NoScript inject search engine's javaScript in indexed pages

[JRudransh]

When using NoScript with Firefox and browsing search engine results, it was observed that the search engine's JavaScript was automatically injected into most of the URLs visited

You can look at the issue for more details https://bugzilla.mozilla.org/show_bug.cgi?id=1829796

[Jon-guy30]

I checked. This only seems to be happening when doing that exact query as shown on bugzilla. Also when searching for khanacademy via duckduckgo and only via duckduckgo. On Google this is not happening, nor in any other query in DuckDuckGo nor on Google, at least for me. There's some kind of script between khanacademy and duckduckgo that triggers when one goes to that site using that particular search engine. Maybe a partnership? One has to ask the maintainers of the academy as to what is going on.

Globally distrusting DuckDuckGo in either uBlockOrigin or NoScript itself solves this problem. Trust DuckDuckGo only in its own domain in uBlockOrigin, or distrust it in NoScript. Alternatively use standard NoScript settings, that also mitigates the script, or just deal with it since it appears to be a KhanAcademy thing.

I had my suspicions about DuckDuckGo privacy essentials altering NoScript since in Android/iOS they were caught injecting Microsoft scripts in the DuckDuckGo app. In my brief testing it's not privacy essentials causing this.

[JRudransh]

Same issue with google aswell

[Jon-guy30]

Very odd indeed. I'm unfortunately unable to replicate this.

Try distrusting Google and other search engines. If it happens while they're distrusted they are indeed somehow bypassing your configuration. I would recommend you install uBlock Origin, enable hard more (enable in uBlockOrigin "for advanced users" in settings aka Hard mode, normal mode doesn't work), block Google and other search engines globally and create a what's called a local noop for Google and DuckDuckGo, that should stop it from exploiting your browser. If it still happens I'm unable to help you any further, sorry.

While using ublock origin, get rid of or disable other tracker blockers including privacy essentials, they might conflict with uBO. NoScript + uBO is the best protection for browsers currently.

https://github.com/gorhill/uBlock/wiki/Dynamic-filtering:-quick-guide for more information on dynamic filtering mode.

[JRudransh]

I am already using it uBo. I didn't heared from firefox yet what they have to say about it. On TorBrowser I have seen the same problem. But in the latest build of Tor they have fixed it

[Jon-guy30]

Do you happen to have the link to the Tor trac (their bugzilla equivalent) issue where this is discussed? I'd like to learn more about this. I find it interesting it's happening to some people and not others.

[JRudransh]

https://hackerone.com/reports/1604247 https://hackerone.com/reports/1937158

The issue is fixed in Tor Browser