[ext] NoScript 1.4 - Lord of Plugins
- Giorgio Maone
- Posts: 3516
- Joined: September 21st, 2004, 12:05 am
- Location: Palermo - Italy
- Contact:
[ext] NoScript 1.4 - Lord of Plugins
There's a browser safer than Firefox...
...it is Firefox with <a href="http://www.noscript.net" title="Have a safer Firefox with NoScript"><img alt="NoScript" src="http://noscript.net/noscript/logo.png"></a>!
NoScript - a Firefox extension for whitelist driven safe JavaScript/Java/Flash/Plugins execution plus unique anti-XSS protection.
CHANGELOG
Previous discussion
...it is Firefox with <a href="http://www.noscript.net" title="Have a safer Firefox with NoScript"><img alt="NoScript" src="http://noscript.net/noscript/logo.png"></a>!
NoScript - a Firefox extension for whitelist driven safe JavaScript/Java/Flash/Plugins execution plus unique anti-XSS protection.
CHANGELOG
Previous discussion
-
- Posts: 50
- Joined: April 11th, 2007, 1:26 pm
hi
when "Turn cross-site POST requests into data less GET requests" is on then ,
stumbleupon discovery window disappear ,what should i put into Anti-XSS exception list ?
to make noscript & stumbleupon work properly
from error console:
[NoScript XSS] Sanitized suspicious upload to [http://www.stumbleupon.com/newurl.php] from [http://www.stumbleupon.com/newurl.php]: transformed into a download-only GET request.
Error: urchinTracker is not defined
Source File: http://www.stumbleupon.com/newurl.php
Line: 47
when "Turn cross-site POST requests into data less GET requests" is on then ,
stumbleupon discovery window disappear ,what should i put into Anti-XSS exception list ?
to make noscript & stumbleupon work properly
from error console:
[NoScript XSS] Sanitized suspicious upload to [http://www.stumbleupon.com/newurl.php] from [http://www.stumbleupon.com/newurl.php]: transformed into a download-only GET request.
Error: urchinTracker is not defined
Source File: http://www.stumbleupon.com/newurl.php
Line: 47
-
- Posts: 13
- Joined: February 15th, 2008, 9:58 am
Not sure if this is how to post a new topic but...
Using NS1.4 and it's predecessor on my machine, I suddenly cannot access a key trusted site for me - the Checkfree bill payment adjunct to my bank site. I have no trouble getting in with IE, but my updated Firefox 2.0.0.12 with NS 1.4 can't access the site.
I've got checkfreeweb.com, estara.com, and https://cw11.checkfreeweb.com all on my whitelist. I even get bounced when I choose to let scripts run globally.
Noscript doesn't seem to give any listing anywhere I can find of ancillary sites to checkfree trying to execute scripts, so I'm totally stumped!
Any ideas, suggestions?
TIA
noend7
Using NS1.4 and it's predecessor on my machine, I suddenly cannot access a key trusted site for me - the Checkfree bill payment adjunct to my bank site. I have no trouble getting in with IE, but my updated Firefox 2.0.0.12 with NS 1.4 can't access the site.
I've got checkfreeweb.com, estara.com, and https://cw11.checkfreeweb.com all on my whitelist. I even get bounced when I choose to let scripts run globally.
Noscript doesn't seem to give any listing anywhere I can find of ancillary sites to checkfree trying to execute scripts, so I'm totally stumped!
Any ideas, suggestions?
TIA
noend7
- Giorgio Maone
- Posts: 3516
- Joined: September 21st, 2004, 12:05 am
- Location: Palermo - Italy
- Contact:
@niko322:
that's extremely odd: I cannot reproduce it in any way, and the following lines in noscriptService.js, executed before the POST XSS checks, should absolutely prevent this from happening:
Can you reproduce with 1.4, on a clean profile and/or after a NoScript Options|Reset?
that's extremely odd: I cannot reproduce it in any way, and the following lines in noscriptService.js, executed before the POST XSS checks, should absolutely prevent this from happening:
Code: Select all
4160 if (originSite == targetSite &&
4161 (injectionCheck < 3 || channel.requestMethod != "GET")
4162 ) return; // same origin, fast return
Can you reproduce with 1.4, on a clean profile and/or after a NoScript Options|Reset?
- L.A.R. Grizzly
- Posts: 5396
- Joined: March 15th, 2005, 5:32 pm
- Location: Upstate Ohio, USA
- Contact:
Giorgio Maone wrote:@L.A.R. Grizzly: Temporary permissions should be wiped out at the end of session as it's always been, the "Revoke temporary permissions" command did not change this feature. Could you upgrade to to 1.4, and if the problem is unchanged, try NoScript Options|Reset?
I completely uninstalled v1.3.2. I did notice that after uninstallation, NoScript settings remained in my prefs.js file. I edited all references to NoScript from my prefs.js file. I installed v1.4, imported my Whitelist and the problem of the Temporary Permissions not clearing on restart has been resolved. Thank you!
Win7 Pro SP1 64 Bit
Comodo Internet Security
Pale Moon 33.1.0, Epyrus Mail 2.1.2, Firefox 115.9.1esr, Thunderbird 115.9.0, and SeaMonkey 2.53.18.2
Comodo Internet Security
Pale Moon 33.1.0, Epyrus Mail 2.1.2, Firefox 115.9.1esr, Thunderbird 115.9.0, and SeaMonkey 2.53.18.2
-
- Posts: 13
- Joined: February 15th, 2008, 9:58 am
- Giorgio Maone
- Posts: 3516
- Joined: September 21st, 2004, 12:05 am
- Location: Palermo - Italy
- Contact:
@noend7:
The "Reset" advice was for niko322, not for you.
I tried opening https://cw11.checkfreeweb.com and even http://cw11.checkfreeweb.com on my default Firefox, on a clean Firefox profile and even with IE7, but I can't connect.
I even tried to connect through a TOR proxy, to rule out geographic issues.
http://www.checkfreeweb.com does work, though: are you sure the URL above is correct?
If so, can you see any error message in Tools|Error Console?
The "Reset" advice was for niko322, not for you.
I tried opening https://cw11.checkfreeweb.com and even http://cw11.checkfreeweb.com on my default Firefox, on a clean Firefox profile and even with IE7, but I can't connect.
I even tried to connect through a TOR proxy, to rule out geographic issues.
http://www.checkfreeweb.com does work, though: are you sure the URL above is correct?
If so, can you see any error message in Tools|Error Console?
-
- Posts: 12
- Joined: November 5th, 2004, 2:51 am
- Contact:
Still no fix for Youtube vids?
Unable to play from youtube site, directly, but able to play those vids embedded.
This message:
Hello, you either have JavaScript turned off or an old version of Adobe's Flash Player.
I have already installed th latest Flash. It works fine in all other browsers. WILL work in Firefox IF I disable NoScript.
This message:
Hello, you either have JavaScript turned off or an old version of Adobe's Flash Player.
I have already installed th latest Flash. It works fine in all other browsers. WILL work in Firefox IF I disable NoScript.
- Soul Stealer
- Posts: 480
- Joined: March 31st, 2007, 1:18 pm
- Location: God's Country
-
- Posts: 4
- Joined: April 25th, 2007, 3:49 pm
Re: Still no fix for Youtube vids?
Same problem, any clues to a fix?
kustomrides wrote:Unable to play from youtube site, directly, but able to play those vids embedded.
This message:
Hello, you either have JavaScript turned off or an old version of Adobe's Flash Player.
I have already installed th latest Flash. It works fine in all other browsers. WILL work in Firefox IF I disable NoScript.