-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Thu, Nov 12, 2015 at 10:46:23PM +0200, Safwat wrote:
> I am running NoScript + Iceweasel, and I observed something weird.
> Consider a Google search result which has this "a href" value:
>
> https://www.google.com/url?q=https://en.wikipedia.org/wiki/Hello_(Adele_song)&sa=U&ved=0CCsQFjAIahUKEwjPuq3H34vJAhWDWhQKHW7eCbA&usg=AFQjCNHJRKExeuRwwdFmAKkJ6dH7qv_TeQ
>
> When I hover my mouse over it, the value instantly changes to
> https://en.wikipedia.org/wiki/Hello_%28Adele_song%29
I'm not going to test that, since
(a) I excised Javascript out of my default browser profile and only
use a JS enabled profile in rare exceptions (yeah, some would
say I 'crippled' my browser. To each her own)
(b) I avoid Google as much as possible
but: are you sure that the "value" changes? Perhaps it's just the
visualization what changes, due to some CSS trickery? The way I
understand what you describe, this should be achievable without
Javascript (non-builtin, that is).
> This should be impossible with NoScript, nothing should be able to
> modify the DOM. Google is not white-listed.
>
> What's going on?
I'd have a look at the CSS. Perhaps that's it. And then, perhaps
NoScript isn't as watertight as it should be (there are enough
reasons to not dismiss *that* possibility, alas)
regards
- -- tomás
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iEYEARECAAYFAlZFynoACgkQBcgs9XrR2kbPWQCeNWO1NI8LgdeCRIofHlvsuDoi
pisAn0BMxBgrUVgzHoRs9Xwsyem0eYLI
=a9gL
-----END PGP SIGNATURE-----
