"Do not allow sites to use JavaScript" incorrectly blocks all chrome:// URLs on v130, and updating to it also wipes all cookies

[Metrokoto]

Preliminary checklist

• I have read the README.
• I have searched the existing issues for my problem. This is a new ticket, NOT a duplicate or related to another open issue.
• I have updated Cromite to the latest version. The bug is reproducible on this latest version.
• This is a bug report about the Cromite browser; not the website nor F-Droid nor anything else.

Can the bug be reproduced with corresponding Chromium version?

No

Are you sure?

No

Cromite version

130

Device architecture

windows

Platform version

I prefer not to write it/No matter

Android Device model

N/A

Is the device rooted?

I prefer not to write it

Changed flags

none

Is this bug happening ONLY in an incognito tab?

No

Is this bug caused by the adblocker?

No

Is this bug a crash?

No

Describe the bug

Steps to reproduce the bug

Turn on do not allow sites to use javascript in version 129 and then update to 130

Expected behavior

All chrome URLs should be excluded from this setting

Screenshots

No response

[Metrokoto]

Had to downgrade back to the last 129 build until this issue is resolved.

[Metrokoto]

This also happens on Android.

[mathfelin]

this happens to me when I use violentmonkey + ublock, even when only one of them is disabled, it gives the same bug.

[Metrokoto]

@uazo This issue is not fully fixed, please reopen.


This also affects things like the HTTPS First Mode interstitial page, as well as chrome-extension:// urls.

[Metrokoto]

@uazo Can we please re-open this issue? I am unable to open the uBlock Origins settings menu due to this...

[Metrokoto]

@uazo Can we please re-open this issue? Still is a problem.

[uazo]

I do not see any problems.
although javascript is globally deactivated, both chrome pages and extensions work:

[Metrokoto]

I do not see any problems. although javascript is globally deactivated, both chrome pages and extensions work:

Nope, that doesn't count.

See above.
#1571 (comment)

With it disabled, I cannot access the uBlock settings menu at all. Whatsoever. Meaning editing filter lists? Nope. Not possible. Editing custom rules? Nope, not possible.

chrome-extension://EXTENSION_ID_HERE/dashboard.html just shows a blank screen, as do pretty much all other extensions unless opened from the extensions dropdown like you did in your screenshot. As I said, this doesn't count as that doesn't get blocked.

LibRedirect is another extension that needs to be able to access its chrome-extension:// URL to configure it, and that doesn't work either, shows blank too, same goes for ViolentMonkey.

[Metrokoto]

I do not see any problems. although javascript is globally deactivated, both chrome pages and extensions work:

Nope, that doesn't count.

See above. #1571 (comment)

With it disabled, I cannot access the uBlock settings menu at all. Whatsoever. Meaning editing filter lists? Nope. Not possible. Editing custom rules? Nope, not possible.

chrome-extension://EXTENSION_ID_HERE/dashboard.html just shows a blank screen, as do pretty much all other extensions unless opened from the extensions dropdown like you did in your screenshot. As I said, this doesn't count as that doesn't get blocked.

LibRedirect is another extension that needs to be able to access its chrome-extension:// URL to configure it, and that doesn't work either, shows blank too, same goes for ViolentMonkey.

TLDR; you need to add chrome-extension:// to the same whitelist you did for chrome:// and then fix the error pages as well somehow.

[Metrokoto]

@uazo

130.0.6723.117 did not fully rectify the issue.

(Apologies, I replied on the wrong issue before and didn't notice...)

But, essentially, the Chromium error pages for things like HTTPS First and ERR_CONN_REFUSED, etc, do not load correctly. I inspect elemented the page on Windows and saw there is a JS file required for styling and the functionality to work, hence why blocking JS globally breaks it.

It seems to fix itself if you whitelist the site you see the error page on, but this defeats the purpose of the JS toggle then, because what if the site is malicious, suddenly starts working again, and you now have JS enabled?

Congratulations, you just got PWNed!