[ext] NoScript 1.1.4.5 - faster and neater

Announce and Discuss the Latest Theme and Extension Releases.
Locked
thecrazy
Posts: 2
Joined: February 23rd, 2007, 5:02 pm

hum...

Post by thecrazy »

Ohhh the confusion... im very sorry for this, its addblock causing the problem... guess im on the wrong forum lol.

Thx for your time thought! Was nice getting a reply this fast ;)

Fred.
User avatar
RobertJ
Moderator
Posts: 10880
Joined: October 15th, 2003, 7:40 pm
Location: Chicago IL/Oconomowoc WI

Post by RobertJ »

FEATURE SUGGESTION

Often when going to a site which doesn't work because of some Javascript being disabled among multiple sources of scripts, I test each using the "allow temporarily" until I find the one I want to enable. If I want to then enable it permanently I first need to disable then enable. Would be nice to just change from temporary to enable.

Thanks for a great extension. I've insisted that my wife use it also.
FF 92.0 - TB 78.13 - Mac OSX 10.13.6
User avatar
CAZephyr
Posts: 68
Joined: November 21st, 2005, 1:04 am

Post by CAZephyr »

I love the new development version. Now it doesn't keep alerting me about sites that I'd never allow in a million years. Kudos on the great work.
Questions: Is there someplace I can see a list of the distrusted sites? Also, is there a special significance to the 1.1.4.5.x version numbers? (I.e., when are we going to get version numbers higher than 1.1.4.5?)
Old martimus8
Posts: 0
Joined: December 31st, 1969, 5:00 pm

Post by Old martimus8 »

    Good day to you Giorgio,

    I have a feature request for NoScript that is rapidly becoming important while surfing safely on the internet and need some help... HELP! :)

    Your current filter policy scheme in 1.1.4.5.061221 only allows base domains to be allowed or disallowed, unless you trick it first by putting in a FQDN (e.g. "forums.mozilla.org", then "mozilla.org" - which might be a feature in itself, but not sure)

    As with AdBlock and CookieSafe extension they allow full parsing of what is considered "safe"
    (e.g. http://mozilla.org - only allows litterally that domain name structure and not any server or virtual server name such as www or www2 prepended to the beginning of the URI, etc.)

    Basically I need to be able to allow http://domain.nam and specific vserver names under that, but no others... this is particularly important for blogging sites that use a users id name as the virtual server...

    Fictitious example:

    Allow http://foobar.com/*
    Allow http://user1.foobar.com/*
    Allow http://user2.foobar.com/ (but don't allow any "subfolders" under that URI
    Allow http://foobar.org/*
    Allow http://foobar.userA.org/somesubfolder/* (but disallow any other parent (and it's other children) folder on that particular URI)
    Allow file://*.somepath/*
    Disallow any other filepath at file://*
    Disallow any other user at http://*.foobar.com/*

    If you take a closer look at the AdBlock extension and CookieSafe extension and their filter policies, it will be more clear than my rudimentary explanation.

    I still could be missing something in your extension that I'm not aware of, but would still appreciate you or anyone else giving me a pointer or two on how to achieve this.

    Thankx again for your spectacular work on NoScript and FlashGot... You are the best!!! :) (btw ARIA 1.0 finally got repackaged by someone to work in Mandriva 2007 YAY!)
User avatar
Giorgio Maone
Posts: 3516
Joined: September 21st, 2004, 12:05 am
Location: Palermo - Italy
Contact:

Post by Giorgio Maone »

martimus8 wrote:I still could be missing something in your extension that I'm not aware of, but would still appreciate you or anyone else giving me a pointer or two on how to achieve this.

Hi martimus8,
CAPS doesn't support wildcard matching, mainly due to performance considerations: while AdBlock and CookieSafe can (almost always) afford regexp or glob matching because they check only just before the content is loaded, the ScriptSecurityManager checks origin everytime a JavaScript method is about to be performed or a property to be accessed to ensure safety against trivial exploits, thus using the fastest matching technique is crucial, and wildcards are notoriously expensive.

That said, you can achieve part of the result you're after by specifying the full address (protocol+domain), which doesn't imply subdomain.
Back to your fictious example, you've got:
If you often need this level of control, you can enable "Full Domains" and "Full Addresses" contextual menu item from NoScript Options|Appearance.
Hope it helps :)
Old martimus8
Posts: 0
Joined: December 31st, 1969, 5:00 pm

Post by Old martimus8 »

Giorgio Maone wrote:...CAPS doesn't support wildcard matching, mainly due to performance considerations: while AdBlock and CookieSafe can (almost always) afford regexp or glob matching because they check only just before the content is loaded, the ScriptSecurityManager checks origin everytime a JavaScript method is about to be performed or a property to be accessed to ensure safety against trivial exploits, thus using the fastest matching technique is crucial, and wildcards are notoriously expensive....
    FOOEY! ;) Perhaps I can check into how GM works some more and if it and a GM script can parse through the script faster than the page is rendered, then I can just program my way to shut off scripting... Performance issues aside, ppl are setting html tag attributes with JavaScript in them, that they shouldn't be (most of them don't know any better)... so I'm attempting to stop them but need to allow them in specific places for pages to render properly.

    Your verbage of "trivial exploits" is already extremely popular for violation of privacy/hacking mainly by commercial entities but also private individuals out to mess things up. I consider privacy to be paramount regardless of "the cost" to the machine/software. Perhaps the performance issues should be placed on the back burner, and just have them do it the right way?!
Giorgio Maone wrote:...If you often need this level of control, you can enable "Full Domains" and "Full Addresses" contextual menu item from NoScript Options|Appearance.
    This is better than the default policy for sure, but I'm going to need to maintain a white list of absolutely trusted subdomains and continue to open myself up to attack/privacy disclosure when discovering new ones via cross-site scripted cookie theft, etc. , which isn't going to be easy for me to digest.

    Thankx for you assistance... once again, in front of my nose on part of it and the other part doesn't exist yet. ;)
narrmoz
Posts: 2
Joined: February 26th, 2007, 4:52 pm

bug with Symantec site

Post by narrmoz »

Hello - I've been using NoScript for a week or so, after the latest browser scare.

It seems to work fine everywhere except for www.symantec.com and various of its linked pages.

I get a consistent alert each time the page refreshes, reading:

Error: LiveCode is not defined. Line: 19.

None of the NoScript options seems to be able to affect this. I have fully enabled the site.

Hope this is the effective place to report the bug.

Kind regards,
Narrmoz
User avatar
therube
Posts: 21685
Joined: March 10th, 2004, 9:59 pm
Location: Maryland USA

Post by therube »

Perhaps related to Regex - GNU regex library (or similar) which it appears Mozilla may be using?
Mozillazine: error: livecode is not defined line:19
Perhaps not related to NoScript?
Fire 750, bring back 250.
Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball CopyURL+ FetchTextURL FlashGot NoScript
User avatar
therube
Posts: 21685
Joined: March 10th, 2004, 9:59 pm
Location: Maryland USA

Post by therube »

NoScript 1.1.4.6.

Should tomshardware.com appear in bold (on a left-click)?

http://www23.tomshardware.com/cpu.html
Fire 750, bring back 250.
Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball CopyURL+ FetchTextURL FlashGot NoScript
User avatar
Giorgio Maone
Posts: 3516
Joined: September 21st, 2004, 12:05 am
Location: Palermo - Italy
Contact:

Post by Giorgio Maone »

therube wrote:NoScript 1.1.4.6.

Should tomshardware.com appear in bold (on a left-click)?

http://www23.tomshardware.com/cpu.html

Yes it should, nice shot...

BTW, I'm opening the new 1.1.4.6.x thread in minutes, so consider this one closed.
LGgeek
Posts: 1
Joined: March 1st, 2007, 6:59 pm

Post by LGgeek »

Thanks for one of the most useful extensions.
donation on it's way.
Pery
Posts: 2
Joined: March 3rd, 2007, 9:56 pm

Post by Pery »

Dear Giorgio Maone:

I like NoScript a lot but I don't use it because it's not possible to disable scripts/plugins separately.
For example, when I enable "JavaScript" globally, Java and Flash are enabled too, while I want to only enable JavaScript globally but not Java and Flash until I click above the app.

I hope you like my idea and you can add it to his extension :)


Kind Regards.
arno.
Posts: 50
Joined: August 29th, 2004, 12:12 pm

Post by arno. »

arno. wrote:As a debian user, I'd like it to be included as part of my distribution.
So, I made a debian package of noscript, and will soon submit it for review.


Hi,
it took some time, but at the end, noscript is now part of debian
:)
User avatar
Giorgio Maone
Posts: 3516
Joined: September 21st, 2004, 12:05 am
Location: Palermo - Italy
Contact:

Post by Giorgio Maone »

arno. wrote:it took some time, but at the end, noscript is now part of debian
:)

Cool! :banana:

@Pery:
thanks for your question, answer it's in FAQ now.
Notice also that my NoScript TODO list includes custom per-site permission sets and configurable "Trusted", "Unknown" and "Untrusted" defaults, but this will still take some time...
User avatar
steviex
Moderator
Posts: 28902
Joined: August 12th, 2006, 8:27 am
Location: Middle England

Post by steviex »

Locking as asked by Giorgio...
Only two things are infinite, the universe and human stupidity, and I'm not sure about the former. -Albert Einstein

Please DO NOT PM me for support... Lets keep it on the board, so we can all learn.
Locked