On 25 Apr 2021 as I do recall,
Brian Jordan wrote:
> On 25 Apr, brian.jordan9@btinternet.com wrote:
> > In article <0f08bf2259.harriet@bazleyfamily.co.uk>,
> > Harriet Bazley <lists@bazleyfamily.co.uk> wrote:
>
> > [Snip]
>
> > > <STYLE id="antiClickjack">body{display:none !important;}</STYLE>
> > > which has the effect of hiding the entire content of the page.
>
> > [Snip]
>
> > Great find, thank you.
> > B
>
> My interest piqued I have been looking at this and discovered (I say
> 'discovered' while suspecting this is well known) that using NetSurf's
> Full save facility produces a page which can be opened.
That's interesting - the 'index' page in the Full save is actually
missing the offending line. NetSurf has somehow stripped it out (along
with rewriting a few other things, e.g. wrapping multi-line
class definitions onto a single line and apparently changing the case of
the <script> tags).
The original source HTML reads:
<script>
// for testing instart:
// window.I11C = {};
// window.I11C.Morph = 1;
</script>
<style id="antiClickjack">body{display:none !important;}</style>
<script type="text/javascript">
if (self === top) {
var antiClickjack = document.getElementById("antiClickjack");
antiClickjack.parentNode.removeChild(antiClickjack);
} else {
top.location = self.location;
}
and this gets rewritten during the Full Save process to
<SCRIPT>
// for testing instart:
// window.I11C = {};
// window.I11C.Morph = 1;
</SCRIPT>
<SCRIPT type="text/javascript">
if (self === top) {
var antiClickjack = document.getElementById("antiClickjack");
antiClickjack.parentNode.removeChild(antiClickjack);
} else {
top.location = self.location;
}
I'm not clear why this would happen while parsing the page header, so
the fact that it happens to cause the page to render as visible may be
just a massive coincidence...!
--
Harriet Bazley == Loyaulte me lie ==
Positive: Mistaken at the top of one's voice.
_______________________________________________
netsurf-users mailing list -- netsurf-users@netsurf-browser.org
To unsubscribe send an email to netsurf-users-leave@netsurf-browser.org
No comments:
Post a Comment