Brave Shield not blocking popup ads!

Browser Support Ad-Blocking
1

Hello,

I have been having this issue since a while now on both Windows and Android. Some sites have pop-up ads which seems to open their own website in new tab but then it loads another website (ad). Edge (PC) and Firefox (PC/Android) with uBlock Origin doesn’t seem to have any issue in blocking these pop-ups. Also, Brave with uBlock also blocks it fine.

I use Aggressive Brave shield. Also, all of the filter lists are updated in both my PC and phone. Also, have selected “Don’t allow sites to send pop-ups or use redirects” in Pop-ups and redirects option.

Everything else works perfectly fine except this. I have found similar ad on this website- https://canyoublockit.com/extreme-test/

So, you can test if it works for you or not. Would be great if popups like these can be blocked by default in Brave as well.

2

Brave doesn’t support $popup, so no. technically the popup is not even blocked, what popup does is to open it and then close it.

But you can always use the other features as a workaround.

Alternatives features that can be used to block popups are:

1. CSP

CSP with sandbox property, you block a lot of things including popups, all you need is to allow scripts and the site will work normally, but block forms and popups and all that.
CSP is like whitelisting stuff, so unless specify in the rule, nothing will get allowed.
Example:
canyoublockit.com$csp=sandbox allow-same-origin allow-scripts

cons about CSP:

  1. well, many websites will block making the site a ‘sandbox’.
  2. There is a bug in Brave shields where sandboxing frames don’t get properly blocked by Brave, which means you have to use CSP with script-src to do the job.

Pros:

  1. you can easily see in console what is being blocked with a message like:

Blocked opening https://canyoublockit.com/extreme-test/ in a new window because the request was made in a sandboxed frame whose ‘allow-popups’ permission is not set.

2. Scriptlet Injection filters

Brave uses uBlock resources https://github.com/gorhill/uBlock/wiki/Resources-Library and there are two scriptlets that can be used to block popups.

  1. window-close-if. It is the closest to $popup, it does a window.close() to the popup.
    Example: canyoublockit.com##+js(window-close-if, /^/) you can see in uBlock wiki it can be tweaked if needed, like canyoublockit.com##+js(window-close-if, /extreme-test/)
    So pretty much you convert $popup rules like that.
    Like in the case of this testing website the rule by uBlock is ||eatcells.com^$popup,3p and eatcells.com##+js(window-close-if, /^/) should act similarly

  2. nowoif - window.open-defuser
    This stops any popup by using window.open(), which means it can work in many popups but sometimes it doesn’t.
    In the case of the test, it does work, and you use it as:canyoublockit.com##+js(nowoif)
    you can add more arguments to be more specific but since logging the nowoif shows [uBO] window.open: https://canyoublockit.com/extreme-test/ _blank
    that means that you can do it as ##+js(nowoif, _blank) and it will be more specific instead of blocking all popups if not necessary.

3. block the script causing the popup to happen.

It will be either an external script or an inline script doing it, which can be blocked by Brave, through scriptlet injections or normal Network request filters.
CSP can also do it easily but when it comes to inline-scripts, it can get messy because you have to allow one by one if necessary, because the only way to allow inline scripts is by using unsafe-inline, which will allow all inline scripts which means, it will not do the job.

So as you can see, Brave can easily do it, the problem is feature parity to support the filters that Easylist and uBlock lists (Brave default lists) have, and that’s exactly what Brave has been working on all these years since the write of Brave Adblocker.

Currently Brave supports most important features/filters, but there are missing features of course, I would say Brave supports like 95% of rules today.

Of course, you hope someday to finally see $popup supported, just like the other missing features uBlock has.
And the Procedural filters as well, which are only used to hide html elements, so nothing relevant for this talk, but more about how Brave little by little supports uBlock features and someday it will have the feature parity with uBlock, enough to support 99.9% of rules (it will never be 100%)

1 Like
3

They have fixed this issue. And their dev (r/mp3geek) confirmed the same on my reddit post. :smile:

4

Nah, not completely. It seems to still happen in a few sites.

5

  1. The fix is only per site, not globally https://github.com/brave/adblock-lists/commit/9005f2cfa0c0dab6ae4c0119d9cbc14bf1dbd22f so it will only black in canyoublockit and that’s it, Brave doesn’t support, for performance reasons, many generic filters anyway, so rules inside Brave are usually done per site.

  2. Brave is not going to get $popup support like that, it has to be developed and added and I wonder when or how, it is a big work, reason why they haven’t implemented, and honestly, while $popup is used in a lot of rules, it is still a bad way of blocking popups, it should be a last resort, since it allows the popup to happen and then close it. nowoif which you can see was used in the commit, is a better approach, and that’s the one I mentioned in my post.

  3. That’s exactly why I explained all the different methods where YOU can fix it yourself if you have to.
    You still have to always report issues in Websites if you want, so they get fixed for everyone else. So, if you see a popup you can report it and they will adapt the fix to use any method I mentioned, which is compatible with Brave. But you can also try it yourself while it gets fixed, like if you are watching a sports, anime or movie site, etc which love having popups.

Right now Brave is working in the Adblock 0.8.x version, which will have something called ‘actions’, which is a feature implemented by uBlock to remove a node, remove class or attribute from a page, it is in the same action filed as :style() which is already supported.

So, of course it will happen in other websites, adblocker rules are made one at a time by humans, there are some that can be adapted with regex, but not too often.

Features, especially since Adblocker is native to the browser and uses RUST, take time to develop, especially if they might be API breaking changes and affect performance or something.

So always report issues in websites, and if you want, try the methods I explained as a workaround for the lack of $popup and other rules like denyallow which can be replaced by CSP, etc etc.

Even most Procedural Cosmetics can be done by only using :has() instead of upward and you select an attribute instead of :has-text() and it will work 96% of the time.

Brave Adblocker capable of doing most things, the problem is feature parity with uBlock lists to not have to make workaround rules.

1 Like
6

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.