[ext] NoScript 1.1.4.5 - faster and neater

Announce and Discuss the Latest Theme and Extension Releases.
Locked
Reboneer
Posts: 10
Joined: April 21st, 2006, 10:00 pm

Post by Reboneer »

Giorgio Maone wrote:@Reboneer: the fact a clean profile doesn't help leaves me totally puzzled, as everybody should have the same problem but you're the only one reporting it so far :-k Does it happen with a specific site or on every domain you try to allow?


Every domain. Although, on a few (such as slashdot), it doesn't work even after closing/opening Firefox.
divincem
Posts: 2
Joined: January 4th, 2006, 12:51 pm

Feature Request: Allow all scripts on this page

Post by divincem »

I love this extension but I have one request that would be a real time saver. When visiting a site that has java scripts from mulitple locations it would be convenient to be able to allow them all at once instead of having to choose allow script from as many as four or five domians or sites.
virtdave
Posts: 13
Joined: January 16th, 2006, 10:54 pm

Post by virtdave »

the problem with divincem's suggestion is that many domains have scripts that one would like to keep off the whitelist along with some which one would like to allow. However, an option to "allow all scripts on this page" might be helpful, and could solve my problem noted many times above on this thread.
keeperofkeys
Posts: 1
Joined: November 27th, 2006, 7:50 am

No 'Allow Scripts...' for Domain

Post by keeperofkeys »

Hi

I am a big fan and evangelist of NoScript. I think I have found a tiny bug, however.

I visited the site http://www.east.uk.com, and wanted to enable js for that domain but was unable to do it through the taskbar icon, which only ofrered "Allow scripts globally". I was able to do it by manually entering the domain, and suspect its weird second level domain is interfering with NoScript's allow-by-domain mechanism.

Just thought you should know.

Regards,

Chris
User avatar
Giorgio Maone
Posts: 3516
Joined: September 21st, 2004, 12:05 am
Location: Palermo - Italy
Contact:

Post by Giorgio Maone »

@Chris: should be fixed in the current "minor" upgrade, NoScript 1.1.4.5.061127 (direct link only, no AMO yet).

@Reboneer: any 3rd party anonymizer/firewall/antyspyware? Google bar or other Google goodies maybe (but clean profile... hrm)?

@divincem, virtdave: Bulk (cascade and/or checkbox driven) allowance and blacklist for recurrent annoyances are already my top priorities for feature development, but they require time to be done right and safely. Please be patient :)
User avatar
Alfred Neuman
Posts: 1930
Joined: January 19th, 2005, 10:52 am

Post by Alfred Neuman »

I cannot watch videos on cnn.com unless I click Allow Scripts Globally.
Allowing all of the scripts on the page to run individually does not work.
Putting cnn.com on the white list does nothing.
There are many other sites where I have the same problem.
Do you often feel that you must be from another planet, or wish you were?
calt129
Posts: 8
Joined: July 29th, 2004, 4:43 am

Post by calt129 »

Forgive me if I'm posting this under the wrong thread, I didn't know where else.

I'm a big fan of NoScript and install it on every machine I use. It works very reliably. I have a question (possibly a feature req. too) though. Is it possible to allow scripts from somedomain.com to run always, but only if the current page comes from somedomain.com. I.e. if the scripts from somedomain.com are bound on a 3rd party side, say, externaldom.com, scripts from somedomain.com should not automatically run. This should be possible, isn't it? If not, is it too much to request this feature? :)

Thanks in advance
User avatar
Giorgio Maone
Posts: 3516
Joined: September 21st, 2004, 12:05 am
Location: Palermo - Italy
Contact:

Post by Giorgio Maone »

@Alfred Neuman: you need to allow cnn.com, cnn.net and about:blank.
@calt129: it's not currently possible. It doesn't make much sense from a strict security POV, because if you trust somedomain.com when it's the main page you have no reason not to trust when its script are embedded in a different page, but I can see its value as an ad-blocking feature ("block 3rd party scripts", much like the old "block 3rd party images" or "block 3rd party cookies" options). RFE accepted :)
User avatar
Alfred Neuman
Posts: 1930
Joined: January 19th, 2005, 10:52 am

Post by Alfred Neuman »

Giorgio Maone wrote:@Alfred Neuman: you need to allow cnn.com, cnn.net and about:blank.

I allow all of those, but it still doesn't work until I allow scrips globally!
Do you often feel that you must be from another planet, or wish you were?
User avatar
Giorgio Maone
Posts: 3516
Joined: September 21st, 2004, 12:05 am
Location: Palermo - Italy
Contact:

Post by Giorgio Maone »

@Alfred Neuman:
All the three of them? are you sure? could you try on a clean profile (@virtdave, could you do the same)?
Notice that initially you get an intermediate screen stating WMP 9 can't be detected, but it goes away after 1st run.
User avatar
Alfred Neuman
Posts: 1930
Joined: January 19th, 2005, 10:52 am

Post by Alfred Neuman »

Giorgio Maone wrote:@Alfred Neuman:
All the three of them? are you sure? could you try on a [url=http://kb.mozillazine.org/Profile]clean profile

Yes, I am sure and it has been this way on many profiles.
Go over to cnn.com and try it, yourself.
Do you often feel that you must be from another planet, or wish you were?
calt129
Posts: 8
Joined: July 29th, 2004, 4:43 am

Post by calt129 »

I could imagine such a feature could block unintended XSS-vulnerabilities (e.g. see most recent Google XSS news). I had mostly big pages like Amazon, Ebay, Google, Yahoo etc in mind. I want their home pages to be able to execute JS but not when 3rd party pages embed Google Ads, Amazon lookups, etc. In short, I trust Ebay-scripts only when I'm on ebay.com. I hope it's clear what I mean. Anyway, thanks for the acceptance and keep up the good work :)
User avatar
therube
Posts: 21685
Joined: March 10th, 2004, 9:59 pm
Location: Maryland USA

Post by therube »

cnn ... you need to allow cnn.com, cnn.net and about:blank

Works fine for me (SeaMonkey) with those settings.
Fire 750, bring back 250.
Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball CopyURL+ FetchTextURL FlashGot NoScript
User avatar
therube
Posts: 21685
Joined: March 10th, 2004, 9:59 pm
Location: Maryland USA

Post by therube »

@virtdave

No problem here with dr.dk & about:blank allowed.

http://netradio.dr.dk/content.asp?station=17&
& this too
http://netradio.dr.dk/content.asp?station=35&
Fire 750, bring back 250.
Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball CopyURL+ FetchTextURL FlashGot NoScript
User avatar
Torpark
Posts: 16
Joined: October 5th, 2005, 9:06 am
Contact:

NoScript hardening

Post by Torpark »

I am writing a new version of Torpark, and I have a request for NoScript.

I want to disable all plugin scanning/loads by default in the prefs.js

Then the only way to enable it would be not only for NoScript to be installed, but to also specifically allow that page.

The reason for this is possible MIME attacks that could circumvent NoScript and call the plugins.

Also, if you could adjust the time that the notice bar appears to allow the user to allows the page, that would be great also.
Locked