Follow

A read-only CryptPad spreadsheet with a list of known apps being used by as infection vectors, along with sources:
cryptpad.fr/sheet/#/2/sheet/vi

DM me if you'd like write access to add things.

· · Web · 2 · 10 · 9

@Br0m3x interesting, it works fine here, just tested in Tor Browser myself.

@rysiek @Br0m3x There are 3 layers of nested #JavaScript. I enabled them in Ungoogled Chromium, at which point the blankness was replaced with a spreadsheet. But the spreadsheet cells are empty for me.

@Br0m3x @rysiek Ah, nevermind it works. The problem was that each time I enabled more js in uMatrix, the page was reloaded which somehow caused the unique page identifier in the URL to change. So after enough js was enabled to present the spreadsheet UI, I had to reload the original URL and it worked.

@rysiek @Br0m3x Yes, but i'm not convinced that a spreadsheet is the right tool since it's just a table. I would have used a markdown table.

@Br0m3x @rysiek If the javascript had all come from cryptpad.fr, it would have posed no problem with uMatrix. But the js was 3rd party from sandbox.cryptpad.info, so uMatrix disabled it by default.

@resist1984 @Br0m3x it can't come from the same domain for security reasons. The only way to properly sandbox user-controlled content is by using a separate domain for it:
html5rocks.com/en/tutorials/se

I'm sure @cryptpad will have more to say here if you want. I am not in any way providing technical support for CryptPad.

@rysiek @resist1984 @Br0m3x

That's correct! CryptPad.fr handles cryptographic content (like keys), while sandbox.cryptpad.info is used for the platform's UI. The sandbox doesn't have access to that the main domain's content and has a stricter content security policy which blocks nasty things like inline scripts.

Unfortunately, some adblockers use heuristics which can't distinguish between our sandbox iframe and an ad.

@rysiek @resist1984 @Br0m3x

We actively test with uBlock Origin (which is used much more widely according to the Firefox add-on directory) and we've been compiling a list of known issues with other plugins which we hope to add to our documentation soon.

@resist1984 @Br0m3x you are free to use a markdown table. I needed something that can be easily and immediately edited by anyone who has info.

Sign in to participate in the conversation
Mastodon for Tech Folks

This Mastodon instance is for people interested in technology. Discussions aren't limited to technology, because tech folks shouldn't be limited to technology either!