Opened 14 months ago

Last modified 14 months ago

#6872 new defect

$genericblock filter applies to domain specific $csp filter

Reported by: Ross Assignee:
Priority: Unknown Milestone:
Module: Unknown Keywords:
Cc: kzar, sebastian, hfiguiere, mjethani Blocked By:
Blocking: Platform: Unknown / Cross platform
Ready: no Confidential: no
Tester: Unknown Verified working: no
Review URL(s):

Description

Environment

ABP 3.2.0.2103
Chrome 68 / 55 / 49 / Windows 10
Firefox 61 / 55 / 51 / Windows 10

Also occurs in 3.2.

How to reproduce

  1. Add filter *$csp=script-src 'none'
  2. Navigate to https://testpages.adblockplus.org/en/filters/script
  3. Add filter @@||testpages.adblockplus.org^$genericblock
  4. Refresh script test page.
  5. Remove all filters.
  6. Add filter ||testpages.adblockplus.org^$csp=script-src 'none'
  7. Refresh script test page
  8. Add filter @@||testpages.adblockplus.org^$genericblock
  9. Refresh test page.

Observed behaviour

At Step 9, the script is no longer blocked by the domain specific $csp filter.

Expected behaviour

According to #5241, the $genericblock filter option should only apply to generic $csp filters.

Change History (7)

comment:1 Changed 14 months ago by Ross

This also occurs in 3.2 so is not a regression.

comment:2 Changed 14 months ago by mjethani

This may not be a bug after all. I think the definition of "generic" is a filter that doesn't have a $domain option, which is true in this case.

comment:3 Changed 14 months ago by Ross

I thought that might be the case too, however that does not match with how genericblock interacts with normal blocking filters.

The following two filters:
header-logo.svg$domain=testpages.adblockplus.org,
testpages.adblockplus.org/images/header-logo.svg

are both not whitelisted by:
@@||testpages.adblockplus.org^$genericblock

comment:4 follow-up: Changed 14 months ago by mjethani

Can you remove the domain-specific filter there and see if the request is still blocked?

comment:5 in reply to: ↑ 4 Changed 14 months ago by mjethani

Replying to mjethani:

Can you remove the domain-specific filter there and see if the request is still blocked?

I mean the first one.

comment:6 Changed 14 months ago by Ross

With just header-logo.svg, it is blocked, then whitelisted by the $genericblock as expected (If that's what you meant?)

comment:7 Changed 14 months ago by mjethani

header-logo.svg$domain=testpages.adblockplus.org
testpages.adblockplus.org/images/header-logo.svg

Yes, so what's happening with these two blocking filters is that only one of them is being ignored by $genericblock (the generic one of course, i.e. the second one) and the other one is applying. This is what I expected. This issue report says that ||testpages.adblockplus.org^$csp=script-src 'none' is a domain-specific filter, but it is not, and this is consistent with the above two filters that you shared.

Note: See TracTickets for help on using tickets.