Block "document.location" Javascript redirect on one page

2

1

I have a site where I want to prevent the page from reloading using a document.location in a script tag. How can I do this in Firefox?

zacharyliu

Posted 2009-11-03T04:32:05.347

Reputation: 1 675

Answers

2

Actually, Greasemonkey will not block if the HTML code contains an inline javascript block with a redirect like so:

<script type="text/javascript">
var url = "http://google.com";
document.location.replace(url);
</script>

Greasemonkey, however can be used to block calls to specific functions -- just overwrite them :). If the above were wrapped into a function call like so:

<script type="text/javascript">
function redirect_to(url)
{
  document.location.replace(url);
}
</script>

Then you could just redefine the function in Greasemonkey:

function redirect_to(url){ return true }

Block inline redirects via Firefox

Essentially Firefox makes it possible to block any DOM manipulation like location.href.replace from a specific site via so-called: Configurable Security Policies (CAPS)

A word of warning: Note that your security settings will then block ALL calls from that domain for location.href.replace. If any application makes use of that call, there is no way to allow some of the calls and block others.

Setting up CAPS to block location.href.replace

You do not need Greasemonkey for this task. Firefox comes with a built-in capability for allowing/disallowing access to properties/methods of DOM Objects on a per-site basis. It is called Configurable Security Policies (CAPS) and it is described in 1.

A short guide assuming the simplest case:

  1. Close Firefox
  2. Locate your profile folder
  3. Locate the file user.js within this folder. If it does not exist, create it with a text editor (Notepad, vim, etc.)

  4. Add the following lines to user.js:

    user_pref("capability.policy.policynames", "noframebuster"); user_pref("capability.policy.noframebuster.sites", "http://www.annoying-site.com"); user_pref("capability.policy.noframebuster.Location.replace", "noAccess");

Of course, you will have to replace the domain with the one you want to prevent from redirecting your frames.

Find a more thorough explanation from my blog (justaddwater.dk): Firefox Tip For Framebuster JavaScript.

Jesper Rønn-Jensen

Posted 2009-11-03T04:32:05.347

Reputation: 5 450

1

If you're comfortable using a debugging feature present in Firefox, the watch method works for me:

document.watch('location', function() {
    return '#';
});

I'm not sure about the applicability of the warnings about performance, etc. over at MDN, perhaps someone has some insight into these in this situation.

Andrew Siplas

Posted 2009-11-03T04:32:05.347

Reputation: 121

0

Try the YesScript extention.

YesScript lets you make a blacklist of sites that aren't allowed to run JavaScript.

Sky

Posted 2009-11-03T04:32:05.347

Reputation: 1

0

The GreaseMonkey add-on for Firefox is designed to do exactly that.

CarlF

Posted 2009-11-03T04:32:05.347

Reputation: 8 576

Actually, greasemonkey will not do that if the script block is inline. Se my additional answer – Jesper Rønn-Jensen – 2010-05-06T10:48:59.883

I don't know how to configure it to remove inline scripts. – zacharyliu – 2009-11-03T23:01:49.607

Can you edit your question to show the actual script you want to block? – CarlF – 2009-11-04T06:59:42.850

Asked: 2009-11-03T04:32:05.347

Viewed: 14 259 times

Active: 2015-12-08T21:27:37.463