Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

bookmarklet not allowed to run on some sites #30

Open
titaniumbones opened this issue Oct 16, 2018 · 2 comments
Open

bookmarklet not allowed to run on some sites #30

titaniumbones opened this issue Oct 16, 2018 · 2 comments
Assignees
@alphapapa

Comments

@titaniumbones
Copy link

Using org-mode and emacs from recent git, up-to-date org-protocol-capture-html, with firefox nightly & a current Arch Linux.

emacsclient "org-protocol://capture-html?template=w&url=http:%2F%2Flocalhost%2Findex.html&title=The%20title&body=hello" produces a capture buffer perfectly (yay!), as does loading this URL in the Firefox address bar:

org-protocol://capture-html?template=w&url=http:%2F%2Flocalhost%2Findex.html&title=The%20title&body=<b>hello</b>

However, trying to test out the bookmarklets in a page from github gives the following error in the FF console:

Content Security Policy: The page’s settings blocked the loading of a resource at inline (“script-src”).

Not sure if this is perhaps actually a bug in firefox (cf this bug report , but also this blogpost about the general issue ).

it's a bummer but the package still seems to mostly work!
@alphapapa
Copy link
Owner

Thanks for reporting. I'll look at the links when I get a chance.

I don't know if anything can be done. Firefox is becoming less and less useful, and we seem to be headed for a new "dark age" of web browsers. Mozilla doesn't care about empowering users anymore, and this is a great example: allowing web sites to control what users can do in their browsers. It's disgraceful. I would hope that there's a hidden setting, but that blog post doesn't mention one...

Really, Mozilla doesn't care about what users want, they just want to imitate Chrome to steal some of Chrome's users--who might as well just keep using Chrome. And Mozilla isn't a great company either; even if you are concerned about using a browser made by Google, Mozilla gets lots of money from Google, has for years, and Mozilla's own privacy record is not good. So it looks like browsers are going to keep getting worse for a while.

Anyway, I find myself doing more browsing (of text-based pages, anyway) in Emacs when I can. Check out org-web-tools if you haven't seen it.

Thanks.

@alphapapa alphapapa self-assigned this Oct 16, 2018
@maxnikulin
Copy link

Perhaps this issue is obsolete. Despite the bug mention by the reporter is still open, another fix allowed bookmarklets that do not inject external scripts: 1478037 - Allow bookmarklets to run even when the CSP on the page would normally block javascript: execution (Firefox-69 2019-05-31 14:56 PDT).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@alphapapa alphapapa

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@titaniumbones @alphapapa @maxnikulin