[ext] NoScript 1.1.4.6 - black & white edition

[tlu]

This is my experience, exactly. That plus the fact that even after I allow all the scripts to run, the page still won't
work correctly until I allow scripts globally.

You're joking. I've been using Noscript for a long time and I've never stumbled over any site where this was necessary. Give us just one site to prove your allegation.

But for the average Web surfer, constantly having to whitelist sites so that scripts can execute in order to give you a fully formed Web experience gets tedious very quickly.

Nonsense. In most cases you surf the same (trustworthy) sites every day. Just whitelist them once, and you're done.

Does NoScript make Firefox safer? Sure. Is it worth the hassle? No. For some reason, paranoia seems to be cool among Web geeks, but for the most part, it is totally unwarranted unless you're sending and receiving sensitive data. Most typical Web surfers who install this extension remove it after the novelty wears off.

Blah blah. That's just another unproved claim.

How about losing the word "dangerous" that is used in several places?
It may be a little safer to have NS turned on, but I have yet to be blown out
of the water after years of letting scripts run. Saying it is "dangerous" feeds paranoia.

JS- and CSS-based attacks are obviously becoming more and more popular. Watch out, dude

Also, the warning that I have to click through each time that I allow scripts globally becomes tedious. Give me a break and give me an option to remove it. I am not a total idiot.

The first and the last sentences of that paragraph don't fit ...

[pkirkaas]

NoScript implements a whitelist policy -- only allowing specified sites to run scripts, which is most secure, or else allow scripts globally, which is least secure. Some people (myself, for example), would really like an alternative, like a blacklist, where scripts could be generally allowed, but blocked for specific sites.

Presumably it wouldn't be too hard to implement, and I bet it would make NoScript a lot more widely used. Not everyone wants to block sites by default, but would really like the chance to block specific sites -- and there's nothing out there I know that does that.

Just a wishlist for a blacklist,

Paul

[tlu]

NoScript implements a whitelist policy -- only allowing specified sites to run scripts, which is most secure, or else allow scripts globally, which is least secure. Some people (myself, for example), would really like an alternative, like a blacklist, where scripts could be generally allowed, but blocked for specific sites.

Presumably it wouldn't be too hard to implement, and I bet it would make NoScript a lot more widely used. Not everyone wants to block sites by default, but would really like the chance to block specific sites -- and there's nothing out there I know that does that.

Just a wishlist for a blacklist,

Paul

Paul, please think about your proposal once again. First of all, you have to load your trusted sites just ONCE and whitelist them - Noscript will remember them till eternity. It's that easy. Secondly, how in the world do you want to manage a blacklist and keep it updated? There are new sites every day with eventually malicious code or sites that change their name. What's the use of your blacklist if you happen to access them e.g. via Google and they are not included?

No - there is no reasonable alternative to the Noscript approach: View all sites as untrustworthy by default and whitelist the ones you trust. By the way: Noscript already contains a blacklist where you can put such candidates like Doubleclick and the likes. But that's just for making the menu less complex - it's not a substitute for the purposes of your proposal.

[antronx]

Hi,
I use noscript for all my browsing online.
When i go on myspace, i usually have it allowed. But i would like to block flash video playback while on there, but retain java use. They started putting flash video ads that automatically play when you browse that page. Its really annoying seeing a stupid whorish girl flirting on camera... Currently i cannot eding specific rules for allowed sites, only for blacklisted. But at the same time, i dont want to block flash for other allowed web sites like beatport for example.

[antronx]

basically i want "additional restrictions for TRUSTED sites" and only sertain sites, not for all of trusted sites.

[antronx]

Alfred Neuman wrote:
This is my experience, exactly. That plus the fact that even after I allow all the scripts to run, the page still won't
work correctly until I allow scripts globally.

tlu wrote:
You're joking. I've been using Noscript for a long time and I've never stumbled over any site where this was necessary. Give us just one site to prove your allegation.

Actually i experienced this also.
When going to my online banking site, even having it whitelisted still keeps my account statements from showing up. After allowing scripts globally, everything works. So +1 to Alfred.

[tlu]

Alfred Neuman wrote:
This is my experience, exactly. That plus the fact that even after I allow all the scripts to run, the page still won't
work correctly until I allow scripts globally.

tlu wrote:
You're joking. I've been using Noscript for a long time and I've never stumbled over any site where this was necessary. Give us just one site to prove your allegation.

Actually i experienced this also.
When going to my online banking site, even having it whitelisted still keeps my account statements from showing up. After allowing scripts globally, everything works. So +1 to Alfred.

Well, we cannot check that unless you give us your account password. I guess that site contains several frames and you haven't whitelisted all of them.

[antronx]

i would love to, but i cant...
are those "additional frames" are listed in noscript's tab as "allow www.site.com"?
cause that site has many of them showing up and i only allow my bank's url and nothing else.
Perhaps i should try allowing them one by one till i get that frame working, right?

[therube]

NoScript 070325 On this page:
http://www.troweprice.com/common/indexH ... 13,00.html

Notice that you follow the link from an untrusted site and troweprice.com is whitelisted, XSS filters will modify the request because it contains a "dangerous" equal (=) character.

I only briefly looked & didn't see it, but suggest you make a FAQ for that point.

Prior to you saying that, I noticed it - indirectly, but didn't realize quite why one time a page loaded & another time the URL was slightly different & the page did not load.

[Alan Baxter]

I use noscript for all my browsing online.
When i go on myspace, i usually have it allowed. But i would like to block flash video playback while on there, but retain java use. They started putting flash video ads that automatically play when you browse that page. Its really annoying seeing a stupid whorish girl flirting on camera... Currently i cannot eding specific rules for allowed sites, only for blacklisted. But at the same time, i dont want to block flash for other allowed web sites like beatport for example.

I feel your pain. Short of not going on myspace -- which is what I finally decided to do -- you might be able to eliminate those Flash ads with Adblock Plus or Flashblock. I haven't tried that myself, but why don't you give it a try as long as NoScript doesn't do what you want?
--
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.3) Gecko/20070309 Firefox/2.0.0.3
Adblock Plus 0.7.2.4

[dodelijk]

I'm new to this No-Script add-on, and I definitely like what I see, but I have one major problem:

When entering something into a field/box (such as a search field or a comment box) that has a button attached to it such as "Submit" or "Preview", pushing the button now does nothing at all for me. As soon as I disabled No-Script, the buttons started working again. What can I do to avoid this glitch and still use No-Script?

Just to clarify my set-up:
Firefox 2.0.0.3
Other add-ons in use: Adblock, Answers, del.icio.us, DOM Inspector, Foxy Tunes, Gmail Manager, PDF Download, Talkback

Any help would be awesome. Thanks!

[Giorgio Maone]

When entering something into a field/box (such as a search field or a comment box) that has a button attached to it such as "Submit" or "Preview", pushing the button now does nothing at all for me. As soon as I disabled No-Script, the buttons started working again. What can I do to avoid this glitch and still use No-Script?

Does it happen everywhere or on a specific site?
Are the sites where it happens whitelisted?

[Alan Baxter]

are those "additional frames" are listed in noscript's tab as "allow www.site.com"?
cause that site has many of them showing up and i only allow my bank's url and nothing else.
Perhaps i should try allowing them one by one till i get that frame working, right?

That's what I do. I temporarily allow the "Full address" for each one I try. When I find the one that makes a difference then I permanently allow that one. I've checked all of the items under NoScript Options->Appearance->Contextual menu, which greatly facilitates the procedure I use. Note, it's not necessary to actually check the Contextual menu box. I just use the Status bar icon.

Hope this helps. Let us know how things work out for you.
--
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.3) Gecko/20070309 Firefox/2.0.0.3

[dodelijk]

When entering something into a field/box (such as a search field or a comment box) that has a button attached to it such as "Submit" or "Preview", pushing the button now does nothing at all for me. As soon as I disabled No-Script, the buttons started working again. What can I do to avoid this glitch and still use No-Script?

Does it happen everywhere or on a specific site?
Are the sites where it happens whitelisted?

(Again, I'm new to this, but I learn fast...) If by whitelisted, you mean I've allowed scripts for those pages, then yes they are. It seems to be happening everywhere, but I only had the add-on going for a few minutes before I got frustrated and disabled it temporarily. I know it happened with Facebook and one of the torrent trackers I belong to, both with the "Submit" buttons attached to comment field boxes.

[Giorgio Maone]

When entering something into a field/box (such as a search field or a comment box) that has a button attached to it such as "Submit" or "Preview", pushing the button now does nothing at all for me. As soon as I disabled No-Script, the buttons started working again. What can I do to avoid this glitch and still use No-Script?

Does it happen everywhere or on a specific site?
Are the sites where it happens whitelisted?

[...]
I know it happened with Facebook and one of the torrent trackers I belong to, both with the "Submit" buttons attached to comment field boxes.

Thanks for the pointer.
I joined Facebook just to test, and for doing this I had to submit their registration form using a button, obviously.
That worked, and so all the buttons inside, as soon as I enabled facebook.com.
Unless I'm missing something, there's definitely something broken with your configuration/profile, since it's the first time I hear of such a problem and I cannot reproduce it.
At any rate, can you try temporarily disabling the other extensions and using the lastest (just released) NoScript, i.e. 1.1.4.7?
Thanks!

BTW, as I just said, NoScript 1.1.4.7 is out.
I'm closing this thread as usual and starting a new one. C'ya