Security issue: Fails to block JS from webworkers

[telamon]

Just tried this plugin out after i got tired of no hotkey's in No-script plugin. But disable-javascript failed to block already loaded webworkers, meaning if i temporarily enable JS on a domain and then toggle it off again - Any webworkers registered during that pageload will continue to run unrestricted.

Content Security Policy: Directive ‘child-src’ has been deprecated. Please use directive ‘worker-src’ to 
control workers, or directive ‘frame-src’ to control frames respectively.

[dpacassi]

Hi @telamon!

Thanks for your report. I tried to reproduce the bug you've described but wasn't sucessful. I tried the following:

1. Visit https://www.w3schools.com/html/tryit.asp?filename=tryhtml5_webworker
2. Click on "Start Worker"
3. Disable JS

-> The page gets reloaded with JS disabled, the worker doesn't run.

Could you give me additional information on how to reproduce this bug? I would need:

• Your Disable JavaScript settings
• Your used browser and OS
• The website with the web worker

I will then try to recreate the bug. Thanks for your help!

[telamon]

@dpacassi Thanks for marking it up, I'm trying to remember what page i encountered and replicated this bug on. Should probably have mentioned that in the original post... I'll drop another comment if i encouter it again.