MozillaZine

[ext] NoScript 1.8 - Your Browser is YOURS

Announce and Discuss the Latest Theme and Extension Releases.
lakrids
 
Posts: 123
Joined: December 17th, 2006, 12:51 am

Post Posted January 18th, 2009, 12:57 am

I would like to report an issue about the plugin placeholder. My bank's website refuses to load the java applet and noscript refuses to show placeholder.
https://netbank.danskebank.dk/html/inde ... csystem=E2
I used a fresh profile with default settings with 1 change: Apply plugin restriction to trusted domain.
Using windows xp with firefox 3.0.5 and noscript 1.8.9.2.

Alan Baxter
 
Posts: 4419
Joined: May 30th, 2005, 2:01 pm
Location: Colorado, USA

Post Posted January 18th, 2009, 1:29 am

Sophist wrote:What I am looking for is just the next level of detail down where NoScript tells me more precisely what it is blocking.

You don't have to view the contents of the files. JSView gives you a list of them first. That will give you the information you seem to want.

pirlouy

User avatar
 
Posts: 232
Joined: February 11th, 2005, 6:29 am
Location: France

Post Posted January 18th, 2009, 2:09 am

@dogolopee: http://noscript.net/faq#qa2_6

@Luntrus: I have NO errors on jquery.com/test with different nightlies.

Giorgio Maone

User avatar
 
Posts: 3516
Joined: September 21st, 2004, 12:05 am
Location: Palermo - Italy

Post Posted January 18th, 2009, 3:21 am

@lakrids:
they're using a small, invisible Java preloader to check if Java is installed before loading the application, therefore the placeholder would be invisible as well.
This is exactly the use case for the Blocked Objects NoScript submenu.

@Luntrus:
I do not get any error either (NoScript 1.8.9.2):
  • 47947 on Firefox 3.0.5
  • 35160 milliseconds on Gecko/20090117 Minefield/3.2a1pre, meaning a nice 30% speedup with JIT
You may want to perform Standard Diagnostic, probably some of your extensions is screwing up.

lakrids
 
Posts: 123
Joined: December 17th, 2006, 12:51 am

Post Posted January 18th, 2009, 3:41 am

Giorgio Maone wrote:@lakrids:
they're using a small, invisible Java preloader to check if Java is installed before loading the application, therefore the placeholder would be invisible as well.
This is exactly the use case for the Blocked Objects NoScript submenu.

It used to look like this in an old version of noscript v1.8.6 and worked perfectly but something has changed since 1.8.6.1.
Image
Is there any possibility you can bring back the old placeholder maybe as an option?
Please [-o< I'm on my knees begging!

nagan
 
Posts: 125
Joined: April 23rd, 2008, 1:48 am

Post Posted January 18th, 2009, 4:01 am

1.8.9.2
Two issues.
1.The myway? site (mentioned in your changelog) does not work for login.

2.Try this site.http://www.dchublist.com/?page=result&s ... op&type=es
With scripts forbidden the search box and lens is available on the right top corner.Allowing the site scripts destroys the search box??

Giorgio Maone

User avatar
 
Posts: 3516
Joined: September 21st, 2004, 12:05 am
Location: Palermo - Italy

Post Posted January 18th, 2009, 4:19 am

@lakrids:
I made that change because forcing placeholders to be visible under every circumstances sometimes means disrupting the page layout (thing of frames smaller than placeholder's minimum width or height) and make some page elements not usable.
I might reintroduce the old behavior as an option, though.

nagan wrote:1.The myway? site (mentioned in your changelog) does not work for login.

I registered a test account and logging in works fine for me.
Could you try clearing your cache? Please double check it's 1.8.9.2 and not still 1.8.9.
nagan wrote:2.Try this site.http://www.dchublist.com/?page=result&s ... op&type=es
With scripts forbidden the search box and lens is available on the right top corner.Allowing the site scripts destroys the search box??

Yes, those smart guys are hiding the searchbox by default (even if it doesn't encumber any space in use) to make it appear when you click the lens.
In this case forbidding scripts makes a site more functional, rather than just less annoying.

lakrids
 
Posts: 123
Joined: December 17th, 2006, 12:51 am

Post Posted January 18th, 2009, 4:34 am

Giorgio Maone wrote:I might reintroduce the old behavior as an option, though.
I would be very grateful for this. The thing is I install noscript to my brothers computer to block only 3rd party scripts because he's not bright enough to suspect when noscript block things and he keeps blaming Firefox when it doesn't work. It's much easier for him if there is a placeholder on the website to give hint.

Bazzik

User avatar
 
Posts: 6
Joined: October 16th, 2004, 11:00 am
Location: London, UK

Post Posted January 18th, 2009, 5:01 am

Giorgio Maone wrote:@Bazzik:
1.8.9.2 works fine for me on that page, showing the Google Checkout mark (working, if I click it it shows an explanation window) as soon as I allow both ecostsoftware.com and google.com.
If the problem persists, could you double check if you actually have 1.8.9.2 (by looking at About NoScript and/or Standard Diagnostic?

Hmm.. clearing cache and restarting Firefox did not helped. But this trick did the job: I had to remove google.com and google-analytic.com from trusted sites list and then re-added them back ... and now it's working. Do not understand exactly why .. but it is working fine now :-k .

Strange thing -- it happened on both of my home and work PCs, where I do have quite similar configs in terms of add-ons installed, but NoScript settings are quite different (especially the white/black lists, as I'm using different sites when at work and home). The trick mentioned above fixed that on both, which is good (but I even would not though about this as a possible solution).

Regards

nagan
 
Posts: 125
Joined: April 23rd, 2008, 1:48 am

Post Posted January 18th, 2009, 5:03 am

Yeah I am using 1.8.9.2.
I have attached the page display.

Image

nagan
 
Posts: 125
Joined: April 23rd, 2008, 1:48 am

Post Posted January 18th, 2009, 5:08 am

Yeah sorry it works ,if myway page is closed completely and then reopened!
Why does the page reload not function here??

Edit In the first instance with the scripts disallowed ,the login box flashed and disappeared.Is it a cause for concern?

Giorgio Maone

User avatar
 
Posts: 3516
Joined: September 21st, 2004, 12:05 am
Location: Palermo - Italy

Post Posted January 18th, 2009, 6:33 am

@nagan:
That site has buggy scripts, so I'm not surprised.

luntrus

User avatar
 
Posts: 141
Joined: May 3rd, 2005, 1:37 pm
Location: Netherlands

Post Posted January 18th, 2009, 9:20 am

Hi Giorgio Maone,,

Thanks for your reply.
I also posted this thread because JQuery can be abused with malicious script, known as JQuery-iclude.JS.
(seem to have appeared at 08/07/2008, author Alex).
This works as a CSS/JS header injector via a malicious ActiveX, at least it is important to have Netshield working in your browser or use a scriptblocker like NoScript inside to block these malicious scripts. I haven't seen instances of JQuery-include.JS yet (the code at gnucitizen.org for /jquery-include/ - well the download was apparently removed), but the malicious potential is certainly there, works just like SQL inject and similar attacks, forewarned is forearmed, so keep your NoScript script visors down. Read more about these kind of browser hijack vulnerabilities here:
http://www.networkworld.com/news/2007/0 ... tions.html
How they are performed: http://www.webpronews.com/topnews/2007/ ... e-exploits

luntrus
Last edited by luntrus on January 19th, 2009, 4:11 pm, edited 1 time in total.
Fx forever

george27
 
Posts: 94
Joined: June 15th, 2004, 9:53 am

Post Posted January 18th, 2009, 10:06 am

Alan Baxter wrote:
george27 wrote:No change here. Mine is still in the Local Settings section, D:\Documents and Settings\xxxxxxxx\Local Settings\Application Data\Mozilla\Firefox\Profiles\xxxxxxxx.default\Cache. By the way, what version of Firefox are you actually running? You're user agent appears to be screwed up, since it indicates you're running Firefox 3.0.0.16 built last July.
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.16) Gecko/20080702 Firefox/3.0.0.16
I don't recall 3.0.0.16 ever being a Firefox version number, but in any event you're running an old vulnerable version. You should update to Firefox 3.0.5. Help > Check for Updates.


I'm logged in on k-meleon 1.5.2. I'm running an eraser program and it stopped finding the cache file and it coincided with the last noscript update. I created a new profile and it placed the cache in the local/appdata folders where it should be. But after reinstalling the extensions it moved again into the profile. It's ext related I just don't have the time to look for what conflicts so for the mean time I just changed back the location using browser.cache.disk.parent_directory string.

added: I was using the febe and reloading the safe pref file the problem was in the pref file.

Thanks
Last edited by george27 on January 18th, 2009, 12:35 pm, edited 1 time in total.

Giorgio Maone

User avatar
 
Posts: 3516
Joined: September 21st, 2004, 12:05 am
Location: Palermo - Italy

Post Posted January 18th, 2009, 10:59 am

@luntrus:
thanks for the usual head ups

@lakrids:
Check latest development build

latest development build also contain a great surprise for everyone fiddling with site which break when google analytics is blocked :)

Return to Extension/Theme Releases


Who is online

Users browsing this forum: Shadoefax and 5 guests