Given that uMatrix isn't being developed any more, I've been a bit wary about sharing explicit details. I can say that the bypass works on uMatrix 1.4.4 (the latest release) and that even if you've disabled JavaScript from running via uMatrix - whether via a blacklist or via a whitelist - using this bypass will allow JavaScript to run on the page according to your browser settings.

I haven't tested whether it allows the other elements that uMatrix can block - XHR, frames, etc - but I'm pretty sure that it does.

I've been holding onto this info since the GitHub repository has been archived and read-only for years, and I'm not sure of the best way to handle it given that it's not being developed any more. I've wanted to get this out there but I want to make sure that people are safe, especially now that MV2 is deprecated, so there may be even less chance of an update. This is kinda new territory for me.

▲

SahAssar 5 days ago | parent [-]

MV2 is not deprecated on firefox, does the bypass work there too?

I'd probably send gorhill a message with the info and then it can either be published to the readme or the extension unarchived and hotfixed or at least published somewhere else.

	▲	Sophira a day ago \| parent [-]
		Good question. I've just tested on the latest ESR version of Firefox (115.27.0esr) and the bypass definitely works there. I've also been able to do more testing on whether the XHR/frame blocking is bypassed, and I was wrong there - XHR and frames are blocked perfectly fine, even with this bypass. I haven't tested cookies and media blocking, but so far it appears like it might just be scripting that gets through. I'll send gorhill an email, thank you for the suggestion!