[ext] NoScript 1.1.4.6 - black & white edition

[MonztA51]

It's meant to bug you

Meh..

[TurtleX]

@TurtleX:
what does happen if you use the "Export" button to put your whitelist in a text file, edit the file and then reimport?
If this fails too (but if so, there's definitely something broken with your setup), you may consider editing the "capability.policy.maonoscript.sites" entry of your prefs.js file as a last resort.

Good luck and let me know.

The export, edit and reimport suggestion did not work. I manually cleared all sites through prefs.js . I'm still having the problem with NoScript not working the same as previous versions.

If I'm on a site that is running ads the only way to stop the ads is to forbid the domain. Forbidding just the ad source doesn't work anymore.

Screenshot: http://img147.imageshack.us/img147/3686 ... ed1fi9.gif

[Giorgio Maone]

Help needed to quickly test 1.1.4.7 Release Candidate (NoScript 1.1.4.6.070322 development build).

I'm particularly interested in any problems you may notice in your navigation from untrusted to trusted sites.
That's because the main improvements involve very effective but quite drastic Cross-Site-Scripting counter-measures.
The gory penetration tests are being run by bad guys recruited in a specialized hacker forum, but you're welcome of course if you know what we're talking about.

Unless you find any show-stopper, I'd like to release it officially before or just after AMO 3 launch, otherwise I'll upload 1.1.4.6.070317 waiting for better times...

Thank you all!

@TurtleX: could you send me (PM or email) your prefs.js file? I'm almost sure there's something corrupt within it

[TurtleX]

@TurtleX: could you send me (PM or email) your prefs.js file? I'm almost sure there's something corrupt within it

Sent via PM.

[therube]

NoScript 1.1.4.6.070321 (XXS)
(Haven't put in 070322 yet)

Something odd going on?

Was here:
http://www.pcqanda.com/dc/dcboard.php?a ... _id=445077

Noticed Shelly's signature was not animated.

(I'm not sure of the original status of pcqanda, but I would have expected to have been blocked?)

Anyhow, if I Forbid pcqanda.
Reload the page, then pcqanda is Allowed (on its own - I did not allow it).
And the sig is animated.

Forbid again, & the sig stops.
(I have Automatically reload pages disabled. Simply changing from Allowed to Forbid causes the sig to stop. I do not need to reload the page for that to occur.)

Reload, & again page is Allowed & sig is animated.

(I'll put in 070322 & clean up a bit & post back - in a while. Getting 404 at the moment on attempted download.)


DAG GONE IT!
I am on a different computer then I was on the other day.
It too had Temporarily allow top-level sites by default, Base second level domains enabled. (That really needs to be hidden somewhere).

I'll experiment further.

Ok. Now after disabling TAT-LSbD...
The sig does not appear at all if pcqanda is Forbidden.
If pcqanda is Allowed, sig appears & animates.
Forbid pcqanda & sig stops immediately. No reload necessary.
(Don't know if that is good or bad - that the sig is blocked?)

So, is the <marquee> tag being affected (in general) by NoScript+XSS?

[trieste]

Talking about security, I need the bravest of you to test the new anti-XSS countermeasures I'm building into NoScript.
First usable development build (I'm on it since two days ago and no explosion happened yet) is here.
Since it's unsupported, but I'd love to hear all the possible feedback, please send me an email with [NoScript Dev] in its subject line.

Thank you all !

I'm using the latest dev build, but how do I test it? Just keep navigating between trusted and untrusted sites?

[therube]

@sld, not sure what to say, other then simply use it. Thats the premise I use. Install it & expect it to work. When it doesn't then relay that.


070322 is now there, but is not being served correctly on the website.
It is opening, rather then installing when clicked.
It can be successfully downloaded & installed, though.

PS: Yesterday, one of your websites (began with a P I believe) must have been using a browser detection script. (Actually it was using ALL kinds of JS/CSS). Anyhow it was saying (in Italian) that SeaMonkey was not compatible .

<marquee> working remains the same with 070322.

[Lost User 185367]

Am using Windows XP SP2. Had NoScript added to Seamonkey 1.0.7 and it worked okay. When I upgraded to SM 1.1.1 and added the latest NoScript extension, my Bookmarks stopped working and NoScript does not show when I left click. Had added NoScript to my Mozilla profile. Tried going back to SM 1.0.7 but the problem was still there.

How do I get NoScript out of my Mozilla profile and uninstall it completely.

[therube]

I would try reinstalling NoScript once again. That usually clears all ills.

Otherwise, 2.3 I want to get rid of NoScript. How can I uninstall it?

[trieste]

the refresh page reload works awesome fast. feels like a different planet altogether.

[Lost User 185367]

I tried reinstalling NoScript on my desktop an it works okay now. Have the same problem on my laptop and reloading No Script did not work - set set up as my desktop - Windows XP SP2, SeaMonkey 1.1.1.

I tried the 2.3 link re uninstalling it and it does not work. I installed the ExtensionManager and it shows up in the Tools menu. But when I click on it a message comes up stating "You need to install Extension Uninstaller API in order to uninstall extensions. Would you like to install it now? (NOTE you must restart your browser after install)" followed by YES button and CANCEL button.

I tried hitting the YES button but the then closed out SM and reopened it. Going to Tools/Extension Manager, the same message comes up.

Does this tool actually work with SeaMonkey?

[therube]

There are actually two parts required.
Extension Manager and ExtensionUninstaller API.
Both are linked on this page: SeaMonkey.be Extensions.

[oooooooo]

I have a feature request. I wish to be able to acitivate javascript, but only "save" javascript commands which are for grapic and so on. To deactivate javascript isn`t big fun because you need it on many websites and forum to login.

I wish just to block any privacy dangerous javascript commands such as to read my local system time.

[tlu]

NoScript 1.1.4.6.070321 (XXS)
(Haven't put in 070322 yet)

Something odd going on?

Was here:
http://www.pcqanda.com/dc/dcboard.php?a ... _id=445077

Noticed Shelly's signature was not animated.

(I'm not sure of the original status of pcqanda, but I would have expected to have been blocked?)

Anyhow, if I Forbid pcqanda.
Reload the page, then pcqanda is Allowed (on its own - I did not allow it).
And the sig is animated.

Forbid again, & the sig stops.
(I have Automatically reload pages disabled. Simply changing from Allowed to Forbid causes the sig to stop. I do not need to reload the page for that to occur.)

Reload, & again page is Allowed & sig is animated.

Can't confirm this with version ...722. JS is blocked by default, enabling and then disabling works as it should.

So far, I haven't found any problems on other sites either.

[therube]

Have to read down further ...

DAG GONE IT!
I am on a different computer then I was on the other day.
It too had Temporarily allow top-level sites by default, Base second level domains enabled. (That really needs to be hidden somewhere).

That is the reason I was seeing what I did - initially.

Though the <marquee> issue does still exist.

Just had some issues logging in (https://) at www.staples.com , but I believe they happened to have been making changes just as I was attempting. Tried a clean Profile & it still had problems. Opened IE7 & that worked. Went back to SeaMonkey & staples login was once again working as expected.

"once again working as expected"

Maybe?

Everything Forbidden.
Goto http://www.staples.com/
Click Log in button (top right).
Login page loads:
https://www.staples.com/webapp/wcs/stor ... _re=HEADER
Enter UN/PW, click Log In.
Leaves you here:
https://www.staples.com/webapp/wcs/stores/servlet/logon
With the message, "A system error has occurred. Please continue to Staples.com.".
At that point Login did not succeed.

Figure it has something to do with Attempt to Fix JavaScript Links just not working 100% as needed in this situation. And that is understandable.

Now ...

Allow staples.com (via NoScript icon).
Then follow same steps as above.
Login is successful.

Still, some of what I am seeing may be due to changes that are happening at the staples website - at the moment. Cause what I just got after Allowing staples.com is different that what I got a few minutes ago. (Before, I received the same message as above, "A system error has occurred", yet nevertheless, I was logged in).

Something quirky still going on?

On a "clean" Profile, installed 073022, Allow staples.com.
After login, you're left at this "error page", though you are logged in.
http://www.staples.com/webapp/wcs/store ... logon?null