "Refresh Firefox". This will reset FF to its default values. See this support page for more info: https://support.mozilla.org/en-US/kb/re ... d-settings
Finally, click File --> Work Offline again to remove the checkmark and allow Firefox to regain web access again.
I'd also advise you to download the trial version of Malwarebytes and perform a full system scan. After the free 14 day trial period is over, Malwarebytes reverts to the free version: https://www.malwarebytes.com/trial/
Then on the menu at the top (hit the ALT key if you can't see it) click Help --> Troubleshooting information.
In the menu which opens, click "Refresh Firefox". This will reset FF to its default values. See this support page for more info: https://support.mozilla.org/en-US/kb/re ... d-settings
Finally, click File --> Work Offline again to remove the checkmark and allow Firefox to regain web access again.
I'd also advise you to download the trial version of Malwarebytes and perform a full system scan. After the free 14 day trial period is over, Malwarebytes reverts to the free version: https://www.malwarebytes.com/trial/
- therube
- Posts: 21714
- Joined: March 10th, 2004, 9:59 pm
- Location: Maryland USA
Re: Need help - website injecting JavaScript into my URL bar
URLI visited a rogue website
By default, NoScript disallows javascript: (& data:) "URI", so that should not be happening.it also bypasses NoScript
It might display, but it should not "execute".
Code: Select all
javascript: alert('Hello, World!')
Fire 750, bring back 250.
Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball CopyURL+ FetchTextURL FlashGot NoScript
Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball CopyURL+ FetchTextURL FlashGot NoScript
- Grumpus
- Posts: 13246
- Joined: October 19th, 2007, 4:23 am
- Location: ... Da' Swamp
Re: Need help - website injecting JavaScript into my URL bar
You could also hit /Help/Report deceptive site - once you're on the site.
Depends on how onerous the script is.
Depends on how onerous the script is.
Doesn't matter what you say, it's wrong for a toaster to walk around the house and talk to you
- therube
- Posts: 21714
- Joined: March 10th, 2004, 9:59 pm
- Location: Maryland USA
Re: Need help - website injecting JavaScript into my URL bar
(Just yesterday, I happened to catch data: URI being "opened", not, & just paid it no mind. Maybe I'll see if I can catch it again?)
Fire 750, bring back 250.
Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball CopyURL+ FetchTextURL FlashGot NoScript
Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball CopyURL+ FetchTextURL FlashGot NoScript
-
- Posts: 1504
- Joined: October 1st, 2014, 3:25 pm