Opened on 08/26/2016 at 08:34:18 AM
Closed on 11/14/2016 at 01:30:48 PM
Last modified on 01/15/2017 at 09:32:10 AM
#4368 closed defect (fixed)
ABP doesn't catch popups redirecting with a base64 encoded URL
Reported by: | arthur | Assignee: | trev |
---|---|---|---|
Priority: | P1 | Milestone: | Adblock-Plus-2.8.2-for-Firefox |
Module: | Adblock-Plus-for-Firefox | Keywords: | |
Cc: | trev, mapx, fanboy | Blocked By: | |
Blocking: | Platform: | Firefox | |
Ready: | yes | Confidential: | no |
Tester: | Ross | Verified working: | yes |
Review URL(s): |
Description (last modified by trev)
Environment
Windows 10 Pro
Firefox 48.0.2
ABP 2.7.3.4197
How to reproduce
- Go to https://eztv.ag/
- Open the list of blockable items
- Click anywhere
Observed behaviour
The (blocked) popup isn't listed in the blockable items.
Expected behaviour
It should appear in the blockable items. Popup blocking itself seems to work though.
What to change
Make sure that whitelisted schemes don't affect pop-up blocking, so that a pop-up can be blocked regardless of the scheme used.
Attachments (0)
Change History (16)
comment:1 Changed on 08/26/2016 at 08:35:35 AM by arthur
- Cc trev added
comment:2 Changed on 08/26/2016 at 09:27:30 AM by mapx
- Cc mapx added
comment:3 Changed on 09/19/2016 at 12:50:06 PM by mapx
- Cc fanboy added
comment:4 Changed on 09/25/2016 at 02:58:15 PM by mapx
comment:5 Changed on 10/14/2016 at 09:41:09 PM by fanboy
Regression range:
Adblock Plus 2.7.3.4196-beta 2016-07-19 19:20 UTC GOOD Adblock Plus 2.7.3.4197-beta 2016-08-16 13:50 UTC BAD
Possibly caused by: https://hg.adblockplus.org/adblockplus/rev/368c64d2955a
comment:6 Changed on 10/15/2016 at 09:19:10 PM by trev
Yes, we fixed a bug in #4335 which created the current behavior - but what we have now is correct. Pop-up blocking was never supposed to block redirects, this is #2095. If anything, we might want to ignore extensions.adblockplus.whitelistschemes setting for pop-up blocking so that data: pop-ups can be blocked as well.
comment:7 Changed on 10/15/2016 at 10:21:41 PM by fanboy
As witness to it, the data: popups are being used heavily on many porn/filesharing and torrent websites. If we can, just do something to stop the data: popups it was certainly noticeable things wern't being blocked anymore. I haven't seen any legit data: popups yet.
Pity #2095 is 20 months old with no action or a patch :/
comment:8 Changed on 11/14/2016 at 12:46:33 PM by trev
- Description modified (diff)
- Owner set to trev
- Priority changed from Unknown to P1
- Ready set
comment:9 Changed on 11/14/2016 at 12:49:20 PM by trev
- Review URL(s) modified (diff)
- Status changed from new to reviewing
comment:10 Changed on 11/14/2016 at 01:30:02 PM by abpbot
A commit referencing this issue has landed:
Issue 4368 - Ignore whitelisted schemes for pop-ups
comment:11 Changed on 11/14/2016 at 01:30:48 PM by trev
- Milestone set to Adblock-Plus-for-Firefox-next
- Resolution set to fixed
- Status changed from reviewing to closed
comment:12 Changed on 11/18/2016 at 09:59:43 AM by Ross
How should this appear in the blockable items list if working correctly? Is it that the filter ##a[href][target="_blank"] was not appearing in the list?
comment:13 Changed on 11/18/2016 at 10:15:58 AM by mapx
if you test eztv, you'll get
|data:$popup,domain=eztv.ag
item address:
data:text/html;base64,PGh0bWw+PGJvZHk+PHNjcmlwdD52YXIgZT0obmV3IERhdGUpLmdldFRpbWUoKTt2YXIgZWZ3PXdpbmRvdy5uYW1lLnNwbGl0KCdfJylbM107aWYoZS1lZnc8MjUwKXt3aW5kb3cubG9jYXRpb249Jyc7fTwvc2NyaXB0PjwvYm9keT48L2h0bWw+
comment:14 Changed on 11/18/2016 at 12:01:17 PM by Ross
- Tester changed from Unknown to Ross
- Verified working set
Thank you, I realised I was also using the wrong ABP version to test with.
This is fixed. Tested on eztv and several other torrent/porn sites. Popups are blocked and appear in the blockable items list.
Firefox 38 / 49 / Windows 7
Firefox Nightly 53.0a1 (2016-11-17) / Windows 7
comment:15 Changed on 01/15/2017 at 02:41:12 AM by fanboy
This bug has reared its head again. 2.7.3.4196-beta can shut down these popups, current -dev cannot.
Popups are being generated with the following:
javascript:window.opener=null;setTimeout(function(){window.location.href='http://dearerfonder.info/SDl1Q2N3HwEqB3UPRXBReQlTMQYsBERlAipNSHFFPgREbVJ4F0JtVX4fAH5SfwBBIAB/XBR6V30AECYCcABFdFsqCRcnACxbQnVQKh8TMF55HxwlXngfBi5efAhTKF5uSxAlXiBNATNGe3hQcSVtCzM0FD8XFyoXPlARbRAwHEcFBSFVEGZRDltMelctXUVzW3wORXVFK01IdEUrTRZ+Wm5KATBeeR8aMBF1TgI0TSpQATUKLBcGO0U4Sxt+U24='},250)
(As seen on eztv.ag)
|javascript:*setTimeout*location.href$popup
This works well in 2.7.3.4196-beta, just not in current-dev.
a lot of big players are using this method now to push on there popups