MozillaZine

[ext] NoScript 1.9 - Your Friendly Web Cop

Announce and Discuss the Latest Theme and Extension Releases.
dhouwn
 
Posts: 15
Joined: January 21st, 2008, 6:35 am

Post Posted February 3rd, 2009, 2:54 pm

unholy wrote:For me the most annoying part of using NoScript was always the huge amount of needles labor when setting policies for commonly used sites. More precisely the need to remember each unknown domain name and then write it manually in another place, just to check what kind of site is it, and must it be added to untrusted list as advertisement provider or statistics collector for example.
I usually check it right away (new tab where I enter the domain manually), still I would be glad if there was an easier way.
unholy wrote:Is it possible to add to the list of options for unknown sites an option to copy it's base domain name to the clipboard? This way it will be possible to check unknown sites without the need to remember each of their names.
Well that sounds like a great idea to me! :D

Alan Baxter
 
Posts: 4419
Joined: May 30th, 2005, 2:01 pm
Location: Colorado, USA

Post Posted February 3rd, 2009, 9:37 pm

unholy wrote:Is it possible to add to the list of options for unknown sites an option to copy it's base domain name to the clipboard?

+1

x3ja
 
Posts: 2
Joined: July 10th, 2005, 8:52 am

Post Posted February 4th, 2009, 3:09 am

I have some issues with using NoScript and Twitter.
Even though I have permitted twitter.com (and googleapis.com which it also uses) there are certain things that do not work properly - like the letter count and the "follow" buttons.
If I select "Allow scripts globally" and reload the page, these features work fine.
How can this be? I can't see why this should make a difference... :?
Any ideas?

redwolfe
 
Posts: 2
Joined: February 4th, 2009, 7:16 am

Post Posted February 4th, 2009, 7:37 am

I've noticed a new strangeness in an interaction between thunderbird and firefox when noscript is installed and active.
Clicking an http: link in TB (expecting FF to open it) there is a transformation of the http: to a file: URL

I have isolated this to NoScript involvement by uninstalling NS and also by re-installing TB and FF. The problem only re-occurred after I re-installed NoScript.
Platform is Fedora 10 using Gnome on an x86_64 machine. I've double checked the Gnome settings and FF and TB settings to make sure I didn't do anything obvious.

There are no proxies involved, all connections are "Direct connection to the Internet"

bobblebob
 
Posts: 11
Joined: February 4th, 2009, 9:51 am

Post Posted February 4th, 2009, 9:54 am

I have the latest version but getting an issue when buying from certain sites online.

I have tried to purchase a few things from legit sites like Eurostar but the transaction fails when i enter my password on the Verified By Visa security page. It seems Noscripts doesnt like the payment systems that debit the money from your account as soon as your press Submit. The way them transactions work, is they must contact another site to verify everything, and NoScripts is classing it as Cross Site scripting and blocking it. I always get the Cross Site scripting warning when buying from sites that debit my card automatically

Other sites that require the details to be verified at their end dont have any issues (Play.com, Amazon etc).

Giorgio Maone

User avatar
 
Posts: 3516
Joined: September 21st, 2004, 12:05 am
Location: Palermo - Italy

Post Posted February 4th, 2009, 12:02 pm

@Some Person:
did you check if disabling AdBlock helps?

@deathmetalfan:
is currently possible on Windows but not on Linux. I'm investigating.

@oki-inu
Could you give me a link to examine?

@jimattfield:
those guys at BBC are not that smart: embedding all the script in a HTML comment even if its an external script is useless, and in this case disruptive because all the script is seen by NoScript as a XML document.
I'll try to work-around on my side in next release.

@MartinHowe:
NoScript threats OBJECT elements as IFRAMEs if their content is a built-in document type, or as EMBEDs if it's plugin-handled.
Since NoScript shows its own click-activated placeholder, it doesn't display alternate content indeed not to disrupt layout.

@Lassar:
Google Keywords work just fine for me, just allowing google.com. Please try to use NoScript Options|Reset. If the problem persist, please explain me clearly which specific feature is broken and how to reproduce it.

@liqid:
unluckily the ftp sorting scripts run in the context of the site. You say they don't work if you allow the site, but they work for me on ftp://ftp.mozilla.org. However I would prefer if they worked independently, without the need of allowing an FTP site...

@unholy, dhouwn and Alan Baxter:
I've been thinking of a single command which opens a new tab with links to the site, to google search for the site (and possibly a short summary from WOT or another service) for all the forbidden sites in the menu, not to clutter the UI.

x3ja:
both the features are working for me. Are you sure you're using latest development build ?
Could you try using NoScript Options|Reset?

@redwolfe:
Investigating, thanks.

@booblebob:
two things:
  1. Could you send me the [NoScript XSS] messages you can find in Tools|Error Console when this happens?
  2. Does the translation complete if you use the Unsafe Reload command from the Options button?

oki-inu
 
Posts: 3
Joined: February 3rd, 2009, 12:15 am

Post Posted February 4th, 2009, 3:16 pm

Giorgio Maone wrote:
@oki-inu
Could you give me a link to examine?



Yes,

http://odecker.blogspot.com/

Thank you

jimattfield

User avatar
 
Posts: 3
Joined: February 3rd, 2009, 5:13 am

Post Posted February 4th, 2009, 4:00 pm

Giorgio Maone wrote:@jimattfield: those guys at BBC are not that smart: embedding all the script in a HTML comment even if its an external script is useless, and in this case disruptive because all the script is seen by NoScript as a XML document. I'll try to work-around on my side in next release.

Thanks, Giorgio, much appreciated.

Jim

Giorgio Maone

User avatar
 
Posts: 3516
Joined: September 21st, 2004, 12:05 am
Location: Palermo - Italy

Post Posted February 4th, 2009, 4:38 pm

@oki-inu, jimmattfield:
please try latest development build, 1.9.0.3.

jimattfield

User avatar
 
Posts: 3
Joined: February 3rd, 2009, 5:13 am

Post Posted February 4th, 2009, 5:13 pm

Giorgio Maone wrote:@oki-inu, jimmattfield:
please try latest development build, 1.9.0.3.

That has fixed my issue - applet visibility has been restored, the error console is clear (except for my own errors :) ). I am deeply grateful for the quick fix.

Jim

Some Person
 
Posts: 20
Joined: June 7th, 2008, 11:46 pm

Post Posted February 4th, 2009, 6:58 pm

Re: Chase Mortgage rate site:
Giorgio Maone wrote:@Some Person:
did you check if disabling AdBlock helps?

As per the original post,
"AdBlock = Whitelist this whole site > reload.

So yes, the entire site was whitelisted in AdBlock.

mzfuser
Folder@Home
 
Posts: 1886
Joined: August 15th, 2004, 10:21 pm

Post Posted February 4th, 2009, 7:41 pm

@Giorgio - would it be possible to have tab that shows Untrusted sites? Also how do you change a site from Untrusted to "Forbidden"?

JohnMGoodman
 
Posts: 2
Joined: February 2nd, 2009, 5:23 am

Post Posted February 5th, 2009, 12:38 am

Thank you. This is exactly the sort of explanation and workaround I was hoping you could give me.

As to using the "Remember me" checkbox on a secure site, I thought it usually just remembered my login name, and not my password, and furthermore I always "log out" (by clicking the link of that name) before exiting those sites and then have to log back in when I return. The cookie supplies by login name and Firefox supplies my password (when all works as I like it to work). So I don't really think I have invoked the danger you mention unless I *also* fail to log out from those sites when I leave them.

Giorgio Maone wrote:@JohnMGoodman:
the behavior you're describing may happen if you visit (before or after your secure transactions) the bank site without HTTPS.
Whenever you visit a non-https domain which you've got cookies which had been set during a HTTPS conversation, those cookies are stripped by secure cookie management.
An easy work-around for this is configuring NoScript Options|Advanced|HTTPS to force HTTPS on that site.
As a side note and generally speaking, using the "remember me" feature for a sensitive site is a very unsafe practice, since it makes CSRF and XSS attacks much more likely to succeed (because you're permanently logged in).

oki-inu
 
Posts: 3
Joined: February 3rd, 2009, 12:15 am

Post Posted February 5th, 2009, 2:32 am

Giorgio Maone wrote:@oki-inu, jimmattfield:
please try latest development build, 1.9.0.3.


Problem solved. Thank you so much. =D>

Giorgio Maone

User avatar
 
Posts: 3516
Joined: September 21st, 2004, 12:05 am
Location: Palermo - Italy

Post Posted February 5th, 2009, 7:59 am

@mzfuser:
something on those lines is planned for 2.x

@Some Person:
The mortgage Flash applet is working fine for me, even just enabling it.
Could you please check you've got the latest versions of Firefox (3.0.6) and Flash (10.0r12) + latest development build of NoScript?
If the problem persists, please try Standard Diagnostic.

Return to Extension/Theme Releases


Who is online

Users browsing this forum: No registered users and 4 guests