From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from out.smtp-auth.no-ip.com (smtp-auth.no-ip.com [8.23.224.60]) by hurricane.the-brannons.com (Postfix) with ESMTPS id 36CB177AA1 for ; Sun, 25 Aug 2019 17:55:54 -0700 (PDT) X-No-IP: carhart.net@noip-smtp X-Report-Spam-To: abuse@no-ip.com Received: from phoenix.carhart.net (unknown [99.57.137.251]) (Authenticated sender: carhart.net@noip-smtp) by smtp-auth.no-ip.com (Postfix) with ESMTPA id CD6C82EF for ; Sun, 25 Aug 2019 17:55:53 -0700 (PDT) Received: from phoenix.carhart.net (carhart.net [127.0.0.1]) by phoenix.carhart.net (8.15.2/8.15.2) with ESMTP id x7Q0tr1x008150 for ; Sun, 25 Aug 2019 17:55:53 -0700 Received: from localhost (kevin@localhost) by phoenix.carhart.net (8.15.2/8.15.2/Submit) with ESMTP id x7Q0tr5s008147 for ; Sun, 25 Aug 2019 17:55:53 -0700 X-Authentication-Warning: phoenix.carhart.net: kevin owned process doing -bs Date: Sun, 25 Aug 2019 17:55:53 -0700 (PDT) From: Kevin Carhart X-X-Sender: kevin@phoenix To: edbrowse-dev@lists.the-brannons.com Subject: [edbrowse-dev] iframe.src = "javascript:false" Message-ID: User-Agent: Alpine 2.21 (DEB 202 2017-01-01) X-BeenThere: edbrowse-dev@edbrowse.org List-Id: Edbrowse Development List MIME-Version: 1.0 Content-Type: text/plain; format=flowed; charset=US-ASCII A site (coscoshipping.com) sets iframe.src = "javascript:false" and then takes ifr.contentWindow.document, which raises this: the javascript protocol is not supported by edbrowse Is this remotely legal for an iframe src? Anyway, the context for why they're doing it appears to be an extraneous third-party library so we can table it til it's a blocker of something real, if ever.