[Firefox] External script not blocked

[quilloss]

Steps to Reproduce

1. Place an img tag containing script
2. Place a script tag containing the same script

Example:

<!DOCTYPE html>
<html>
    <head>
        <meta charset="utf8">
    </head>
    <body>
        <h1 id="status">Script Blocked</h1>
        <img src="https://gist.githubusercontent.com/anonymous/3988344ba5aba30784bc/raw/4359ff0ab75c95fbaa4e677c595f0138c7a66bd4/gistfile1.js" style="display:none;">
        <script src="https://gist.githubusercontent.com/anonymous/3988344ba5aba30784bc/raw/4359ff0ab75c95fbaa4e677c595f0138c7a66bd4/gistfile1.js"></script>
    </body>
</html>

Symptoms

Script is not blocked.

Preferences Different From Defaults

||githubusercontent.com^$script

* * 1p-script block
* * 3p-script block
* * inline-script block

Info

uBlock version:
    0.9.2.3
Browser and version:
    Firefox 36.0.4
OS and version:
    Windows 7 x64

Other Extensions

• None.
• Empty Profile

[gorhill]

This happens only on Firefox, and only if the HTML document is loaded from file://.

That Chromium was not showing the issue is just luck, depends whether the image was pull before the script.

Actually, Chromium does not want to execute the scripts in there because:

Refused to execute script from 'https://gist.githubusercontent.com/anonymous/3988344ba5aba30784bc/raw/4359ff0ab75c95fbaa4e677c595f0138c7a66bd4/gistfile1.js'
because its MIME type ('text/plain') is not executable, and strict MIME type checking is enabled.

Probably Github is setting the MIME type to text and apparently Firefox disregards this, while Chromium enforces it.