[ext] NoScript 1.8 - Your Browser is YOURS

Announce and Discuss the Latest Theme and Extension Releases.
Locked
User avatar
Giorgio Maone
Posts: 3516
Joined: September 21st, 2004, 12:05 am
Location: Palermo - Italy
Contact:

Re: [ext] NoScript 1.8 - Your Browser is YOURS

Post by Giorgio Maone »

ruddyconsult wrote:I am the Webmaster, writing and uploading raw HTML, of http://www.wsis.ethz.ch/seri.htm

On the bottom I can see two PDF links, and I can open both with NoScript.
ruddyconsult wrote:Only on the computer w/o Noscript can I download properly http://www.wsis.ethz.ch/lueneburgbibliography.pdf

This very link gives me 404, but since is different from the aforementioned ones (and specifically from http://www.wsis.ethz.ch/paperlueneburgbibliography.pdf which works fine for me), I suppos it's just a typo of yours.

Now, since you're testing on two different computers, did you actually try to install NoScript on the one which has not it and disable NoScript on the other from Tools|Add-Ons?
CeilingNinja
Posts: 4
Joined: August 28th, 2008, 12:51 pm

Re: [ext] NoScript 1.8 - Your Browser is YOURS

Post by CeilingNinja »

Hey, me again. It took a few days, but it happened again. Here is what was in the error console, like you asked:

[NoScript XSS] Sanitized suspicious upload to [https://forums.worldofwarcraft.com/post.html§DATA§The+problem+with+Kyth%27s+
post+is+he+throws+it+into+a+weird+vacuum.+Let%27s+look+at+this+part+specifically%3A%0D%0A%0D%0A%5Bquote%5D4-5+shaman
%0D%0A2-3+DK%27s%0D%0A2-3+warriors%0D%0A4-6+druids%0D%0A3-4+priests%0D%0A3-4+paladins%0D%0A%0D%0A18-25+people.+Leaving+room+for+0-1%2C+MAAAYBE+2%2C+of+the+pure+DPS+classes.+%28why+so+many+extra%3F+remember
+the+logic+is%3A+why+shouldn%27t+I+want+to+bring+1-2+enh+shaman+if+I+want+to+bring+1-2+rogues%3F+Especially+since+those
+shaman+can+respec+if+a+healer+can%27t+make+it+that+night.%29+%5B%2Fquote%5D%0D%0A%0D%0AAt+the+end%2C+he+whines+that+a+Shaman+can+respec+if+a+Healer+misses+a+night+-+well%2C+if+that+Healer+misses+that
+night%2C+the+Shaman+is+not+DPSing+that+night%2C+so+there%27s+a+gap+in+the+raid+you+need+to+fill+with+a+%27pure%27+class.%0D%0A%0D%0AProbem+is%2C+he%27s+looking+at+the+problem+in+a+very+odd+freeze-frame.+My+guild+almost+never+has+that+representation.+We+have%2C+throughout+our+entire+roster%3A%0D%0A%0D%0A1+Death+Knight+%28in+Wrath%29+-+1+Frost%0D%0A4+Druids+%285+in+Wrath%29+-+1%282%29+Balance%2C+2+Feral%2C+1+Resto%0D%0A6+Hunters+%285+in+Wrath%29+-+4%283%29+BM%2C+1+MM%2C+1+Surv%0D%0A3+Mages+-+2+Fire%2C+1+Frost%0D%0A4+Paladins+%282+in+Wrath%29+-+2%281%29+Holy%2C+1+Prot%2C+1%281%29+Ret%0D%0A6+Priests+-+1+Discipline%2C+3+Holy%2C+2+Shadow%0D%0A3+Rogues+-+2+Combat%2C+1+Sub%0D%0A4+Shaman+-+1+Elemental%2C+1+Enhancement%2C+2+Resto%0D%0A3+Warriors+-+2+Fury%2C+1+Prot%0D%0A2+Warlocks+-+1+Afflic%2C+1+Destro%0D%0A%0D%0AMy+Druid+here+is+going+to+be+raiding+in+Wrath+instead+of+my+Hunter.+One+of+our+Holy+Paladins+is+going+Ret%2C+and+our+Ret
+Paladin+is+going+to+roll+a+Frost+DK.%0D%0A%0D%0AProblem+with+this+list+is+that+most+of+these+people+do+not+end+up+showing+up+on+raid+nights+anyway.+We+can+usually+get+22-24
+people+in+a+night%2C+kill+trash%2C+and+when+number+25+logs+on%2C+it%27s+usually+right+before+a+boss.+I%27ve+seen+the+raid+full+twice
+so+far%2C+26+people+online+%28and+I+was+unlucky+number+26%29%2C+and+about+30+people+online.+That%27s+still%2C+though%2C+6-10+people+from+our+roster+who+don%27t+make+it.+Some+nights+we
+have+1+Mage.+Some+nights+we+have+all+6+Hunters%2C+other+nights+only+3.%0D%0A%0D%0AMy+guild+may+be+unique+in+that+they+invite+based+on+who+missed+what+and+who+needs+what.+When+the+raid+starts%2C+it+is
+always+different.+There+are+never+the+same+two+raid+comps+in+any+individual+night.+I+think+the+entire+time+I%27ve+raided+with+them
+we%27ve+never+had+a+repeat+raid+comp.+Pure+classes+get+in+as+well+as+Hybrids.%0D%0A%0D%0ABut+that%27s+not+the+problem+-+you%27re+complaining+that+Balance+and+Feral+Druids%2C+Elemental+and+Enhancement+Shaman%2C
+Arms+and+Fury+Warriors%2C+Discipline+and+Shadow+Priests%2C+Blood+and+Unholy+DKs%2C+and+Ret+Paladins+shouldn%27t+be+able+to+perform
+up+to+the+same+task+as+the+other+DPS+specs.+Well%2C+I+like+a+good+Bard+class+-+gimped+for+damage%2C+but+providing+incredible+utility
+for+the+rest+of+the+group+-+but+this+game+has+removed+the+Bard+example+now.+%0D%0A%0D%0ABalance+utility+is+being+shared+across+four+other+Hybrids+and+two+Pure+Classes.+I+no+longer+provide+adequate+utility+for+it+to+be
+considered+my+class+defining+strength.+If+I+am+in+a+raid+with+an+Elemental+Shaman+%28likely%29+a+Warlock+%28likely%29+a+Shadow
+Priest+%28likely%29+a+Ret+Paladin+%28not+as+likely%29+a+Death+Knight+%28possible%29+and+a+Hunter+%28always%29+there+is+the+chance
+I+will+provide+nothing+to+the+raid+except+my+DPS.+If+my+DPS+is+not+spot+on%2C+why+would+my+guild+want+to+take+me+instead+of+a
+Rogue+or+a+Hunter%3F%0D%0A%0D%0AThe+same+could+really+be+said+for+all+classes+in+the+expansion%2C+but+especially+the+Hybrids.+We%27ve+lost+our+utility%2C+and+in
+its+place%2C+we%27ve+gained+DPS.] from [http://forums.worldofwarcraft.com/post.html?forumId=10001&topicId=9336580330&postId=93356523421&op=4&sid=1]: transformed into a download-only GET request.
Last edited by CeilingNinja on September 2nd, 2008, 6:02 am, edited 1 time in total.
User avatar
Giorgio Maone
Posts: 3516
Joined: September 21st, 2004, 12:05 am
Location: Palermo - Italy
Contact:

Re: [ext] NoScript 1.8 - Your Browser is YOURS

Post by Giorgio Maone »

@CeilingNinja:
thanks for your report. The false positive seems due to the lengthy message with many line breaks which takes too much time to be processed.
I'm investigating how to optimize your case, but in the meanwhile there's probably a good work-around which I'd like you to try.
In facts, the XSS checks would not happen at all if the source and the destination of the request were both in the same site, but this is not the case because you write your message on http://forum.worldofwarcraft.com, but it get submitted to https://forum.worldofwarcraft.com which is technically a different site (in facts, the first could be spoofed e.g. compromising your DNS, while the latter is safe because of SSL).
If you upgrade your forum bookmark to always point https://forum.worldofwarcraft.com (the SSL version), your posts should never be checked by NoScript anymore, and your forum activity would be generally safer too.

P.S.: could you wrap your previous post so that it doesn't break page layout?
CeilingNinja
Posts: 4
Joined: August 28th, 2008, 12:51 pm

Re: [ext] NoScript 1.8 - Your Browser is YOURS

Post by CeilingNinja »

Okay, thank you very much
ruddyconsult
Posts: 7
Joined: September 1st, 2008, 1:43 am

Re: [ext] NoScript 1.8 - Your Browser is YOURS

Post by ruddyconsult »

Only on the computer w/o Noscript can I download properly http://www.wsis.ethz.ch/paperlueneburgbibliography.pdf
........

Now, since you're testing on two different computers, did you actually try to install NoScript on the one which has not it

NO, I hven't.

and disable NoScript on the other from Tools|Add-Ons?


Giorgio,
If I go to disable it, I have an icon, but under [i]Tools|Add-On [i] there is NO NoScript listed.
Do you think my Noscript is installed wrong on that computer?

Thomas
User avatar
therube
Posts: 21703
Joined: March 10th, 2004, 9:59 pm
Location: Maryland USA

Re: [ext] NoScript 1.8 - Your Browser is YOURS

Post by therube »

I have no problem opening either the 2007 or 2008 PDFs, either embedded in the browser (with Acrobat Reader) or externally in Foxit Reader, & with two different ISP's. No 404's here (other then lueneburgbibliography.pdf which presumably is a typo).

Create a new Profile in FF, install only NoScript into it, & see if you still have troubles.

(just to point out, #devel version is pointing to 1.8.0.1 rather then 1.8.0.2)

Also note that there are issues with FF3.0 & PDF's hosted on https sites, but that is not an issue here.
Fire 750, bring back 250.
Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball CopyURL+ FetchTextURL FlashGot NoScript
User avatar
Giorgio Maone
Posts: 3516
Joined: September 21st, 2004, 12:05 am
Location: Palermo - Italy
Contact:

Re: [ext] NoScript 1.8 - Your Browser is YOURS

Post by Giorgio Maone »

ruddyconsult wrote:If I go to disable it, I have an icon, but under Tools|Add-On there is NO NoScript listed.
Do you think my Noscript is installed wrong on that computer?

that looks like an Add-Ons Manager corruption.
Could you try to follow the steps outlined in this article?
http://kb.mozillazine.org/Firefox_:_Iss ... sion_files
User avatar
luntrus
Posts: 141
Joined: May 3rd, 2005, 1:37 pm
Location: Netherlands

Re: [ext] NoScript 1.8 - Your Browser is YOURS

Post by luntrus »

Hi Giorgio Maone,

The GChrome beta has just been launched (and landed 45 minutes) ago. A pity that NoScript is not in there, nor are other security plug-ins. Why you think that Google despite of the support for Fx still had to launch a browser of their own? Has this to do with commercialization of the browser (Google was not very enthusiastic of the IE8 panic button brought in), so Google analysis and ads delivery can go "under the radar" with GoogleChrome? Because some development must have driven them to launch a browser of their own making, and the motive sure was not philanthropy.
I for instance use NoScript, ABP, TrackMeNot extension, and I think especially the TrackMeNot extensions will not be seen soon in GChrome. Do you think Fx and Flock have to fear from the new Google browser?

luntrus
Fx forever
User avatar
Giorgio Maone
Posts: 3516
Joined: September 21st, 2004, 12:05 am
Location: Palermo - Italy
Contact:

Re: [ext] NoScript 1.8 - Your Browser is YOURS

Post by Giorgio Maone »

@luntrus:
Call me evil, but I suspect GChrome (which I'm already playing with) debuted because ABP and, to a lesser extent, NoScript were starting eroding a (slight) portion of G's bottom line.
The single impressive advance in GChrome which I can see is its "Task manager": at this moment I've got an empty tab and a random MySpace page open, and this is what it shows:

Browser: 36MB / 1% CPU
New Empty Tab: 11MB / 0% CPU
Tab MySpace: 26MB / 0% CPU
Plug-in Shockwave Flash: 68MB / 5%

That said, an outstanding misfeature of this product is its apparent lack of any extensibility mechanism: I doubt we will see any extension for some time, let alone the most controversial ones.
A very good reason for Firefox promoting even more its add-ons ecosystem.
User avatar
therube
Posts: 21703
Joined: March 10th, 2004, 9:59 pm
Location: Maryland USA

Re: [ext] NoScript 1.8 - Your Browser is YOURS

Post by therube »

You will find some thoughts on Google Chrome & how it may affect "Mozilla" here, http://planet.mozilla.org/.
Fire 750, bring back 250.
Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball CopyURL+ FetchTextURL FlashGot NoScript
jimmy37
Posts: 1
Joined: September 2nd, 2008, 1:46 pm

Re: [ext] NoScript 1.8 - Your Browser is YOURS

Post by jimmy37 »

I want to thank NoScript for a job well-done. It protected me from a hijacked website by showing me the domains I wasn't expecting to see. =D>

Here's a suggestion:
When I see websites I don't recognize, I usually go check them out. I was wondering if a right-click option could be added to do the same. And, perhaps, as an advanced feature, add another option to see the actual HTML code where the domain is referenced in the current page.

Thanks again
hynzytheweirdo
Posts: 2
Joined: September 2nd, 2008, 1:59 pm

Re: [ext] NoScript 1.8 - Your Browser is YOURS

Post by hynzytheweirdo »

A subforum on a forum I'm registered to occasionally redirects to a cartoon hosted by the forum's parent site. I've been told by other users that NoScript can stop this redirection and I've checked your FAQ, there's nothing there to help. I was wondering if you could tell me what I do to get NoScript to prevent this redirecting?
User avatar
steviex
Moderator
Posts: 28902
Joined: August 12th, 2006, 8:27 am
Location: Middle England

Re: [ext] NoScript 1.8 - Your Browser is YOURS

Post by steviex »

You can do this with Firefox 3 natively...

Go to Tools > Options > Advanced > General ...

Make sure the box marked Warn me when web sites try to redirect or reload a page is checked.....

You will get a warning when a site redirects you, and choose to let it, or not....
Only two things are infinite, the universe and human stupidity, and I'm not sure about the former. -Albert Einstein

Please DO NOT PM me for support... Lets keep it on the board, so we can all learn.
hynzytheweirdo
Posts: 2
Joined: September 2nd, 2008, 1:59 pm

Re: [ext] NoScript 1.8 - Your Browser is YOURS

Post by hynzytheweirdo »

Ah, thanks.
User avatar
luntrus
Posts: 141
Joined: May 3rd, 2005, 1:37 pm
Location: Netherlands

Re: [ext] NoScript 1.8 - Your Browser is YOURS

Post by luntrus »

Hi therube,

Yes with GChrome the motto would not be" Your Browser is YOURS - rather ""Your Browser is also OURS".
I cannot see a secure browser without in-browser security , like hyperlink scanning (Finjan, Wot, DrWeb's av-link scanner (scanning against their servers in real time). Can we trust the actual status of the links that come up through a Google query? What about security against super cookies, and profiling through GoogleSyndication (TrackMeNot extension cannot protect us).
Again and here we are on-topic again what about the way script runs in the browser, I like to have that in hand. I like the Netcraft toolbar, I like to read what happens in the Error Console myself, and what that implies for me. So fx and Flock is for the forerunners in web browsing and the security- and privacy-aware browser-users, GChrome was not developed with that user in mind. It is open source all right, but is a complete other concept than Fx is with a large community that decides in what ways the browser develops. I sort of have a feeling that GChrome sort of hacked that concept and tries to bind users to it with some stark points from a mix of browsers (Safari's and Fx etc.)...the "click and go, works for every n00b" principle.
Even what Giorgio says above about what his read outs for Tabs CPU are, it cannot compete with IE8, because a better part of explorer loads together with the OS, and you cannot beat M$ IE where they were allowed to built their browser into the OS (we have let that momentum pass by), now one has to compete with other browser aspects. Again a browser without NoScript, I am afraid to touch it, honestly speaking guys, I feel insecure there!

luntrus
Fx forever
Locked