It’s hard to blacklist..

EDIT: This post was nonsense, I must be tired. Basically I found an odd-looking script, didn't read it carefully enough and assumed it did checks on location.href that were actually done on location.search. Ten seconds after clicking publish I realised that I had misread it and written something stupid. (I know I'm tired – for personal reasons – but surprised to see myself making such silly mistakes..).

I've removed the post content but will paste it in a comment. The reason for doing that is I won't let some snide comments about code that made more sense than I thought remain on the main blog, but I won't airbrush away this stupid incident either :p

Advertisements

7 thoughts on “It’s hard to blacklist..

  1. Anonymous writes:The URL goes to "Page not found". Did they already nuke the bad JavaScript or am I missing something?

  2. So, this is the removed post, with an apology to the coders behind http://www.maxilamba.com (though I do think their blacklisting of NSFW sites is a relatively pointless task – it will turn into a rather big file.. and indexOf() wouldn't cover potentially usable hostname variations either..):I know absolutely nothing about this site except the fact that a number of other sites should avoid including http://www.maxilamba.com/error.js. If that script happens to run on the four blacklisted sites, it will show an error message:

    var disallowed = "http://www.maxilamba.com/error.html?video=disallowed";
    if ((window.location.search.substring(1).indexOf("video") == 0)||(window.location.search.substring(1).indexOf("embed") == 0)) {
    if ((window.location.search.substring(14).indexOf("xtourl.com") == 0)||(window.location.search.substring(14).indexOf("www.xtourl.com") == 0)) {
    window.top.location.href = disallowed;
    // Three more if-blocks of the same type snipped.
    

    Blacklisting is so hard, right? Luckily indexOf() comes to the rescue. I guess the only remaining difficulty is to get those blacklisted sites to actually add a SCRIPT SRC="http://www.maxilamba.com/error.js" tag so that they will actually be affected by the blacklisting!(Minor warning: I'd say that the http://www.maxilamba.com/error.js URL is NSFW, not only because the NSFW-sites it references, but also because if your workplace has any sort of coding competence they might get shocked and fire you simply for looking at such grossly incompetent JavaScript. :-p)

  3. I only recognized one of those four domains. The internet is a big place. 😉 Although, amusingly the UserJS manager app informed me that I could install the snippet as a userscript. Didn't risk playing with that option.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s