Closed escape0707 closed 7 years ago
Same here , On Windows 10 , https 2016.9.1
http://tajs.qq.com/stats?sId=9156259&_=1473883615714
Failed to load resource: net::ERR_BLOCKED_BY_CLIENT
stat.php?id=2724999&web_id=2724999&_=1473883615711:16
Failed to execute 'write' on 'Document': It isn't possible to write into a document from an asynchronously-loaded external script unless it is explicitly opened.
https://hzs11.cnzz.com/stat.htm?id=2724999&r=&lg=en-us&ntime=1473602138&cnz…4%E5%93%A9%E5%BC%B9%E5%B9%95%E8%A7%86%E9%A2%91%E7%BD%91&h=1&rnd=1196376936
Failed to load resource: net::ERR_TIMED_OUT
VM44 extensions::uncaught_exception_handler:8 Error in event handler for (unknown): TypeError: Cannot read property 'url' of undefined
at chrome-extension://kpbnombpnpcffllnianjibmpadjolanh/bilibili_injected.min.js:2:4148
However, hzs11.cnzz.com is not in the rule.
After looking into the source for this page, I found some boring write-to-html style eval:
$('<scr'+'ipt type="text/javascript" src="http://s11.cnzz.com/stat.php?id=2724999&web_id=2724999" charset="UTF-8"></scri'+'pt>').appendTo('body');
The link shows a obfuscated JS on visit (which -- well -- takes you to that hzs11 site eventually). JSNice does not seem to help. Naive eval-substitution on other pages seems to do no good (takes me back to c.cnzz.com script, cookie check?), so I guess I will need to do that on the page itself...
And in fact, visiting the script through HTTPS and HTTP produces different scripts. The string literal "http://"
near the end of the file changes to "https://"
in HTTPS. Sounds like a redirection implemented improperly.
/stat.php?id=2724999&web_id=2724999
:
And yes, I have to say that it is rare to see a site that doesn't function without tracking scripts loaded...
And yes, my personal suggestion is to ditch all of the s\d+\.cnzz\.com
domains. I guess being able to work with HTTPS is some kind of undocumented function for cnzz.
PS: This issue occasionally fail to reproduce. Nobody knows...
I tried to open the link in incognito mode, which allows me to disable all extensions except https-everywhere. The video successfully loaded:
Furthermore, CNZZ has official support of https. Look here: http://help.cnzz.com/support/kuaisuanzhuangdaima/changjianwenti/2013/0902/25.html
Found the Failed to execute 'write' on 'Document'
error you said, it could occur without any extensions. So I think it is a problem that CNZZ has to worry about.
I know that one occurs anyway. But the s11 server being too clever is… meh.
The timeout of hzs11.cnzz.com
does not really break bilibili. Visitors won't care about the site and third-party trackers are unable to track them :)
I sent an email to both cnzz and bilibili. Hope they will look it up...
BTW, bilibili is not only using cnzz (It also has own trackers). They should do something if the data deviation of cnzz is unacceptable and they care about it.
hdslb.com
is breaking live videos (e.g. http://live.bilibili.com/204600) now... Found nothing about hdslb.com
on console when the ruleset is enabled though.
I believe this has been fixed, but please feel free to reopen if anyone is able to reproduce it.
Here's an example link: http://www.bilibili.com/video/av6050274/ . On Windows 10, if I visit the URL in Chrome, the video won't play and instead I see a white screen that says
Loading (100%)...
. If I disable theAdobe.com
rule, the video will work. If I visit the URL in Firefox, the video plays right away, and theAdobe.com
doesn't even appear underEnable / Disable Rules
. TheCnzz.com
ruleset doesn't seem related.