MozillaZine

[ext] NoScript 1.9 - Your Friendly Web Cop

Announce and Discuss the Latest Theme and Extension Releases.
donde
 
Posts: 7
Joined: May 5th, 2005, 9:43 pm

Post Posted February 5th, 2009, 9:28 am

For some reason, since I updated to NS 1.9 I have been unable to get to a website by entering in the site's address in the location bar. I installed the dev build just now and I'm still unable to get anywhere. For the moment, I'm having to use the search box and Google to get around this. Any help with this?

Giorgio Maone

User avatar
 
Posts: 3516
Joined: September 21st, 2004, 12:05 am
Location: Palermo - Italy

Post Posted February 5th, 2009, 9:41 am

@donde:
are you sure it's NoScript rather than something else?
Could you try Standard Diagnostic and, if NoScript is actually found to be the culprit, NoScript Options|Reset?

tmr250z
 
Posts: 175
Joined: August 22nd, 2008, 9:56 pm

Post Posted February 5th, 2009, 11:42 am

Giorgio, when I go to http://www.blackberry.com and select my country in the drop-down menu, I should be redirected to the blackberry site for my country, but that doesn't happen even though I have allowed all scripts to run on that page. Is this due to NoScript or is because that site doesn't work properly in Firefox?

Giorgio Maone

User avatar
 
Posts: 3516
Joined: September 21st, 2004, 12:05 am
Location: Palermo - Italy

Post Posted February 5th, 2009, 12:55 pm

@tmr250z:
it works fine for me (as soon as I hit the "Go" button).
Could you check if your problem persists on latest development build, and if it does if NoScript Options|Reset helps?

MartinHowe

User avatar
 
Posts: 4
Joined: February 3rd, 2009, 6:58 am
Location: The next most easterly town in England

Post Posted February 5th, 2009, 3:42 pm

@Giorgio Maone
"Since NoScript shows its own click-activated placeholder, it doesn't display alternate content indeed not to disrupt layout"

I see what you mean, but would respectfully suggest that it is not a good enough reason; no security software should ever forbid legitemate content just because the author of the security software "doesn't like how it looks when it is allowed." The W3C state that content between the <object> and </object> tags is supposed to be displayed if the object is blocked. It's the rules. And the rule is there for a reason! That reason is - the niaeve end user.

The content between the <object> and </object> tags is the equivalent of the <noscript> and </noscript> tags in JavaScript/VBScript, etc; and yes, I know that NoScript can be configured to block <noscript> tags for JavaScript as well. The point here, however, is that NoScript does not do that by default and while any user who has turned on blocking of <noscript> tags obviously knows what they're doing, what worries me is the niaeve end user who doesnt.

Suppose an inexperienced end-user installs FireFox and add NoScript because they have been "told that it is a good idea" - which it is. They then navigate to a page where JavaScript is disabled by NoScript AND ALSO the object (used as an IFRAME because those are deprecated) is blocked. Because they cannot see the actual text of the message that the web site author is putting for their benefit when even the OBJECT is disabled, them, they think "EEEK! I dare not look at this OBJECT because I don't know what it is - it might be a VIRUS!!!" The message is also there to tell them why something does not work, so that they can make an informed decision as to how important it is and whether to take the risk or not.

I write my web site so that basic functionality does not need JavaScript, IFRAMES or OBJECTS, but this cannot be true of reCAPTCHA, which needs at least some active content to work; you are basically blocking somebody else's security software (anti-spam)!! It is good UI design to have a fallback message when active page elements are blocked and that is what the <noscript> and <object>...</object> content is for -- you might as well disable <noscript> tags by default, too!

Or to look at this in another light -- just as the end user has the right to not grant me permission to run code on his browser, I have the right to ask him if I can, and critically, to tell him what went wrong if he said "no".

I expect security software to respect my rights as well as those of the people who browse my site.

I like NoScript and use it myself, but I would dispute the word "friendly" now that it blocks some kinds of legitemate content by default - it would be like cutting off the right arm of every man, to stop him becoming a mugger. I go out of my way to use a carefully thought-out message when scripts are disabled and am thus concerned at the use of the phrase "lame please enable javascript message", because it suggests a prejudice against active content on principle; please, Gorgio, don't turn into Ned Ludd :)
Last edited by MartinHowe on February 5th, 2009, 4:03 pm, edited 1 time in total.

Giorgio Maone

User avatar
 
Posts: 3516
Joined: September 21st, 2004, 12:05 am
Location: Palermo - Italy

Post Posted February 5th, 2009, 3:55 pm

@MartinHowe:
the NoScript-provided placeholder plays an important usability role, being the easiest and most intuitive way to enable the blocked object (by clicking it).
How do you suggest to mix this NoScript-provided placeholder with the replacement content provided by web author?

MartinHowe

User avatar
 
Posts: 4
Joined: February 3rd, 2009, 6:58 am
Location: The next most easterly town in England

Post Posted February 5th, 2009, 4:25 pm

Giorgio Maone wrote:@MartinHowe:
the NoScript-provided placeholder plays an important usability role, being the easiest and most intuitive way to enable the blocked object (by clicking it).
How do you suggest to mix this NoScript-provided placeholder with the replacement content provided by web author?


Wow, that was a quick reply - I was only away for a few minutes (had to give the cats their supper :))

Ok; I have given this a bit of thought and come up with something. If there is no replacement content, the default NoScript placeholder works fine as it is. If there does exist replacement content, then there is more than one possibilty:

  • Keep the placeholder, but put a link on the placeholder that says "click to show the web site's "object disabled" message - it may contain useful information". In addition, if the placeholder is very small, also make a tooltip using the HTML "title" attribute.
  • Show the replacement content, but through a partly transparent shadow with a fully visible link that says "what's this?" and if clicked, shows your explanation and perhaps the choice of showing the alternate content normally (but keeping the object itself disabled).
  • Just show it as usual - like with JavaScript that doesn't have a visible effect on the page, the user still has the message or status indicator from NoScript telling them that something is blocked; perhaps having a "blocked objects" menu with a "show alternate text for this blocked object" menu item.

Oh and perhaps it is also worth saying for the specific case of reCAPTCHA, that reCAPTCHA is another security software in its own right and is know to be made by good people who are not criminals; perhaps it should be on the default whitelist anyway?

mzfuser
Folder@Home
 
Posts: 1886
Joined: August 15th, 2004, 10:21 pm

Post Posted February 5th, 2009, 4:50 pm

@Giorgio - What is the noscript.forbidImpliesUntrust preference supposed to do? I set it to true but I dont see any domains being marked as Untrusted.

Giorgio Maone

User avatar
 
Posts: 3516
Joined: September 21st, 2004, 12:05 am
Location: Palermo - Italy

Post Posted February 5th, 2009, 4:54 pm

@mzfuser:
when you use "Forbid somesite.com", somesite.com should be automatically marked as untrusted as well (rather than just disappear from your whitelist).

tmr250z
 
Posts: 175
Joined: August 22nd, 2008, 9:56 pm

Post Posted February 5th, 2009, 5:17 pm

You're right, Giorgio, it's not NoScript that's causing the problem, it's one of the Easylist filters that I'm using with Adlbock that's doing it. I seem to forget that I am even using Adblock sometimes, lol.

JDMT
 
Posts: 1
Joined: February 5th, 2009, 5:44 pm

Post Posted February 5th, 2009, 5:50 pm

Alright, my sister keeps going on my computer, all of my attempts to cause my computer to log out or shut down after 5 minutes doesn't seem to work, so I need a way to prevent No-Script from having the Allow Scripts Globally function, because she turns off No-Script to go play games, and I don't want this. Is it possible for me to do something to remove this function from my copy of No-Script?

Edit: She doesn't know much about computers, but she has figured out that she has to click on the Allow Scripts Globally button so she can play games, so I just need to remove it from the toolbar that appears on the bottom.

Kracov
 
Posts: 211
Joined: February 25th, 2005, 1:16 pm

Post Posted February 5th, 2009, 6:10 pm

hi again Giorgio
the imagefap popunder strikes again. it was working fine for months, but now the code below is only good for a few days before imagefap starts doing the popunder again.

javascript:setCookie("popundr", 100*365*24*60*60000);void(0)

so instead of using that code every few weeks, it now has to be done every few days. tips?

mzfuser
Folder@Home
 
Posts: 1886
Joined: August 15th, 2004, 10:21 pm

Post Posted February 5th, 2009, 6:38 pm

@Giorgio - So it only applies sites that you manually mark as forbidden? It doesnt work when a site starts forbidden?

NanM
 
Posts: 181
Joined: September 16th, 2008, 1:04 am
Location: SW WAustralia

Post Posted February 5th, 2009, 9:35 pm

JDMT wrote:[…] she has figured out that she has to click on the Allow Scripts Globally button so she can play games, so I just need to remove it from the toolbar that appears on the bottom.


Hi JDMT, welcome!

You can remove that context menu button by un-checking 'Allow Scripts Globally' in the Options>Appearance tab.

em_te

User avatar
 
Posts: 361
Joined: June 13th, 2004, 1:03 am

Post Posted February 5th, 2009, 9:58 pm

Can you add an option to NoScript such that if I arrive at a page by submitting a form, and the form was modified prior to submitting, then enable JS for that website? Because if not and I find out that it needed JS and I click "reload" then the form is submitted again.

Return to Extension/Theme Releases


Who is online

Users browsing this forum: No registered users and 5 guests