Cannot Use Element Zapper or Picker on homedepot.com (iframe removed by the page)

[jmholla]

Prerequisites

• [X] I verified that this is not a filter list issue. Report any issues with filter lists or broken website functionality in the uAssets issue tracker.
• [X] This is not a support issue or a question. For support, questions, or help, visit /r/uBlockOrigin.
• [X] I performed a cursory search of the issue tracker to avoid opening a duplicate issue.
• [X] The issue is not present after disabling uBO in the browser.
• [X] I checked the documentation to understand that the issue I am reporting is not normal behavior.

I tried to reproduce the issue when...

• [X] uBO is the only extension.
• [X] uBO uses default lists and settings.
• [X] using a new, unmodified browser profile.

Description

On homedepot.com, selecting Element Zapper or Element Picker results in neither mode being entered.

A specific URL where the issue occurs.

https://www.homedepot.com/

Steps to Reproduce

1. Got to the website
2. Click the uBlock add-on
3. Select either the lightning bolt or eye dropper

Expected behavior

On other pages, I am able to zap or select elements.

Actual behavior

Nothing

uBO version

1.50.0

Browser name and version

Firefox 102.7.0esr

Operating System and version

Linux Mint 20.3 Una

[gwarser]

Access denied for me. I tried through TOR, and it worked on pre 1.50 beta of uBO but fails after update to current beta version.

[iam-py-test]

I can reproduce in Firefox. Might be caused by https://assets.thdstatic.com/account_lib/0.14.0/build/js/accountlib.min.js but not sure

Access denied for me. I tried through TOR

They just seem to be blocking all Tor users (maybe because they use Akamai which arbitrarily blocks Tor users)

[uBlock-user]

Both work as expected for me on Nightly.

[gothic-bum]

I can confirm the issue and was able reproduce using a new Firefox profile:

uBlock Origin: 1.50.1b2
Firefox: 114
filterset (summary):
 network: 93176
 cosmetic: 39182
 scriptlet: 17633
 html: 947
listset (total-discarded, last-updated):
 default:
  user-filters: 0-0, never
  ublock-filters: 34414-55, 3m
  ublock-badware: 7508-1, 3m
  ublock-privacy: 447-0, 3m
  ublock-unbreak: 2068-0, 3m
  ublock-quick-fixes: 289-0, 3m
  easylist: 66657-731, 3m
  easyprivacy: 30798-610, 3m
  urlhaus-1: 6574-1, 3m
  plowe-0: 3735-1, 3m
filterset (user): [empty]
userSettings: [none]
hiddenSettings: [none]
supportStats:
 allReadyAfter: 529 ms
 maxAssetCacheWait: 200 ms

The following filters resolved the issue for me:

||assets.thdstatic.com/analytics/sync/b2c/desktop/prod/current/sync.js^$script,3p,from=homedepot.com
||assets.thdstatic.com/analytics/core/b2c/desktop/prod/current/core.js^$script,3p,from=homedepot.com

[gorhill]

I can also reproduce in Chromium. It looks to me the webpage is immediately removing uBO's injected iframe.

AdGuard's iframe is not removed though, but I see that it is hidden inside a closed shadow-root, so possibly this is also the solution for uBO.

[krystian3w]

We can add to title too:

https://megogo.net

Page comments injected frames:

If cookie modal is visible and not accepted by "all" button (Accept Only Essential does not work to use picker/zapper) [Those interested can check in the advanced settings what consent is required to stop blocking extension frames in Chrome].

Possible reproduce in Chrome 109, but not yet in Firefox 114.0.1 (based on logger, blocked is cmp-determinator. as CNAME).

Cookie/gdpr deployment companies/corporations may snicker that the problem has been addressed as an ad module in EL for Firefox and in the future one of the two filters for Chrome in EasyList Cookies:

||service-cmp.com/cmp/$script,domain=megogo.net
||determinator.service-cmp.com/config$script,domain=megogo.net

[ishmartbuoy]

Not able to reproduce the issue in the below : Firefox 113.0.2 & Chromium 112.0.5615.49 OS: Linux Mint 19.3 Tricia 32-bit UBlock Origin 1.51.0

[krystian3w]

https://github.com/uBlockOrigin/uBlock-issues/issues/2695#issuecomment-1683289254 - maybe addressed both pages in lists to accept or hide GDPR. Disable these temporarily if you have enabled.

One more:

https://next.gazeta.pl/next/7,172392,30392584,alert-zorzowy-niebo-nad-polska-znowu-zmieni-kolory-kto-bedzie.html#s=BoxOpImg8 and almost all Agora Poland family.

If OneTrust is not accepted or fastly aborted then picker is malformed by webpage plugin:

empty iframe due strict iframe GDPR policy at page

OneTrust are popular plugin for lazy webmasters.

[gorhill]

Using shadow root is not really a solution, sites can also removed elements containing shadow root. Also, the site is no longer preventing the element picker.