OLD NoScript 1.1.4, bookmarks and places friendly
-
- Posts: 657
- Joined: July 24th, 2004, 11:26 am
Red strip means that page is blocked.. period. Doesn't matter if it has scripts on it or not. So, even if scripts on the page is 0 it will still have the red strip. White means the site is allowed. There is also a white with a smaller scrip to the right.. that means other scripts was present on page but was blocked because they did not come from the page that was allowed. At least that's the way it appears to work for me. I could be wrong.
- hiyel
- Posts: 9
- Joined: November 16th, 2004, 8:37 pm
- hiyel
- Posts: 9
- Joined: November 16th, 2004, 8:37 pm
Ok guys, I'm sorry.
On a page that doesn't have any scripts, the letter 'S" is white indeed. I just couldn't distinguish it because of its blue contour and I thought it was blue. (Bad eyes...)
Maybe it should be green or something, now that I know I can distinguish them, but it would stand out more with a different color. Just a suggestion...
Thanks
On a page that doesn't have any scripts, the letter 'S" is white indeed. I just couldn't distinguish it because of its blue contour and I thought it was blue. (Bad eyes...)
Maybe it should be green or something, now that I know I can distinguish them, but it would stand out more with a different color. Just a suggestion...
Thanks
- Giorgio Maone
- Posts: 3516
- Joined: September 21st, 2004, 12:05 am
- Location: Palermo - Italy
- Contact:
Re: NoScript icon
hiyel wrote:What I understand from the features page is that, if there is not any script on a webpage then the S of the icon will be white.
Almost true.
Color of "S" tells if 0 (white) or some (blue) <script> tags have been found.
There's no easy/quick/reliable way to tell if and how many scripts the displayed contains: the choosen approach (counting the <script> tags) gives a rough estimate of the "script load" in the page.
hiyel wrote:For example I see the blue S with the red strip on a page and when I hover on the icon it says zero script. Well if there is zero script on that page shouldn't the icon be white?
This shouldn't happen. If tooltip says "0 script", "S" should be white. Otherwise, there's a bug. Could you tell me the URL?
-EDIT- looks like the "bug" was in user's "bad eyes" - thanks hiyel for explaination
hiyel wrote:If white S means no script, then what's the red strip for, what does NoScript blocking and showing me the red stip?
JavaScript can live in many places of a page, even if no <script> tag is there.
Even if "S" is white, scripts to be blocked could still be, e.g., in "javascript:xxx" hrefs, inline onclick event handlers and so on...
I hope I've been clear enough
Last edited by smsmith on November 12th, 2012, 2:55 pm, edited 2 times in total.
Reason: edited to reflect quoted user name change - smsmith/moderator
Reason: edited to reflect quoted user name change - smsmith/moderator
-
- Folder@Home
- Posts: 1886
- Joined: August 15th, 2004, 10:21 pm
-
- Folder@Home
- Posts: 1886
- Joined: August 15th, 2004, 10:21 pm
- Giorgio Maone
- Posts: 3516
- Joined: September 21st, 2004, 12:05 am
- Location: Palermo - Italy
- Contact:
-
- Posts: 2
- Joined: July 6th, 2005, 10:35 am
NoScript and Flashblock
Good day,
I (a Firefox user) am looking for a secure an non-annoying browsing exprerience, and I would want to use NoScript, Flashblock and Adblock/Filterset.G together -- the three major web-annoyance filters (or have I missed something?).
The FAQ states that NoScript can't be used together with Flashblock (http://www.noscript.net/faq#qa1_3). This seems to be the case even though "chrome:" is included in the NoScript whitelist (I just tested that).
So it seems that the javascript running within Flashblock is "considered" (by NoScript) to run within the "current site" domain, not within a "chrome:" url. Is that correct?
Unfortunately, the Flashblock team don't seem to have the resources to refactor their code so that it gets chrome priviliges. Quoting Phil Chee, one of the Flashblock developers, from their mailing list:
Question: Would it be at all possible to write some work-around hack in NoScript that would allow the Flashblock javascript to run?
(Is there any way for NoScript to tell which script is from Flashblock and which is not? .. Ok, you can probably tell that I don't really know what I'm talking about here)
Phil Chee again:
Phil also says:
Any thoughts on this?
Regards
Hugo Heden
I (a Firefox user) am looking for a secure an non-annoying browsing exprerience, and I would want to use NoScript, Flashblock and Adblock/Filterset.G together -- the three major web-annoyance filters (or have I missed something?).
The FAQ states that NoScript can't be used together with Flashblock (http://www.noscript.net/faq#qa1_3). This seems to be the case even though "chrome:" is included in the NoScript whitelist (I just tested that).
So it seems that the javascript running within Flashblock is "considered" (by NoScript) to run within the "current site" domain, not within a "chrome:" url. Is that correct?
Unfortunately, the Flashblock team don't seem to have the resources to refactor their code so that it gets chrome priviliges. Quoting Phil Chee, one of the Flashblock developers, from their mailing list:
Flashblock has it's origins in the Flash-Click-to-View XBL bookmarklet by Jesse. As such it operates with content (i.e. untrusted) privileges and without any chrome (trusted) privileges. This means our javascript code is treated as coming from the website and not from an internal extension. Disabling javascript will of course disable Flashblock.
Rearchitecting the code is beyond the scope of this extension. Since this is all open source and volunteer labour, it is entirely possible someone out there will either contribute a rewrite to Flashblock or come up with their own extension to do this.
Question: Would it be at all possible to write some work-around hack in NoScript that would allow the Flashblock javascript to run?
(Is there any way for NoScript to tell which script is from Flashblock and which is not? .. Ok, you can probably tell that I don't really know what I'm talking about here)
Phil Chee again:
Our XBL lives in a chrome URL and not a web URL if that will help.
Phil also says:
Somewhere in our css we have the following:
{ -moz-binding: url("chrome://flashblock/content/flashblock.xml#flash") !important; }
Any thoughts on this?
Regards
Hugo Heden
- Giorgio Maone
- Posts: 3516
- Joined: September 21st, 2004, 12:05 am
- Location: Palermo - Italy
- Contact:
Re: NoScript and Flashblock
hugoheden wrote:So it seems that the javascript running within Flashblock is "considered" (by NoScript) to run within the "current site" domain, not within a "chrome:" url. Is that correct?
Yes, it is correct.
To be even more correct, FlashBlock is "considered" by Firefox to run withing the "current site" domain, rather than in the privileged chrome.
NoScript leverages on the Firefox security infrastructure to guarantee that scripts are prevented from running (this, for obvious reason, is the most reliable and cross-platform approach).
On the other hand, for the same reason it is limited by Firefox limits and bugs.
hugoheden wrote:Question: Would it be at all possible to write some work-around hack in NoScript that would allow the Flashblock javascript to run?
(Is there any way for NoScript to tell which script is from Flashblock and which is not? .. Ok, you can probably tell that I don't really know what I'm talking about here)
As stated above, NoScript can't because Firefox can't.
hugoheden wrote:Phil Chee again:Our XBL lives in a chrome URL and not a web URL if that will help.
[...]
Any thoughts on this?
The fact FlashBlock XBL lives in a chrome URL leaves hope for a solution if and when the Mozilla bug 236839 is fixed.
Notice that this bug is the same which prevents GreaseMonkey from working where JavaScript is disabled...
-
- Posts: 2
- Joined: July 6th, 2005, 10:35 am
I see. Thanks for the response!
Yes, Phil Chee referred me to that bug as well (have you two been talking behind my back? ) and I saw you made a couple of comments there.
That bug seems very tricky.. Quoting Boris Zbarsky (29 April 2005), about fixing it:
Cheers
Hugo
The fact FlashBlock XBL lives in a chrome URL leaves hope for a solution if and when the Mozilla bug 236839 is fixed.
Yes, Phil Chee referred me to that bug as well (have you two been talking behind my back? ) and I saw you made a couple of comments there.
That bug seems very tricky.. Quoting Boris Zbarsky (29 April 2005), about fixing it:
.. (But this is perhaps better discussed elsewhere.)[...] this is the part that's got security hole potential like no tomorrow...
Cheers
Hugo