search

uazo / cromite

Cromite a Bromite fork with ad blocking and privacy enhancements; take back your browser!
https://www.cromite.org/
GNU General Public License v3.0
3.55k stars 85 forks source link

"Do not allow sites to use JavaScript" incorrectly blocks all chrome:// URLs on v130, and updating to it also wipes all cookies #1571

Open Metrokoto opened 1 month ago

Metrokoto commented 1 month ago

Preliminary checklist

Can the bug be reproduced with corresponding Chromium version?

No

Are you sure?

No

Cromite version

130

Device architecture

windows

Platform version

I prefer not to write it/No matter

Android Device model

N/A

Is the device rooted?

I prefer not to write it

Changed flags

none

Is this bug happening ONLY in an incognito tab?

No

Is this bug caused by the adblocker?

No

Is this bug a crash?

No

Describe the bug

image

Steps to reproduce the bug

Turn on do not allow sites to use javascript in version 129 and then update to 130

Expected behavior

All chrome URLs should be excluded from this setting

Screenshots

No response

Metrokoto commented 1 month ago

Had to downgrade back to the last 129 build until this issue is resolved.

Metrokoto commented 4 weeks ago

This also happens on Android.

mathfelin commented 4 weeks ago

this happens to me when I use violentmonkey + ublock, even when only one of them is disabled, it gives the same bug.

Metrokoto commented 3 weeks ago

@uazo This issue is not fully fixed, please reopen. image image This also affects things like the HTTPS First Mode interstitial page, as well as chrome-extension:// urls.

Metrokoto commented 3 weeks ago

@uazo Can we please re-open this issue? I am unable to open the uBlock Origins settings menu due to this...

Metrokoto commented 2 weeks ago

@uazo Can we please re-open this issue? Still is a problem.

uazo commented 2 weeks ago

I do not see any problems. although javascript is globally deactivated, both chrome pages and extensions work:

image

Metrokoto commented 2 weeks ago

I do not see any problems. although javascript is globally deactivated, both chrome pages and extensions work:

image

Nope, that doesn't count.

See above. https://github.com/uazo/cromite/issues/1571#issuecomment-2430518076

With it disabled, I cannot access the uBlock settings menu at all. Whatsoever. Meaning editing filter lists? Nope. Not possible. Editing custom rules? Nope, not possible.

chrome-extension://EXTENSION_ID_HERE/dashboard.html just shows a blank screen, as do pretty much all other extensions unless opened from the extensions dropdown like you did in your screenshot. As I said, this doesn't count as that doesn't get blocked.

LibRedirect is another extension that needs to be able to access its chrome-extension:// URL to configure it, and that doesn't work either, shows blank too, same goes for ViolentMonkey.

Metrokoto commented 2 weeks ago

I do not see any problems. although javascript is globally deactivated, both chrome pages and extensions work: image

Nope, that doesn't count.

See above. #1571 (comment)

With it disabled, I cannot access the uBlock settings menu at all. Whatsoever. Meaning editing filter lists? Nope. Not possible. Editing custom rules? Nope, not possible.

chrome-extension://EXTENSION_ID_HERE/dashboard.html just shows a blank screen, as do pretty much all other extensions unless opened from the extensions dropdown like you did in your screenshot. As I said, this doesn't count as that doesn't get blocked.

LibRedirect is another extension that needs to be able to access its chrome-extension:// URL to configure it, and that doesn't work either, shows blank too, same goes for ViolentMonkey.

TLDR; you need to add chrome-extension:// to the same whitelist you did for chrome:// and then fix the error pages as well somehow.

Metrokoto commented 6 days ago

@uazo

130.0.6723.117 did not fully rectify the issue.

(Apologies, I replied on the wrong issue before and didn't notice...)

But, essentially, the Chromium error pages for things like HTTPS First and ERR_CONN_REFUSED, etc, do not load correctly. I inspect elemented the page on Windows and saw there is a JS file required for styling and the functionality to work, hence why blocking JS globally breaks it.

It seems to fix itself if you whitelist the site you see the error page on, but this defeats the purpose of the JS toggle then, because what if the site is malicious, suddenly starts working again, and you now have JS enabled?

Congratulations, you just got PWNed!