Opened on 08/26/2016 at 08:34:18 AM

Closed on 11/14/2016 at 01:30:48 PM

Last modified on 01/15/2017 at 09:32:10 AM

#4368 closed defect (fixed)

ABP doesn't catch popups redirecting with a base64 encoded URL

Reported by: arthur Assignee: trev
Priority: P1 Milestone: Adblock-Plus-2.8.2-for-Firefox
Module: Adblock-Plus-for-Firefox Keywords:
Cc: trev, mapx, fanboy Blocked By:
Blocking: Platform: Firefox
Ready: yes Confidential: no
Tester: Ross Verified working: yes
Review URL(s):

https://codereview.adblockplus.org/29362515/

Description (last modified by trev)

Environment

Windows 10 Pro
Firefox 48.0.2
ABP 2.7.3.4197

How to reproduce

  1. Go to https://eztv.ag/
  2. Open the list of blockable items
  3. Click anywhere

Observed behaviour

The (blocked) popup isn't listed in the blockable items.

Expected behaviour

It should appear in the blockable items. Popup blocking itself seems to work though.

What to change

Make sure that whitelisted schemes don't affect pop-up blocking, so that a pop-up can be blocked regardless of the scheme used.

Attachments (0)

Change History (16)

comment:1 Changed on 08/26/2016 at 08:35:35 AM by arthur

  • Cc trev added

comment:2 Changed on 08/26/2016 at 09:27:30 AM by mapx

  • Cc mapx added

comment:3 Changed on 09/19/2016 at 12:50:06 PM by mapx

  • Cc fanboy added

comment:4 Changed on 09/25/2016 at 02:58:15 PM by mapx

a lot of big players are using this method now to push on there popups

Last edited on 09/25/2016 at 02:59:02 PM by mapx

comment:5 Changed on 10/14/2016 at 09:41:09 PM by fanboy

Regression range: 

Adblock Plus 2.7.3.4196-beta   2016-07-19 19:20 UTC 	GOOD
Adblock Plus 2.7.3.4197-beta   2016-08-16 13:50 UTC 	BAD

Possibly caused by: https://hg.adblockplus.org/adblockplus/rev/368c64d2955a

comment:6 Changed on 10/15/2016 at 09:19:10 PM by trev

Yes, we fixed a bug in #4335 which created the current behavior - but what we have now is correct. Pop-up blocking was never supposed to block redirects, this is #2095. If anything, we might want to ignore extensions.adblockplus.whitelistschemes setting for pop-up blocking so that data: pop-ups can be blocked as well.

comment:7 Changed on 10/15/2016 at 10:21:41 PM by fanboy

As witness to it, the data: popups are being used heavily on many porn/filesharing and torrent websites. If we can, just do something to stop the data: popups it was certainly noticeable things wern't being blocked anymore. I haven't seen any legit data: popups yet.

Pity #2095 is 20 months old with no action or a patch :/

comment:8 Changed on 11/14/2016 at 12:46:33 PM by trev

  • Description modified (diff)
  • Owner set to trev
  • Priority changed from Unknown to P1
  • Ready set

comment:9 Changed on 11/14/2016 at 12:49:20 PM by trev

  • Review URL(s) modified (diff)
  • Status changed from new to reviewing

comment:10 Changed on 11/14/2016 at 01:30:02 PM by abpbot

A commit referencing this issue has landed:
Issue 4368 - Ignore whitelisted schemes for pop-ups

comment:11 Changed on 11/14/2016 at 01:30:48 PM by trev

  • Milestone set to Adblock-Plus-for-Firefox-next
  • Resolution set to fixed
  • Status changed from reviewing to closed

comment:12 Changed on 11/18/2016 at 09:59:43 AM by Ross

How should this appear in the blockable items list if working correctly? Is it that the filter ##a[href][target="_blank"] was not appearing in the list?

comment:13 Changed on 11/18/2016 at 10:15:58 AM by mapx

if you test eztv, you'll get

|data:$popup,domain=eztv.ag

item address:
data:text/html;base64,PGh0bWw+PGJvZHk+PHNjcmlwdD52YXIgZT0obmV3IERhdGUpLmdldFRpbWUoKTt2YXIgZWZ3PXdpbmRvdy5uYW1lLnNwbGl0KCdfJylbM107aWYoZS1lZnc8MjUwKXt3aW5kb3cubG9jYXRpb249Jyc7fTwvc2NyaXB0PjwvYm9keT48L2h0bWw+

comment:14 Changed on 11/18/2016 at 12:01:17 PM by Ross

  • Tester changed from Unknown to Ross
  • Verified working set

Thank you, I realised I was also using the wrong ABP version to test with.

This is fixed. Tested on eztv and several other torrent/porn sites. Popups are blocked and appear in the blockable items list.

Firefox 38 / 49 / Windows 7
Firefox Nightly 53.0a1 (2016-11-17) / Windows 7

comment:15 Changed on 01/15/2017 at 02:41:12 AM by fanboy

This bug has reared its head again. 2.7.3.4196-beta can shut down these popups, current -dev cannot.

Popups are being generated with the following:

javascript:window.opener=null;setTimeout(function(){window.location.href='http://dearerfonder.info/SDl1Q2N3HwEqB3UPRXBReQlTMQYsBERlAipNSHFFPgREbVJ4F0JtVX4fAH5SfwBBIAB/XBR6V30AECYCcABFdFsqCRcnACxbQnVQKh8TMF55HxwlXngfBi5efAhTKF5uSxAlXiBNATNGe3hQcSVtCzM0FD8XFyoXPlARbRAwHEcFBSFVEGZRDltMelctXUVzW3wORXVFK01IdEUrTRZ+Wm5KATBeeR8aMBF1TgI0TSpQATUKLBcGO0U4Sxt+U24='},250)

(As seen on eztv.ag)

|javascript:*setTimeout*location.href$popup

This works well in 2.7.3.4196-beta, just not in current-dev.

comment:16 Changed on 01/15/2017 at 09:32:10 AM by mapx

https://issues.adblockplus.org/ticket/4800

Add Comment

Modify Ticket

Change Properties
Action
as closed .
The resolution will be deleted. Next status will be 'reopened'.
to The owner will be changed from trev.
AttachmentsDescription
 
Note: See TracTickets for help on using tickets.