Strange behavior for bookmarklets
-
I'm trying to create a bookmarklet and running into some strange behavior. When I open the manage bookmarks page (vivaldi://bookmarks) and create a new bookmark, any javascript code I paste into the URL field is wiped away when I navigate away. There's no message to indicate that there's a problem, it just vanishes.
Similar behavior when I try to add a bookmarklet by right clicking a hyperlink on a web page. The bookmark is created, there's no indication that there's any issue, but the javascript code in the URL field is replaced with
about:blank#blockedwhich causes the bookmark to navigate to an empty page.However, when I use the button in the address bar to create a bookmark to the current page, and then edit the bookmark and paste in the code I want, it works just fine. I can even now go to the manage bookmarks page and see the code in the URL field without it getting cleared out.
Suffice to say I'm pretty confused by this behavior.
1.) Why is the creation of bookmarklets being prevented in a browser whose target audience is power users? I understand that they can be dangerous for non-technical users, but I would at least expect an opt-in for users who know what they're doing.
2.) Why is the behavior to simply mangle the bookmark without any messaging to the user? This leaves me unsure as to whether this is intentional or a bug, seeing as it's relatively easy to bypass if you're willing to bang your head against it for a bit.Posting in the macOS section because that's what I'm using, but I can't verify whether or not the behavior is the same in other OSes.
Version 5.7.2921.60
-
@MostlyGibberish
Vivaldi is a bit strange with adding bookmarklets. This is advice I received when I was trying to add them:To create a bookmarklet do it manually through the Bookmarks Manager > Add New Bookmark.
Copy bookmarklet link address.
In the Url input box of your empty bookmark, hit the spacebar once, THEN paste the bookmarklet right after. Vivaldi will auto-remove the space but it will remove the "javascript:" part, so put that back in. -
Yeah the
about:blank#blockedthing is not intentional behaviour, it's just a bug. Same with the creation of a new bookmark, I suspect these issues are linked. It's been around for a while though.I guess since most users who know about bookmarklets are "power users" anyway, we are able to find workarounds - maybe that's the reason it's not high on the agenda to fix.
Hopefully one day it will be fixed. Then again, how many bookmarklets does one need?
The "Strip Javascript" option is just seems completely redundant to me and I can't really see the possible attack vectors here. I guess if an attacker makes the user press a button that copies the JS onto the clipboard (which is easy) and the user then pastes this into the address bar and presses Enter (or uses "Paste and Go") ... then maybe. It's a stretch to see how this can be abused in the wild though.
The only text it seems to actually strip is the starting
javascript:string which is what causes the browser to interpret it as JS and not a regular URL.I just keep it unchecked, I don't need the browser messing with what I copy to the clipboard.
π»Volunteer helper Β· Forum moderator Β· Sopranos tester π οΈTroubleshooting πReport a bug πMarkdown help
π¦"With a rubber duck, one's never alone" -Douglas Adamsπ¦ -
@Pathduck said in Strange behavior for bookmarklets:
I just keep it (the "Strip Javascript" option) unchecked, I don't need the browser messing with what I
copy topaste from the clipboard.Not seeing a problem here...
-
@Streptococcus said in Strange behavior for bookmarklets:
Vivaldi will auto-remove the space but it will remove the "javascript:" part, so put that back in.
Just FYI: This feature can be disabled in Settings > Address Bar > Security Features:
Strip JavaScript from Pasted TextI have it disabled, as I use bookmarklets, but for an average user, it's better to have it enabled.
