play.spotify.com: severe memory leaks scripts from newrelic.com are blocked

[gorhill]

URL(s) where the issue occurs

https://play.spotify.com/ (login required)

Describe the issue

Original reporter on EasyList forum:

https://play.spotify.com/

more info https://community.spotify.com/t5/Help-D ... -p/1332839

it's occurs on adblock plus too

Screenshot(s)

Versions

• Browser/version: Chome 51
• uBlock Origin version: 1.6.9

Settings

Default settings.

Notes

Ideally, a solution which keep the blocking if newrelic.com scripts would be optimal, but this would require further investigative work.

For now, these exception filters work:

@@||newrelic.com^$third-party,domain=play.spotify.com
@@||nr-data.net^$third-party,domain=play.spotify.com

These exception filters override block filters in EasyPrivacy. Not sure about the second exception filter, but given the seriousness of the issue, I will add it and investigate further when I have time (which is definitely not now).

[ghost]

Related?
https://hg.adblockplus.org/easylist/rev/7c26684f1bee

[gorhill]

Is the reason for the change documented somewhere?

[ghost]

Can't find it. Just noticed the change while browsing hg.adblockplus.org.
Edit: https://forums.lanik.us/viewtopic.php?p=92447#p92447
Edit 2: Deleted by author (EasyList maintainer).
Edit 3: It's back: https://forums.lanik.us/viewtopic.php?f=64&p=92454#p92454

[gorhill]

Edit: https://forums.lanik.us/viewtopic.php?p=92447#p92447

Topic does not exist.

Anyway, I disabled uBlock filters -- unbreak, added ||imasdk.googleapis.com/js/core/bridge*.html$subdocument,important,domain=spotify.com, and the leak is still there.

I wish I had more time to dig into this right now, but only thing I got so far is:

__nr_require is inline code in the page's source. That sort of newrelic.com code is used on a lot of web sites (I have wanted to investigate neutering it since a while now). I am more inclined to think that the site is misusing newrelic.com's api, though at this point it's such a serious issue that un-blocking newrelic.com is the best quick fix until the real issue is pin-pointed in the site's code.

Tonight or tomorrow I will have more time to dig.

[gorhill]

After investigating more, as far as I can tell, newrelic.com's code is the culprit, not spotify.com. newrelic installs wrapper code around many native js calls (addEventListener, setTimeout, XMLHttpRequest.prototype.send, etc.) using inline script code on the main page and turns out it appears one of their wrapper's purpose is to log stats in a buffer (reason: [corporate bs placeholder]).

Presumably this buffer is processed/emptied by code in javascript code loaded separately. But the newrelic.com javascript files are blocked by default when using EasyPrivacy. This means that buffer is never emptied and grow indefinitely. End result: computer end up paging memory to disk, OS seize, etc.)

^{The array referenced by u grows indefinitely. The function n is called as a consequence of Spotify installing an event listener with window.addEventListener('message', [...]). newrelic wraps window.addEventListener with its own code.}

This is why the internet is so often crappy these days, because of such moronic 3rd parties, and also because 1st parties will eagerly believe the pitch of such 3rd parties to the point of blindly and recklessly importing their code in their own pages.

Correct me someone if I concluded wrongly.