SharedWorker [sibnet.ru]

[dimisa-RUAdList]

uBO 1.11.0
Google Chrome 56.0.2924.76 (64-bit)
uBlock Filters
EasyList
RU AdList

1. Disable hiding filters:
   #@#.da_adp_teaser
   #@#.directadvert-block
   sibnet.ru#@##right_place_wrapper
2. Open http://www.sibnet.ru/ and wait 2-3 seconds
3. Ads appears at the top of the page.

[gorhill]

Ideally we should have a new filter such as webworker to accurately filter workers. Currently using the existing |blob:$script ones to decide whether a CSP to prevent blob:-based workers should be injected.

[dimisa-RUAdList]

Yes, that would be correct.

[ryanbr]

blob: can also be an image file, so strictly not just $script

[dimisa-RUAdList]

Ok:
https://hg.adblockplus.org/ruadlist/rev/067aaea25c20

[gorhill]

blob: can also be an image file, so strictly not just $script

Sure blob: as URI can represent anything (css, image, media, script, etc.), but since there is no such thing yet as webworker type, using |blob:$script specifically to inject a CSP to forbid workers on a page is better, otherwise now I will have to assume that anything starting with |blob: should result in a CSP being injected, that is not a safe assumption.

We are going to have to come to an agreement about what sort of filter is going to block webworkers.

[dimisa-RUAdList]

While I will not be in a hurry:
https://hg.adblockplus.org/ruadlist/rev/94b4326fdccc

[ryanbr]

While I will not be in a hurry:

Keep in mind, it's safe without the $script suffix, in Easylist we've made blob: a generic filter. I haven't see a false positive where a site will use 2 types of blobs (one for an Advert, and for a non-advert).

If I recall the abuse of the blob: was changed from |blob:$script,domain=.. to |blob:$domain= was due to jpost.

[dimisa-RUAdList]

@ryanbr Keep in mind, it's safe without the $script suffix, in Easylist we've made blob: a generic filter. I haven't see a false positive where a site will use 2 types of blobs (one for an Advert, and for a non-advert).

Unfortunately, it does not work everywhere: http://www.anilibria.tv/release/bernard-jou-iwaku.html
When blocking blobs disrupted video player. I sometimes encounter similar in Firefox.

@gorhill fix #2360

Why was removed uBlock Origin 1.11.1b?

[ryanbr]

Is there is some legit cases where allowing blob: is fine, anilibria.tv is such one

[gorhill]

Why was removed uBlock Origin 1.11.1b?

Because it wasn't working anymore when script was removed from the |blob: filter, my implementation was testing for precisely script type.

I gave mores thought to my "not a safe assumption", and I believe it should be ok after all as long as the effects of a generic |blob: filter is well understood, so I re-implemented to work with either script or no specific type, I haven't committed yet.

[dimisa-RUAdList]

Clear. But I returned the "script" suffix in RU AdList: https://hg.adblockplus.org/ruadlist/rev/94b4326fdccc
And yes, - blockage in 1.11.1b worked great.