hwk603
commented
8 years ago Same here , On Windows 10 , https 2016.9.1
Closed escape0707 closed 7 years ago
hwk603
commented
8 years ago Same here , On Windows 10 , https 2016.9.1
Artoria2e5
commented
8 years ago http://tajs.qq.com/stats?sId=9156259&_=1473883615714
Failed to load resource: net::ERR_BLOCKED_BY_CLIENT
stat.php?id=2724999&web_id=2724999&_=1473883615711:16
Failed to execute 'write' on 'Document': It isn't possible to write into a document from an asynchronously-loaded external script unless it is explicitly opened.
https://hzs11.cnzz.com/stat.htm?id=2724999&r=&lg=en-us&ntime=1473602138&cnz…4%E5%93%A9%E5%BC%B9%E5%B9%95%E8%A7%86%E9%A2%91%E7%BD%91&h=1&rnd=1196376936
Failed to load resource: net::ERR_TIMED_OUT
VM44 extensions::uncaught_exception_handler:8 Error in event handler for (unknown): TypeError: Cannot read property 'url' of undefined
at chrome-extension://kpbnombpnpcffllnianjibmpadjolanh/bilibili_injected.min.js:2:4148However, hzs11.cnzz.com is not in the rule.
After looking into the source for this page, I found some boring write-to-html style eval:
$('<scr'+'ipt type="text/javascript" src="http://s11.cnzz.com/stat.php?id=2724999&web_id=2724999" charset="UTF-8"></scri'+'pt>').appendTo('body'); The link shows a obfuscated JS on visit (which -- well -- takes you to that hzs11 site eventually). JSNice does not seem to help. Naive eval-substitution on other pages seems to do no good (takes me back to c.cnzz.com script, cookie check?), so I guess I will need to do that on the page itself...
And in fact, visiting the script through HTTPS and HTTP produces different scripts. The string literal "http://" near the end of the file changes to "https://" in HTTPS. Sounds like a redirection implemented improperly.
/stat.php?id=2724999&web_id=2724999:
And yes, I have to say that it is rare to see a site that doesn't function without tracking scripts loaded...
Artoria2e5
commented
8 years ago And yes, my personal suggestion is to ditch all of the s\d+\.cnzz\.com domains. I guess being able to work with HTTPS is some kind of undocumented function for cnzz.
PS: This issue occasionally fail to reproduce. Nobody knows...
gloomy-ghost
commented
8 years ago I tried to open the link in incognito mode, which allows me to disable all extensions except https-everywhere. The video successfully loaded:
Furthermore, CNZZ has official support of https. Look here: http://help.cnzz.com/support/kuaisuanzhuangdaima/changjianwenti/2013/0902/25.html
Found the Failed to execute 'write' on 'Document' error you said, it could occur without any extensions. So I think it is a problem that CNZZ has to worry about.
Artoria2e5
commented
8 years ago I know that one occurs anyway. But the s11 server being too clever is… meh.
gloomy-ghost
commented
8 years ago The timeout of hzs11.cnzz.com does not really break bilibili. Visitors won't care about the site and third-party trackers are unable to track them :)
I sent an email to both cnzz and bilibili. Hope they will look it up...
BTW, bilibili is not only using cnzz (It also has own trackers). They should do something if the data deviation of cnzz is unacceptable and they care about it.
gloomy-ghost
commented
7 years ago hdslb.com is breaking live videos (e.g. http://live.bilibili.com/204600) now... Found nothing about hdslb.com on console when the ruleset is enabled though.
gloomy-ghost
commented
7 years ago gloomy-ghost
commented
7 years ago I believe this has been fixed, but please feel free to reopen if anyone is able to reproduce it.
Here's an example link: http://www.bilibili.com/video/av6050274/ . On Windows 10, if I visit the URL in Chrome, the video won't play and instead I see a white screen that says
Loading (100%).... If I disable theAdobe.comrule, the video will work. If I visit the URL in Firefox, the video plays right away, and theAdobe.comdoesn't even appear underEnable / Disable Rules. TheCnzz.comruleset doesn't seem related.