Monday, 1 October 2007

Preventing javascript redirection

For some reason, I wasted a lot of time this afternoon trying to make use of Firefox customisability in order to avoid having to log into Gamasutra in order to view the articles. I have no idea why, the article I was trying to get to, I didn't find interesting when I eventually got to see it. But I feel obliged to document the process for future reference.

When you visit an article on Gamasutra, it loads the page you want to see and in the process executes some javascript which checks if you have a cookie set and if not redirects you to its login page. I wanted to do something to disable this redirection.

var login_link = "

//if the Gama Demo string does not exist, send them to login screen
if (pos == -1)
location.href = login_link
else {
My first attempt was in installing Greasemonkey. This seems to get invoked after the page has been loaded, at which point the redirection is already in progress. I could change the document.location value back to what it was being redirected from, but this just resulted in an infinite loop of redirection. I could catch the unload event and tell the browser to stop with window.stop(), but it seemed to stop after the redirection had started giving a blank page. Unless there is a formal way to stop what a previous assignment to document.location starts, Greasemonkey doesn't get invoked soon enough to help here.

The next attempt was with something I stumbled across when googling for "redirection". Firefox security policies. These have no user interface, but seem to be fully implemented. They enable you to do things like disable javascript for all sites or specified sites. Or disable access to various parts of the DOM, like document.location.

These lines would be added to a user's "prefs.js" file ("nogo" is just the random name I gave the profile myself):
user_pref("capability.policy.nogo.location.set", "noAccess");
user_pref("capability.policy.nogo.sites", "");
user_pref("capability.policy.policynames", "nogo");
However, I could see myself wondering why the Gamasutra website wasn't working properly, so I just went with disabling javascript instead:
user_pref("capability.policy.nogo.javascript.enabled", "noAccess");
user_pref("capability.policy.nogo.sites", "");
user_pref("capability.policy.policynames", "nogo");
More information on customising Firefox security policies can be found here.

No comments:

Post a Comment