[ext] NoScript 1.9 - Your Friendly Web Cop
-
- Posts: 205
- Joined: October 17th, 2005, 1:33 am
Re: [ext] NoScript 1.9 - Your Friendly Web Cop
Giorgio,
1) Quicktime activation in FF3 requires two clicks on the placeholder. FF2 is ok.
2) The following is not a proper bug report, unfortunately, but you should know. Occasionally, when I open the NoScript menu in FF3, a random domain in the list is somehow automatically allowed. When it happens, the only pattern I seem to detect is that the list is large and perhaps the page has not finished loading. I am not able to reproduce it even on the same page after it happens, so it's timing related or maybe some unusual mouse twitch or jerk during the click causes it. This never happens with native menu rendering in ff2. There should be a configurable native menu mode in ff3 where you can count on this never happening.
1) Quicktime activation in FF3 requires two clicks on the placeholder. FF2 is ok.
2) The following is not a proper bug report, unfortunately, but you should know. Occasionally, when I open the NoScript menu in FF3, a random domain in the list is somehow automatically allowed. When it happens, the only pattern I seem to detect is that the list is large and perhaps the page has not finished loading. I am not able to reproduce it even on the same page after it happens, so it's timing related or maybe some unusual mouse twitch or jerk during the click causes it. This never happens with native menu rendering in ff2. There should be a configurable native menu mode in ff3 where you can count on this never happening.
- fswl1234
- Posts: 245
- Joined: October 15th, 2003, 4:32 pm
Re: [ext] NoScript 1.9 - Your Friendly Web Cop
i'm seeing *red diamond* with 1.9.0.4 but normal before the update (1.9)
test link --> https://bug272534.bugzilla.mozilla.org/ ... ?id=167513
it seems every now and then an update (of noscript) causes this problem with image placeholder, and then likely with the next one it goes away
but it's always been on and off, anyone else can confirm?
test link --> https://bug272534.bugzilla.mozilla.org/ ... ?id=167513
it seems every now and then an update (of noscript) causes this problem with image placeholder, and then likely with the next one it goes away
but it's always been on and off, anyone else can confirm?
-
- Folder@Home
- Posts: 1886
- Joined: August 15th, 2004, 10:21 pm
Re: [ext] NoScript 1.9 - Your Friendly Web Cop
When I go to about:config, some of the NoScript preferences are in bold (user set) but they are already at the default value. Why is this?
-
- Posts: 4419
- Joined: May 30th, 2005, 2:01 pm
- Location: Colorado, USA
Re: [ext] NoScript 1.9 - Your Friendly Web Cop
mzfuser wrote:When I go to about:config, some of the NoScript preferences are in bold (user set) but they are already at the default value. Why is this?
Which prefs? I have four that are like that, but they are all null string prefs which have been modified by me or NoScript to something else and then programatically set back to the null string, which coincidentally happens to be the default. Curious, but not too surprising if you think about it, eh?
-
- Posts: 125
- Joined: April 23rd, 2008, 1:48 am
Re: [ext] NoScript 1.9 - Your Friendly Web Cop
An inconsequential bug "Click jack " I suppose. http://search.utorrent.com/search.php?q ... 3fq%3d&u=1
Just roll the cursor on the right so that some menu elements are partially hidden.Then press pirate search.
Just roll the cursor on the right so that some menu elements are partially hidden.Then press pirate search.
-
- Posts: 23
- Joined: July 14th, 2004, 2:00 pm
Re: [ext] NoScript 1.9 - Your Friendly Web Cop
http://home.att.net/~v_spec/Zalman.JPG
I am receiving a ClickJacking notification whenever I visit zalmanusa.com. Zalman is on my whitelist but this started to occur after the recent updates. I've been receiving this warning. Can someone verfiy this?
I am receiving a ClickJacking notification whenever I visit zalmanusa.com. Zalman is on my whitelist but this started to occur after the recent updates. I've been receiving this warning. Can someone verfiy this?
-
- Posts: 1
- Joined: February 8th, 2009, 4:51 am
scripts forbiden on whitelisted site?
Hi!
I have a problem with NoScript where the primary site I am visiting is always forbidden [e.g. Allow TV.com is bold and grayed out at the bottom of the options rollup menu even if added to the whitelist].
FYI : Did a reset of options w/i NoScript and the restriction seems to have gone away.
Thanks
Z
I have a problem with NoScript where the primary site I am visiting is always forbidden [e.g. Allow TV.com is bold and grayed out at the bottom of the options rollup menu even if added to the whitelist].
FYI : Did a reset of options w/i NoScript and the restriction seems to have gone away.
Thanks
Z
Last edited by zalewr on February 8th, 2009, 5:47 am, edited 1 time in total.
-
- Posts: 1
- Joined: February 8th, 2009, 5:11 am
Popup Issue
The following issue appears on a clean firefox install (Ubuntu 8.10 as well as Windows XP) with Noscript beeing the only addon.
This html page tries to open a popup window, which is blocked by Firefox. (Noscript must be configured to allow javascript for this page of course.) Firefox notifies the user that it has been blocked and gives the user an option to open it anyway ("Show test.htm", see screenshot). This is the expected behaviour.
Same situation as above, but an additional source is loaded by an iframe. Firefox blocks the popup, but doesn't give an option to open the popup ("Show test.htm" is missing, see screenshot). Without Noscript, Firefox behaves as expected, ie. "show test.htm" is available as in the first example.
This html page tries to open a popup window, which is blocked by Firefox. (Noscript must be configured to allow javascript for this page of course.) Firefox notifies the user that it has been blocked and gives the user an option to open it anyway ("Show test.htm", see screenshot). This is the expected behaviour.
Code: Select all
<html><head><title>PopupTest1</title></head><body>
<script type="text/javascript">
window.open("test.htm");
</script></body></html>
Same situation as above, but an additional source is loaded by an iframe. Firefox blocks the popup, but doesn't give an option to open the popup ("Show test.htm" is missing, see screenshot). Without Noscript, Firefox behaves as expected, ie. "show test.htm" is available as in the first example.
Code: Select all
<html><head><title>PopupTest2</title></head><body>
<script type="text/javascript">
window.open("test.htm");
</script>
<iframe src="test.htm">
</body></html>
- esquifit
- Posts: 18
- Joined: December 28th, 2006, 5:52 pm
- Contact:
Re: [ext] NoScript 1.9 - Your Friendly Web Cop
Giorgio Maone wrote::
Regarding the thing you're trying to do with CAPS, NoScript provides abetter method, called Script Surrogates, which is less likely to break things and is obviously compatible.Code: Select all
user_pref("noscript.surrogate.noframebreak.sources", "@*.example.org http://another.site.org");
user_pref("noscript.surrogate.noframebreak.replacement", "window.top = {};");
Notice that the "@" before URL patterns is important to tell the Surrogate engine that replacements are page-level, rather than for 3rd party scripts.
Unfortunately this doesn't seem to work. You can try it yourself at "http://esquifit.googlepages.com/Frame.html" which includes "http://www.wiadomosci24.pl/" as a subframe. The subframe contains a framekiller line
Code: Select all
if (self != top) { top.location = self.document.location; }
I've also tried to override the location object by setting "noscript.surrogate.noframebreak.replacement" to "window.location = {}"
or "location = {}" and some other variations. In all cases this causes an endless loop, which makes sense, since what NS is doing here is effectively executing a redirection to "{}".
Anyway, "preventing access" to the Location object and "setting" the Location object to anything are two completely different things. What we need here is a way to 'prevent access' to the location object, and this is just what CAPS does.
I think that avoiding conflicts due to a domain being included in two policies could be solved in this way:
At browser start-up and each time the user changes (either permanent or temporarily)something in the white list:
IF
a domain is listed in a capability.policy.<user_policy>.sites in user.js AND in "capability.policy.maonpscript.sites"
THEN
1) temporarily remove the domain from "capability.policy.maonpscript.sites", AND
2) add a preference "capability.policy.<user_policy>.javascript.enabled" with value "allAccess"
The effect would be that javascript is still enabled for the domain in question AND the user defined policies would be honoured.
Would this be an option?
-
- Folder@Home
- Posts: 1886
- Joined: August 15th, 2004, 10:21 pm
Re: [ext] NoScript 1.9 - Your Friendly Web Cop
Alan Baxter wrote:mzfuser wrote:When I go to about:config, some of the NoScript preferences are in bold (user set) but they are already at the default value. Why is this?
Which prefs?
noscript.badInstall
noscript.filterXExceptions
noscript.forbidJarDocumentsExceptions
noscript.notify.hideDelay
noscript.opacizeObject
noscript.sound.block
-
- Posts: 4419
- Joined: May 30th, 2005, 2:01 pm
- Location: Colorado, USA
Re: [ext] NoScript 1.9 - Your Friendly Web Cop
@mzfuser:
That is surprising, especially for the non-string prefs.
1) You're saying that noscript.badInstall has a Value of false but a Status of user set, for example. Right?
2) Does the user set indication in about:config persist across Firefox restarts?
3) Are the noscript prefs the only ones that ever have this issue, i.e. are any of your other user set prefs actually at their default value?
4) Has anyone reported this issue in bugzilla yet?
That is surprising, especially for the non-string prefs.
1) You're saying that noscript.badInstall has a Value of false but a Status of user set, for example. Right?
2) Does the user set indication in about:config persist across Firefox restarts?
3) Are the noscript prefs the only ones that ever have this issue, i.e. are any of your other user set prefs actually at their default value?
4) Has anyone reported this issue in bugzilla yet?
-
- Folder@Home
- Posts: 1886
- Joined: August 15th, 2004, 10:21 pm
Re: [ext] NoScript 1.9 - Your Friendly Web Cop
1. Correct.
2. only the noscript.badInstall pref seems to persist. For the rest I discovered that opening the NoScript options will change those preferences to User Set, even if I dont modify anything.
3. AFAIK, yes.
2. only the noscript.badInstall pref seems to persist. For the rest I discovered that opening the NoScript options will change those preferences to User Set, even if I dont modify anything.
3. AFAIK, yes.
-
- Posts: 4419
- Joined: May 30th, 2005, 2:01 pm
- Location: Colorado, USA
Re: [ext] NoScript 1.9 - Your Friendly Web Cop
3) AFAIK too. I wasn't about to carefully examine the value of every user set pref in about:config to verify its value wasn't the default. Too tedious!
4) I couldn't find any corresponding bugzilla report.
4) I couldn't find any corresponding bugzilla report.
- Giorgio Maone
- Posts: 3516
- Joined: September 21st, 2004, 12:05 am
- Location: Palermo - Italy
- Contact:
Re: [ext] NoScript 1.9 - Your Friendly Web Cop
@al_9x:
Looks like something specific to that page. Can you reproduce it on other sites?
@redhat71:
Thanks for reporting, but I cannot reproduce it.
@nagan:
are you sure you can reproduce on 1.9.0.4? I can't
@gOdisOnyOuRsIDe:
it's quite a tricky situation, with Flash movies overriding each other.
I'm checking it, in the meanwhile you can add zalman.co.kr to the noscript.clearClick.exceptions about:config preference.
@Talion:
Investigating, thanks.
@esquifit:
it's surely desirable, but low priority since almost nobody uses CAPS these days (NoScript aside) and there's lot of stuff to do yet.
Thanks for the neat idea, anyway.
Looks like something specific to that page. Can you reproduce it on other sites?
@redhat71:
Thanks for reporting, but I cannot reproduce it.
@nagan:
are you sure you can reproduce on 1.9.0.4? I can't
@gOdisOnyOuRsIDe:
it's quite a tricky situation, with Flash movies overriding each other.
I'm checking it, in the meanwhile you can add zalman.co.kr to the noscript.clearClick.exceptions about:config preference.
@Talion:
Investigating, thanks.
@esquifit:
it's surely desirable, but low priority since almost nobody uses CAPS these days (NoScript aside) and there's lot of stuff to do yet.
Thanks for the neat idea, anyway.
-
- Posts: 7
- Joined: September 9th, 2003, 9:11 am
Re: [ext] NoScript 1.9 - Your Friendly Web Cop
I found a new problem with Noscript. When going to abc.com, to watch a "free episode", the new window opens, but even with temporary permission granted, the episode does not load. It just seems to be downloading indefinitely. When I disable Noscript, the episode loads right away. The site worked fine with Noscript about 3 weeks ago. It would be great if support would look into it.