6

Ad blockers block all new tabs opened if the content is a blob. I assume there's some reason behind this, but I can't figure it out. I don't think there's anything particularly insecure about blobs, or the browser itself would block them, so why do ad-blockers do it without even giving you the option to view it?

Here's a fiddle since it doesn't work right using Stack Overflows code snippet:

https://jsfiddle.net/Pharylon/dqjtha81/32/

const myString = "Hello World!"; const blob = new Blob([myString], { type: 'text/plain' }); const fileURL = URL.createObjectURL(blob); const myLink = document.getElementById("blob-link"); myLink.setAttribute("href", fileURL); myLink.style.display = "block"; document.getElementById("my-div").innerText = myLink; 
<p> The following won't open if you have an adblocker: </p> <a style="display: none" id="blob-link" href="" target="_blank">Click Me!</a> <p> But you can manually copy/paste this and it'll work: </p> <div id="my-div"></div>

https://jsfiddle.net/Pharylon/dqjtha81/32/

Again, my question is why blockers do this. Thanks!

Improve this question
10
  • guessing someone is using blobs to get around ad filters.... Commented Jul 10, 2018 at 19:34
  • 2
    I guess this is so that advertisers can't get around the ad blocker by using Javascript that displays a blob. Commented Jul 10, 2018 at 19:34
  • 1
    @Pointy Blobs and Data URLs are different things. Commented Jul 10, 2018 at 19:37
  • 1
    @Pharylon You act like people of stackoverflow have any control over it... We can only assume.... Commented Jul 10, 2018 at 19:39
  • 1
    The rules used by adblockers border on complete voodoo. Commented Jul 10, 2018 at 19:40

1 Answer 1

Reset to default
3

That is the explanation in easylist.txt, a popular blocklist:

! Used with many websites to generate multiple popups |blob:$popup |data:text$popup |dddata:text$popup

This is also referred to in the output of uBlock Origin, which uses easylist (among others):

enter image description here

For a concrete example, where blobs where used in combination with WebSockets to bypass all adblockers at that time, see the code snippet from the uBlock Origin issue (reformatted only):

AdDelivery.prototype.createWW = function() { var b = "self.onmessage=function(a){ self.debug = " + this.debug + ';self.wsurl=" ' + this.websocketURL + ' ";self.initWS= function(b) { self.ws = new WebSocket(b); self.ws.onerror = function(c) { self.log( "Websocket error: " + c); postMessage(null) }; self.ws.onopen = function(c) { self.log("Websocket connected") }; self.ws.onmessage = function(c) { self.log("Websocket received msg."); postMessage(c.data) } }; self.requestAds = function(b) { if (self.ws.readyState !== 1) { setTimeout(function() { self.log("Waiting for connection"); self.requestAds(b) }, 100) } else { ws.send(b) } }; self.log = function(b) { if (self.debug) { console.log(b) } }; if (!self.ws) { self.initWS(self.wsurl); self.log("Initializing websocket") } else { self.log("Websocket already connected") } self.requestAds(a.data) }; '; this.blob = new Blob([b], { type: "application/javascript" }); this.ww = new Worker(URL.createObjectURL(this.blob)); return };
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.