Inline script tag filtering - Concrete examples of usefulness

[flyingzebras]

Pornhub.com have Global Alexa Rank 65 at this writing.

Can you please add how to block the popunder for pornhub.com in https://github.com/gorhill/uBlock/wiki/Inline-script-tag-filtering#concrete-examples-of-usefulness ?

What do you think about adding https://adblockplus.org/forum/viewtopic.php?t=27067 as reference to the text: "http://dayt.se/forum/activity.php: dayt.se##script:contains(adBlockDetected) (see "Blocking FuckAdblock")" in https://github.com/gorhill/uBlock/wiki/Inline-script-tag-filtering#concrete-examples-of-usefulness ?

[gorhill]

Can you please add how to block the popunder for pornhub.com in https://github.com/gorhill/uBlock/wiki/Inline-script-tag-filtering#concrete-examples-of-usefulness ?

Interesting challenge, will see what can be done -- if something can be done with the new filter. Can you give me a specific URL on that site for which the issue occur for sure, I don't feel like hunting for a test case -- I just need one URL.

[flyingzebras]

@gorhill Just click on any video on pornhub.com to trigger a popunder. In fact, this mechanism is used for all popunder in sites of the the whole Pornhub NETWORK (pornhub.com, redtube.com, etc)!

[gorhill]

Does this work?

www.pornhub.com##script:contains(FastPopSessionRequestNumber)

[flyingzebras]

@gorhill Amazing, that worked in uBlock Origin 1.2.0 with over 400k daily users on AMO at this writing! Congratulations to be the first developer to ever have blocked inline scripting AFAIK!

Can you please add ||pornhub.com##script:contains(FastPopSessionRequestNumber) to any uBlock filter and confirm?

[gorhill]

Ok, added pornhub.com##script:contains(FastPopSessionRequestNumber) (leading double pipes are not a valid cosmetic filter syntax).

Even with this new filter, just a reminder this it is still a cat and mouse game between sites/blockers -- the new inline script tag filter is just one more tool on the blocker side.

[flyingzebras]

@gorhill

Also, can you please write about this in

• https://forums.lanik.us/viewtopic.php?f=62&t=22848
• https://issues.adblockplus.org/ticket/2095#comment:16
• Related GitHub issue pages.

[flyingzebras]

@gorhill Thank you.

Where did you add pornhub.com##script:contains(FastPopSessionRequestNumber)

[gorhill]

can you please write about this in

Not sure I want to "advertise" this on EasyList forum, I wouldn't be surprised if the site's owners have people monitoring the latest solutions in there against their pop-under "feature".

[gorhill]

Where did you add ...

It's in https://github.com/gorhill/uBlock/blob/master/assets/ublock/filters.txt.

[flyingzebras]

@gorhill Thank you.

Is it ok if I give you code to block popunders for the rest of the Pornhub NETWORK in https://github.com/gorhill/uBlock/blob/master/assets/ublock/filters.txt ?

[gorhill]

Is it ok if I give you code to block popunders for the rest of the Pornhub NETWORK

If you can confirm it works for all of them -- that will save me having to check.

[flyingzebras]

@gorhill MindGeek domains using FastPopSessionRequestNumber

extremetube.com|gaytube.com|mofosex.com|pornhub.com|redtube.com|spankwire.com|thumbzilla.com|tube8.*|xtube.com|youporn.com|youporngay.com##script:contains(FastPopSessionRequestNumber)

I recommend that you add them to https://github.com/gorhill/uBlock/blob/master/assets/ublock/badware.txt per https://en.wikipedia.org/wiki/MindGeek#Malvertising. What do you think about it?

[gorhill]

Added suggested filter. FYI, I had to edit your suggested filter:

• | is not a proper domain separator for cosmetic filters, a comma , is what needs to be used.
• I used a single entity specifier tube8.* in place of tube8.com, tube8.es, and tube8.fr.

[flyingzebras]

@gorhill Peter Lowe ignored adding these to his List:

[Aftermath: Wrong filter list]

[gorhill]

I see most of them in Peter Lowe's list. To be clear, I do not intend to become a filter list maintainer -- whatever I put in uBlock's filter lists is completely at my own discretion, I do not intend to take requests to add stuff in these lists, these requests should be directed to known filter list maintainers -- except for filters based on syntax extension (like the new inlien script tag filter).

[flyingzebras]

@gorhill Out of curiosity, why didn't you move extremetube.com,gaytube.com,keezmovies.com,mofosex.com,pornhub.com,redtube.com,spankwire.com,thumbzilla.com,tube8.*,xtube.com,youporn.com,youporngay.com##script:contains(FastPopSessionRequestNumber) to uBlock filters – Badware risks‎ (https://github.com/gorhill/uBlock/blob/master/assets/ublock/badware.txt). It matches the requirement documented in https://github.com/gorhill/uBlock/wiki/Badware-risks so it should be the appropriate file to put it in.

If you add the domains to https://github.com/gorhill/uBlock/wiki/Badware-risks then write the titles like this, "Pornhub NETWORK: Blank", to be able to keep track of what belongs to the Pornhub NETWORK and not. See https://github.com/lejenome/html5-video-everywhere/issues/41 for example.

[gorhill]

why didn't you move

Because this filter is to prevent spurious popunders, not warn of risk of badware ahead.

[Hrxn]

Short question:
This list https://github.com/gorhill/uBlock/blob/master/assets/ublock/filters.txt
is always active, with default settings, isn't it?

Because this could be a bit misleading, as I just read these Examples.

Try without, then with the respective inline script tag filter:

I guess this won't work then for users with current Firefox and uBlock0 versions.

I also noticed that these filters don't work in Chrome/Chromium, but this is correct, according to the same page (caveats).
I didn't notice that first, maybe don't put it at the end of the page, so this doesn't get overlooked

[gorhill]

Good points, I fixed the doc.

[flyingzebras]

@gorhill I guess it would be good to state in https://github.com/gorhill/uBlock/wiki/Badware-risks that "*.exe" files are the most common practice to spread malware files. What do you think?

[Hrxn]

That is true, I guess.

But, in my humble opinion, that is fundamental common sense of using the Internet. The Badware warning is to remind users to be cautious, it's not an exhaustive guide of using the Web safely.

uBlock0 is not Internet Basics 101, so this is out of scope for this project.
As I said, just my humble opinion on the matter.

[flyingzebras]

@gorhill pornhub.com popunders have been resurrected, despite that pornhub pages still use FastPopSessionRequestNumber. Can you fix this? Mabybe by modifying extremetube.com,gaytube.com,keezmovies.com,mofosex.com,pornhub.com,redtube.com,spankwire.com,thumbzilla.com,tube8.*,xtube.com,youporn.com,youporngay.com##script:contains(FastPopSessionRequestNumber) in ublock0/content/asset-viewer.html?url=assets/ublock/filters.txt

[gorhill]

I can't reproduce, works from here. Anything out of the ordinary with your environment?

[flyingzebras]

@gorhill Yes, I upgraded from IceCat 31 to IceCat 38. Nothing more than that.

[flyingzebras]

@gorhill However, the popunders are catched by strict blocking:

**
uBlock Origin has prevented the following page from loading:
http://ebocornac.com/fp.eng?id=7129f320-ce21-4b40-9d7e-37b1df8cf8f0&rand=95669&ver=asynch&time=-60&referrerUrl=&subId=&abr=true&res=1600x900&stdTime=60&fpe=1&curl=http%3A%2F%2Fwww.pornhub.com%2F&hosted=true

Because of the following filter

||ebocornac.com^
Found in: Peter Lowe’s Ad server list
**

Still annoying with the opened tab though.

[gorhill]

IceCat 38

What is the result of this test for IceCat 38?

[flyingzebras]

@gorhill

Summary

Harness status: OK

Found 4 tests
4 Pass

[flyingzebras]

@gorhill I downloaded and installed Trisquel 7 from trisquel.info and installed icecat with: apt-get update && apt-get install icecat. This is the absolutely safest way to make sure that one get the latest version of icecat as the maintainer of IceCat also is the lead developer of Trisquel.

Trisquel GNU/Linux can be used live from USB.

[flyingzebras]

@gorhill IceCat 38.3.0 is based on Firefox ESR. You can download and try the latest FF ESR here: https://ftp.mozilla.org/pub/firefox/releases/latest-esr/

[gorhill]

Ok I installed and investigated. The reason is simply that FF 38 API does not support process message managers, which is required in the current implementation of inline script tag filtering.

[flyingzebras]

@gorhill Thank you. I opened a new issue for that: #940

[flyingzebras]

@gorhill You introduced the popunder filter type in uBO 1.4.0.

In assets/ublock/filters.txt, should extremetube.com,gaytube.com,keezmovies.com,mofosex.com,pornhub.com,redtube.com,spankwire.com,thumbzilla.com,tube8.*,xtube.com,youporn.com,youporngay.com##script:contains(FastPopSessionRequestNumber) be merged to |http://$popunder,third-party,domain=xhamster.com?

Also, https://github.com/gorhill/uBlock/wiki/popunder is empty. I need it as a reference, should I look elsewhere?

[gorhill]

I can't see any popunders anymore on these sites, I may have to remove the corresponding script:contains filter. If you can confirm there is no more popunders, I just verified three of them.

[flyingzebras]

@gorhill FastPopSessionRequestNumber was removed from some sites including pornhub.com, but not from these sites: extremetube.com,gaytube.com,keezmovies.com,redtube.com,spankwire.com,tube8.*,youporn.com,youporngay.com##script:contains(FastPopSessionRequestNumber) However, keeping FastPopSessionRequestNumber on all sites as currently done ensures that you do not have to update the filter lists all the time.

The questions is, do the popunder filter type block FastPopSessionRequestNumber as well? Then extremetube.com,gaytube.com,keezmovies.com,mofosex.com,pornhub.com,redtube.com,spankwire.com,thumbzilla.com,tube8.*,xtube.com,youporn.com,youporngay.com##script:contains(FastPopSessionRequestNumber) should be merged to |http://$popunder,third-party,domain=xhamster.com.

[flyingzebras]

@gorhill Can you please add redtube.com.br to https://github.com/gorhill/uBlock/blob/master/assets/ublock/filters.txt, a new redtube.com site for Brazil.