Announce and Discuss the Latest Theme and Extension Releases.
There's a browser safer than Firefox...
...it is Firefox with
Giorgio, can Noscript be available as a standalone exe (like shockwave plugin) rather than go to a site and install.This way I can have a user friendly standalone with me and upgrade and downgrade at will.By the way most of the issues discussed in the previous users posts work fine with 1.6.8 which I have.
I hope this is the right place to post this:
I think NoScript should attempt to protect you against CSRF attacks such as false image get requests (eg <img src="google.com/search?q=moo">) as well as having a form.submit in a onLoad event.
You can always use right+click, "Save link as..." over the XPI link and store it for later use.
If you need to install from your local file system, just drag & drop the XPI onto your browser window.
Recent releases are listed here.
NoScript already protects you from cross-site POST requests from an untrusted site to a trusted one, which rules out the most dangerous CSRF attacks (those directed to form-guarded resources).
GET requests like those from IMG tags are harder to handle, because user should decide and state which sites are allowed to link other sites: how does your example differs from a normal link to a google search result (which, BTW, could be automatically loaded without scripting also using a FRAME, and IFRAME or a META refresh)?
While I'm willing to offer such an option for advanced user, the most viable solution, even if quite far in future and requiring web owner adoption, is SSP.
Bug report: scripts won't run on localhost with Firefox 3.
I've tested this by removing all other extensions and the problem persists.
I've tried the obvious, such as whitelisting localhost.
The problem was in the previous version as well (which was the current version when
I upgraded Firefox). The only setting that works is "allow scripts globally".
My System: Windows XP - SP 3, Sambar web server V6.4
Problem #1: thanks, bug, fixing - you can turn noscript.autoreload.allTabs about:config preference to false as a temporary work-around
Problem #2: does it still happens if you turn the noscript.forbidData about:config preference to true?
doesn't seem to wfm, still blank
i'm opening chatzilla in browser tab as work-around
true is default, changing it to false seems to fix the problem
sorry, obviously it's noscript.autoreload.allTabs false that fixed my 2nd problem
toggling noscript.forbidData doesn't seem to have an affect on the chatzilla problem
Last edited by fswl1234 on June 25th, 2008, 11:09 am, edited 1 time in total.
what kind of notice, exactly?
what's exactly blocked in Chatzilla? I've tried to open the main window and connect to irc.mozilla.org. The three panels (users, messages and input) are working fine for me.
tried reset noscript then restart, same problem (in 1.7.1 as well)
ps: the last part "Build identifier: blahblahblah" is missing in about:
OK, I managed to reproduce the Chatzilla "blank" issue on Firefox 188.8.131.52.
You can work around it either by turning noscript.forbidData to false or by by (temporarily) allowing file://
I'm not 100% sure of the reason, but this problem does not happen on Firefox 3.
file:// did it, thanks
Who is online
Users browsing this forum: No registered users and 1 guest