OLD NoScript 1.1.4, bookmarks and places friendly

Talk about add-ons and extension development.
Post Reply
IceDogg
Posts: 657
Joined: July 24th, 2004, 11:26 am

Post by IceDogg »

Red strip means that page is blocked.. period. Doesn't matter if it has scripts on it or not. So, even if scripts on the page is 0 it will still have the red strip. White means the site is allowed. There is also a white with a smaller scrip to the right.. that means other scripts was present on page but was blocked because they did not come from the page that was allowed. At least that's the way it appears to work for me. I could be wrong.
User avatar
hiyel
Posts: 9
Joined: November 16th, 2004, 8:37 pm

Post by hiyel »

IceDogg wrote:White means the site is allowed.

Nop, here's what the feature page says:
If the "S" of the icon is white rather than blue, 0 script tags have been detected.

I guess what you mean with white, is no red strip. I'm talking about the letter 'S' being white.
User avatar
hiyel
Posts: 9
Joined: November 16th, 2004, 8:37 pm

Post by hiyel »

Ok guys, I'm sorry.
On a page that doesn't have any scripts, the letter 'S" is white indeed. I just couldn't distinguish it because of its blue contour and I thought it was blue. (Bad eyes...)
Maybe it should be green or something, now that I know I can distinguish them, but it would stand out more with a different color. Just a suggestion...
Thanks
User avatar
Giorgio Maone
Posts: 3516
Joined: September 21st, 2004, 12:05 am
Location: Palermo - Italy
Contact:

Re: NoScript icon

Post by Giorgio Maone »

hiyel wrote:What I understand from the features page is that, if there is not any script on a webpage then the S of the icon will be white.

Almost true.
Color of "S" tells if 0 (white) or some (blue) <script> tags have been found.
There's no easy/quick/reliable way to tell if and how many scripts the displayed contains: the choosen approach (counting the <script> tags) gives a rough estimate of the "script load" in the page.

hiyel wrote:For example I see the blue S with the red strip on a page and when I hover on the icon it says zero script. Well if there is zero script on that page shouldn't the icon be white?

This shouldn't happen. If tooltip says "0 script", "S" should be white. Otherwise, there's a bug. Could you tell me the URL?
-EDIT- looks like the "bug" was in user's "bad eyes" - thanks hiyel for explaination ;)
hiyel wrote:If white S means no script, then what's the red strip for, what does NoScript blocking and showing me the red stip?

JavaScript can live in many places of a page, even if no <script> tag is there.
Even if "S" is white, scripts to be blocked could still be, e.g., in "javascript:xxx" hrefs, inline onclick event handlers and so on...

I hope I've been clear enough :)
Last edited by smsmith on November 12th, 2012, 2:55 pm, edited 2 times in total.
Reason: edited to reflect quoted user name change - smsmith/moderator
IceDogg
Posts: 657
Joined: July 24th, 2004, 11:26 am

Post by IceDogg »

Yea I meant white meaning no stripe.. sorry for confusion. I didn't even notice that the S changed color itself. LOL
mzfuser
Folder@Home
Posts: 1886
Joined: August 15th, 2004, 10:21 pm

Post by mzfuser »

feature request: right-click for menu instead of left click. so far this is a great extension although the default set of allowed sites didnt exactly work for gmail, had to add google.com
Another
Posts: 95
Joined: December 24th, 2004, 8:31 am

Post by Another »

mail.google.com would have sufficed.
mzfuser
Folder@Home
Posts: 1886
Joined: August 15th, 2004, 10:21 pm

Post by mzfuser »

yea thanx, im wondering does the default list have any entries for gmail? i couldnt find any so i just deleted the one i added for google and added the mail.google.com
Another
Posts: 95
Joined: December 24th, 2004, 8:31 am

Post by Another »

gmail.google.com
User avatar
mcm_ham
Posts: 1747
Joined: June 16th, 2004, 6:09 am
Location: Christchurch, New Zealand

Post by mcm_ham »

In which case Giorgio the default should be changed to mail.google.com as the old URL is no longer used.
User avatar
Giorgio Maone
Posts: 3516
Joined: September 21st, 2004, 12:05 am
Location: Palermo - Italy
Contact:

Post by Giorgio Maone »

mcm_ham wrote:In which case Giorgio the default should be changed to mail.google.com as the old URL is no longer used.

Just done, expect it in next version.
Thanks :)
hugoheden
Posts: 2
Joined: July 6th, 2005, 10:35 am

NoScript and Flashblock

Post by hugoheden »

Good day,

I (a Firefox user) am looking for a secure an non-annoying browsing exprerience, and I would want to use NoScript, Flashblock and Adblock/Filterset.G together -- the three major web-annoyance filters (or have I missed something?).

The FAQ states that NoScript can't be used together with Flashblock (http://www.noscript.net/faq#qa1_3). This seems to be the case even though "chrome:" is included in the NoScript whitelist (I just tested that).

So it seems that the javascript running within Flashblock is "considered" (by NoScript) to run within the "current site" domain, not within a "chrome:" url. Is that correct?

Unfortunately, the Flashblock team don't seem to have the resources to refactor their code so that it gets chrome priviliges. Quoting Phil Chee, one of the Flashblock developers, from their mailing list:
Flashblock has it's origins in the Flash-Click-to-View XBL bookmarklet by Jesse. As such it operates with content (i.e. untrusted) privileges and without any chrome (trusted) privileges. This means our javascript code is treated as coming from the website and not from an internal extension. Disabling javascript will of course disable Flashblock.

Rearchitecting the code is beyond the scope of this extension. Since this is all open source and volunteer labour, it is entirely possible someone out there will either contribute a rewrite to Flashblock or come up with their own extension to do this.


Question: Would it be at all possible to write some work-around hack in NoScript that would allow the Flashblock javascript to run?

(Is there any way for NoScript to tell which script is from Flashblock and which is not? .. Ok, you can probably tell that I don't really know what I'm talking about here)

Phil Chee again:
Our XBL lives in a chrome URL and not a web URL if that will help.


Phil also says:
Somewhere in our css we have the following:
{ -moz-binding: url("chrome://flashblock/content/flashblock.xml#flash") !important; }


Any thoughts on this?

Regards
Hugo Heden
User avatar
Giorgio Maone
Posts: 3516
Joined: September 21st, 2004, 12:05 am
Location: Palermo - Italy
Contact:

Re: NoScript and Flashblock

Post by Giorgio Maone »

hugoheden wrote:So it seems that the javascript running within Flashblock is "considered" (by NoScript) to run within the "current site" domain, not within a "chrome:" url. Is that correct?

Yes, it is correct.
To be even more correct, FlashBlock is "considered" by Firefox to run withing the "current site" domain, rather than in the privileged chrome.
NoScript leverages on the Firefox security infrastructure to guarantee that scripts are prevented from running (this, for obvious reason, is the most reliable and cross-platform approach).
On the other hand, for the same reason it is limited by Firefox limits and bugs.

hugoheden wrote:Question: Would it be at all possible to write some work-around hack in NoScript that would allow the Flashblock javascript to run?

(Is there any way for NoScript to tell which script is from Flashblock and which is not? .. Ok, you can probably tell that I don't really know what I'm talking about here)

As stated above, NoScript can't because Firefox can't.
hugoheden wrote:Phil Chee again:
Our XBL lives in a chrome URL and not a web URL if that will help.

[...]
Any thoughts on this?

The fact FlashBlock XBL lives in a chrome URL leaves hope for a solution if and when the Mozilla bug 236839 is fixed.
Notice that this bug is the same which prevents GreaseMonkey from working where JavaScript is disabled...
hugoheden
Posts: 2
Joined: July 6th, 2005, 10:35 am

Post by hugoheden »

I see. Thanks for the response!

The fact FlashBlock XBL lives in a chrome URL leaves hope for a solution if and when the Mozilla bug 236839 is fixed.


Yes, Phil Chee referred me to that bug as well (have you two been talking behind my back? ;-) ) and I saw you made a couple of comments there.

That bug seems very tricky.. Quoting Boris Zbarsky (29 April 2005), about fixing it:
[...] this is the part that's got security hole potential like no tomorrow...
.. (But this is perhaps better discussed elsewhere.)

Cheers
Hugo
Splitfyre
Posts: 1
Joined: November 9th, 2004, 1:12 pm
Location: Canada

Post by Splitfyre »

Anyone know why I cannot block the script from GoogleSyndication.
Post Reply