[ext] NoScript 1.1.4.1, cleanup release

[therube]

I only see two, sourceforge & falknag.
Check your options.
Options | Appearance -> Base 2nd level Domains (check it & see if it helps)

Site matching

For each site you can decide to allow the exact address, or the exact domain, or a parent domain. If you enable a domain (e.g. mozilla.org), you're implicitely enabling all its subdomains (e.g. www.mozilla.org, addons.mozilla.org and so on) with every possible protocol (e.g. http and https). If you enable an address (protocol://host, e.g. http://www.mozilla.org, you're enabling its subdirectories (e.g. http://www.mozilla.org/firefox and http://www.mozilla.org/thunderbird), but not its domain ancestors nor its siblings, i.e. mozilla.org and addons.mozilla.org will not be automatically enabled.
By default only the 2nd level (base) domain is shown (e.g. mozilla.org) is shown in the menus, but you can configure appearance to show full domains and full addresses as well.

http://www.noscript.net/features

[daveisfera]

It appears that www.fark.com is showing an ad that doesn't get blocked by Adblock, because of a little Javascript trick that they're doing that No-Script doesn't block.

Here's the code:

<script language="Javascript" type="text/javascript"><!--
document.write('<' + 'script language="Javascript" src="http://ad.doubleclick.net/adj/fark.maxim.dart/homepage;tile=1;sz=728x90;ord=');
document.write(fts+'?" type="text/javascript"><' + '/script>');
//--></script><noscript><a href="http://ad.doubleclick.net/jump/fark.maxim.dart/homepage;tile=1;sz=728x90;ord=1149635882?" target="_blank"><img src="http://ad.doubleclick.net/ad/fark.maxim.dart/homepage;tile=1;sz=728x90;ord=1149635882?" width="728" height="90" border="0" alt=""></a></noscript>

or you can just go to www.fark.com and see the ads on the top and the right of the page. I have No-Script installed and enabled and fark.com is not allowed. I'm also using FireFox 1.5.0.4 and NoScript version 1.1.4.1 and Adblock v.5 d3 * nightly 42 with Adblock Filterset.G Updater 0.3.0.4.
Thanks,
Dave

[Giorgio Maone]

Here's the code:

<script language="Javascript" type="text/javascript"><!--
document.write('<' + 'script language="Javascript" src="http://ad.doubleclick.net/adj/fark.maxim.dart/homepage;tile=1;sz=728x90;ord=');
document.write(fts+'?" type="text/javascript"><' + '/script>');
//--></script><noscript><a href="http://ad.doubleclick.net/jump/fark.maxim.dart/homepage;tile=1;sz=728x90;ord=1149635882?" target="_blank"><img src="http://ad.doubleclick.net/ad/fark.maxim.dart/homepage;tile=1;sz=728x90;ord=1149635882?" width="728" height="90" border="0" alt=""></a></noscript>

The ad you can see is not the JavaScript output (NoScript pitilessly kills that script as usual), but the <noscript>...</noscript> content, i.e. the content that must be shown when JavaScript is disabled, just as expected per HTML specs.
Don't know if and why AdBlock can't block it, but AdBlock Plus worked fine for me with a simple right-click, Block images from ad.doubleclick.net.
Hope it helps

[wanderer510]

I only see two, sourceforge & falknag.
Check your options.
Options | Appearance -> Base 2nd level Domains (check it & see if it helps)

This is what i have checked: 2nd level, Full domains and Temporarily allow. In every site that has javascripts for i.e. 3 domains, i see a list of 20-30 elements in it. I'm just saying that IMHO it would be better if there were 3 submenus (one for each domain) in the menu.

[|2eM!x]

I would just like to congradulate you, great plugin

A few requests from me (or maybe options I have missed?):
1. The ability to block certain scripts on pages, a good way would be to show a small window with all the different scripts on the page, and you could select which ones would be allowed? I think that would really be helpful for me on forums etc with advertisements.

2. That menu that pops up on the bottom is rather ugly and not user friendly, would it be possible to have a small bubble pop out of the S on the bottom of the page and just say Script Blocked! or something to that extent? That is just for the average user.

Thats about all I have to say, great plugin, I love it.

[Giorgio Maone]

I would just like to congradulate you, great plugin

Thanks!

1. The ability to block certain scripts on pages, a good way would be to show a small window with all the different scripts on the page, and you could select which ones would be allowed? I think that would really be helpful for me on forums etc with advertisements.

Try AdBlock Plus for this. I use NoScript for security and AdBlock plus for advertisements

2. That menu that pops up on the bottom is rather ugly and not user friendly, would it be possible to have a small bubble pop out of the S on the bottom of the page and just say Script Blocked! or something to that extent? That is just for the average user.

The ugly yellow message bar is for the average user, who may forget about NoScript and wonder why some pages behave strangely.
If you're NoScript aware, I agree that the status bar icon suffices: you can turn the message bar off in NoScript Options|Appearance.

[condorito]

I just installed NS1141. Excellent extension! Just one question, when exactly (version number) and why did about:blank become allowed right out of the box? I remember a previous version of NS, when about:blank was blocked because it could be exploited, I read something about trojans sneaking in through the about:blank exploit. What's the current status? Is the about:blank thing not an issue anymore with the latest builds of Firefox? I am confused.

[Giorgio Maone]

I just installed NS1141. Excellent extension! Just one question, when exactly (version number) and why did about:blank become allowed right out of the box?

1.1.3.3, and this FAQ explains why it's reasonably safe.

[socokoolaid]

I've been using NoScript for a few months now, I realy like the extention.
Over time Ive noticed that it seems a lot of pages popup in javascript, then are immediately changed to non javascript. Is it possible that some page's javascript are initialy ran, before being dissabled?
I could just immagine the quick dissregaurds at such an accusation on the grounds of cached pages and such. But carefull attention to the displaying of pages revealed some clues that made me question this.
Case in point: My most doubt raising site, was Yahoo Mail. I kept Yahoo.com blocked preventing ugly spyware adds and just for peice of mind. When you check your mail is where the problem occurs. The page 'mail home', with the contents of your inbox, completely displays, with new unseen email topics to show its not a cached page. By the count of 2 seconds or less the page is replaced with a page notifying you that javascript it turned off and give you an option to revert to the old non javascript style. This breif displaying of the page, is similar to some othersites, and what raises my concern.
Possibly this is just the order in wich things are processed on the page, and most of the page is displayed before the javascript controls and parts are attempted to be processed and invoked.
What is realy happening?

[Giorgio Maone]

I've been using NoScript for a few months now, I realy like the extention.

Thanks

Over time I've noticed that it seems a lot of pages popup in javascript, then are immediately changed to non javascript. Is it possible that some page's javascript are initialy ran, before being dissabled?

Not way. NoScript doesn't stop JavaScript while it's running, it prevents it from running.
If a site is not whitelisted, there's no chance for scripts to run. Period.

What is realy happening?

No mystery here.
This is the piece of HTML (from mail.yahoo.com) that does the trick:

Code: Select all

<noscript>
<META HTTP-EQUIV=Refresh CONTENT="0; URL=/ym/login?nojs=1">
</noscript>

The <noscript> HTML tag delimits content that is parsed only if JavaScript is disabled.
In this very case, it encloses a <meta> tag that automatically replaces the page with the "JavaScript must be enabled" one as soon as the original is loaded.

Hope you feel safe again now

[Anser]

Great extension. I would love to have a master list of "always disallow" sites, similar to the master list of "always allow." If a site (like the various hit-counter companies etc) was on the "always disallow" list, then not only wouldn't its scripts run, but it wouldn't even trigger the "Scripts Partially Allowed" bar, or appear as an "Allow" item in the popup for Options...

That way I don't have to see that bar and repeat my decision about falkag, google-analytics, etc, on page after page. The bar would only appear when domains I hadn't blacklisted yet offered scripts.

Again, thanks.

[Milesch]

It was a great extension while it lasted. Had installed it on SeaMonkey 1.0.1, then upgraded to 1.0.2 by overwriting, without deleting the previous version and the icon was still in the status bar, but was not operational.

So have uninstalled and installed 3 times and it does not appear in the status bar, and right clicking on any of the bars does not produce a method to customize and bring it up. Don't locate any mention of it in Preferences. It is installed according to the extension "extension manager," and is gone from there when deleted.

Installed it to the profile, and do not care to put it into the program as that can be difficult to remove. Any ideas as to how to bring it to the surface?

[riowong]

Hi, does the "Allow scripts Globally" work as a temporary manner? If not, could NoScript all all scripts temporarily? Individually temporarily allowing scripts to a web page is very inconvenient. Thx.

[Milesch]

Cannot locate anything called "allow scripts globally." I don't recall, is that part of the setup with the extension? If so, I can't find a way to access it as there is no icon anywhereon which to click.

[Giorgio Maone]

So have uninstalled and installed 3 times and it does not appear in the status bar

What did you uninstall/reinstall? NoScript or SeaMonkey?
SeaMonkey needs some kind of extensions (including NoScript) to be reinstalled after an upgrade.
Also, permissions can be a problem, especially if you're on Linux or another Unix-like environment and you've got no write privileges on the SeaMonkey folder at extension install time. More details in this
Finally, the Allow scripts Globally (dangerous) command is a menu item found on every NoScript menu (either contextual, status bar or toolbar).
I may actually consider to make it temporary by default, because if you really want to permanetly allow all the script you can either disable or uninstall NoScript at once - nevertheless, I don't think it's wise until SeaMonkey users have not a real extension manager to uninstall/disable extensions...