Opened on 08/20/2018 at 03:09:23 PM
Last modified on 08/21/2018 at 04:11:48 AM
#6872 new defect
$genericblock filter applies to domain specific $csp filter
Reported by: | Ross | Assignee: | |
---|---|---|---|
Priority: | Unknown | Milestone: | |
Module: | Unknown | Keywords: | |
Cc: | kzar, sebastian, hfiguiere, mjethani | Blocked By: | |
Blocking: | Platform: | Unknown / Cross platform | |
Ready: | no | Confidential: | no |
Tester: | Unknown | Verified working: | no |
Review URL(s): |
Description
Environment
ABP 3.2.0.2103
Chrome 68 / 55 / 49 / Windows 10
Firefox 61 / 55 / 51 / Windows 10
Also occurs in 3.2.
How to reproduce
- Add filter *$csp=script-src 'none'
- Navigate to https://testpages.adblockplus.org/en/filters/script
- Add filter @@||testpages.adblockplus.org^$genericblock
- Refresh script test page.
- Remove all filters.
- Add filter ||testpages.adblockplus.org^$csp=script-src 'none'
- Refresh script test page
- Add filter @@||testpages.adblockplus.org^$genericblock
- Refresh test page.
Observed behaviour
At Step 9, the script is no longer blocked by the domain specific $csp filter.
Expected behaviour
According to #5241, the $genericblock filter option should only apply to generic $csp filters.
Attachments (0)
Change History (7)
comment:1 Changed on 08/20/2018 at 03:14:07 PM by Ross
comment:2 Changed on 08/20/2018 at 04:16:34 PM by mjethani
This may not be a bug after all. I think the definition of "generic" is a filter that doesn't have a $domain option, which is true in this case.
comment:3 Changed on 08/20/2018 at 04:29:02 PM by Ross
I thought that might be the case too, however that does not match with how genericblock interacts with normal blocking filters.
The following two filters:
header-logo.svg$domain=testpages.adblockplus.org,
testpages.adblockplus.org/images/header-logo.svg
are both not whitelisted by:
@@||testpages.adblockplus.org^$genericblock
comment:4 follow-up: ↓ 5 Changed on 08/20/2018 at 04:35:47 PM by mjethani
Can you remove the domain-specific filter there and see if the request is still blocked?
comment:5 in reply to: ↑ 4 Changed on 08/20/2018 at 04:36:09 PM by mjethani
Replying to mjethani:
Can you remove the domain-specific filter there and see if the request is still blocked?
I mean the first one.
comment:6 Changed on 08/20/2018 at 08:50:45 PM by Ross
With just header-logo.svg, it is blocked, then whitelisted by the $genericblock as expected (If that's what you meant?)
comment:7 Changed on 08/21/2018 at 04:11:48 AM by mjethani
header-logo.svg$domain=testpages.adblockplus.org testpages.adblockplus.org/images/header-logo.svg
Yes, so what's happening with these two blocking filters is that only one of them is being ignored by $genericblock (the generic one of course, i.e. the second one) and the other one is applying. This is what I expected. This issue report says that ||testpages.adblockplus.org^$csp=script-src 'none' is a domain-specific filter, but it is not, and this is consistent with the above two filters that you shared.
This also occurs in 3.2 so is not a regression.