Well with this planned obsolescence of hardware [Kernel Leaks] I'm back to NoScript. Seems very polished now.
Rasheed, not yet. I check every new version. By the way, I don't think this is a bug but a feature waiting for the necessary conditions to be ported/implemented. I ll let you know when this is done. Bo
Betas 10.1.6.3rc3 and 10.1.6.3rc4 were released in the past few hours. v 10.1.6.3rc4 ============================================================= x Fixed full breakage when sync storage is disabled v 10.1.6.3rc3 ============================================================= x Domain matching now threats unknown no-dot domains (not in the public suffixes list) as TLDs everywhere x Improved layout on small screens (less than 10cm wide) https://addons.mozilla.org/en-US/firefox/addon/noscript/versions/beta?page=1#version-10.1.6.3rc4 I found a problem after installing 10.1.6.3rc4: Webpages are not reloading automatically after making permission changes. Should be an easy fix. Bo
A couple of beta updates were released the past few hours.Up to 10.1.6.3rc5 feels pretty good. I ll do 10.1.6.3rc6 later. v 10.1.6.3rc6 ============================================================= x More restrictive domain matching in the main UI for "fake" TLDs, showing pseudo 2nd level domains containing one dot v 10.1.6.3rc5 ============================================================= x Domain matching now treats unknown no-dot domains (not in the public suffixes list) as TLDs everywhere (fix finally not overwritten by auto-generated tld.js) x Fixed rc4 regression causing synchronized changes not to be persisted x Smarter XSS popup behavior when reporting concurrent events from/to the same origins https://addons.mozilla.org/en-US/firefox/addon/noscript/versions/beta?page=1#version-10.1.6.3rc6 Bo
Two more beta updates for the day . I am on 10.1.6.3rc8, feels pretty stable. V 10.1.6.3rc8 ============================================================= x Improved tooltip clarity v 10.1.6.3rc7 ============================================================= x Added version number to the browser action tooltip (thanks therube for RFE) https://addons.mozilla.org/en-US/firefox/addon/noscript/versions/beta?page=1#version-10.1.6.3rc8 Bo
Yes let me know, because it's also hard for me to believe that this is an actual bug. It does make me think about how mature WebExtensions really is. Seems like a basic function to me. Has the developer already responded to the thread you created about this problem?
He usually responds when the issue is fixed. I guess this one will get done when Firefox 58 comes out. Bo
A couple more beta versions have been released. Both are working well (10.1.6.4rc1/10.1.6.4rc2). v 10.1.6.4rc2 ============================================================= x [UI] Fixed clicking on capability's label doesn't toggle the related checkbox (thanks dhouwn and olf for reporting) v 10.1.6.4rc1 ============================================================= x [XSS] Fixed false positives on badly encoded URLs (thanks sage11 for reporting) https://addons.mozilla.org/en-US/firefox/addon/noscript/versions/beta?page=1#version-10.1.6.4rc2 Bo
New beta 10.1.6.4rc3 has been released. v 10.1.6.4rc3 ============================================================= - Removed obsolete work-around for accidental TRUSTED preset wiping https://addons.mozilla.org/en-US/firefox/addon/noscript/versions/beta?page=1#version-10.1.6.4rc3 Bo
Um, 1) Is there a way to remove site in Settings. 2) Is there a way to change sub.domain site to top level domain in Settings. 3) Is there a way to remove number overlay. 4) Is there a Cascade option. 5) How do I tell which sites at the site have Blocked items vs Allowed items. 6) Red & Black sites mean? Sorry, if this has been answered before. Thanks
NoScript 10.1.6.4rc4 Released Jan. 19, 2018 Code: v 10.1.6.4rc4 ============================================================= x Fixed duplicate entries in UI on page reloads (thanks 8-bit for reporting) + Spinner for long sites lists in Options page v 10.1.6.4rc3 ============================================================= - Removed obsolete work-around for accidental TRUSTED preset wiping v 10.1.6.4rc2 ============================================================= x [UI] Fixed clicking on capability's label doesn't toggle the related checkbox (thanks dhouwn and olf for reporting) v 10.1.6.4rc1 ============================================================= x [XSS] Fixed false positives on badly encoded URLs (thanks sage11 for reporting)
Hi bjm. 1. To remove domains that you have set as Trusted, Untrusted or Custom, go to Options/Settings, and turn the domain to Default by clicking Default, after reloading Options, they ll be gone. 2. Top level domain rules start with ....., specific rules start with http or https. You can eliminate the sub domain by doing what I described in 1. Then, visit the website and click the domain that starts with .... (look at the picture). Or, you can add it in Options/Settings (like, wilderssecurity.com), and click the + sign. 3 and 4. No options for that in version 10. 5. Look at the shaded boxes in Custom, they are tell tale signs of what is being blocked, of what you might need to allow for the website to work properly (look at the colored box in the second picture. Also, you might see the NoScript placeholder which you can click, doing so gives you the option to allow whats being blocked and might be needed). 6. Red domain in the list means is http. Black domain in the list means is https. Bo
Hi Bo, 1), 2), 6) = Okay. 3), 4) = Hmm. 5) Untrusted means there's blocked elements on xyz domain. What tells me which domains are needed to allow site function. I've seen for example 20+ Untrusted domains. Do I need all 20?. I've re-done my limited whitelist. With NoScript 5 I'd usually temp allow or Cascade since, I'm always sandboxed. Just me. I've read that data is stored in > storage-sync-sqlite Seems like date would be stored in > Thanks
Untrusted domains are (should be) domains you encounter all over the internet wherever you go, that you dont require for nothing. Absolutely nothing. Thats my criteria for blacklisting/untrusting a domain. Domains that fall in that category, I blacklist. Doing it this way helps me when I go to a new site that has, like you said, 20 domains that want to load scripts or something, and I need to choose what to allow, it makes it easier to choose, it makes it easier to trial and error what to allow as whats blacklisted, you ignore and doesn't run when you temporarily allow all this page. When I started using NoScript, the first 2 or 3 years, I did a lot of temporary allow all this page but as I builded my Untrustred/Blacklist and became familiar with the universe of domains, I started temporarily allowing specific domains in new sites, and the trial and error becomes easier. Just by looking at the names of the domains and knowing the name of the site you are visiting and what kind of content you are looking for, the guessing becomes educated and easy. A new site with 20 domains or more doesn't intimidate me at all. But takes time to use NoScript that way. IMO, experience is required to use NoScript like that. Like I said, it took me a couple of years before moving to that level. Most people don't even do a blacklist. I started mine at about 2 years. One day, it clicked on me on how it would benefit me. Then I started building mine and it helps. NoScript stores data in storage-sync-sqlite. Finding out that information was the first thing I did after installing NoScript 10. I wanted to know so I could save data out of the sandbox. storage-sync-sqlite doesnt come with Firefox but it is created when you install NoScript. There are other addons that use that file but I dont think they are many. I tested installing addons out of the most popular Firefox extensions lists to see if I could find another addon that used the file to save data, it took me about installing 12 extensions to find another extension that used the file. I went down the list of the most popular from number one down. So, forget that other file you mentioned, it has nothing to do with NoScript. Bo
Yes, I read about your use of Blacklist with NoScript 5. I've never understood how you had a Blacklist with 5 since all I ever saw with 5 was a Whitelist tab. Just me. Wonder what NoScript stores here > While waiting for NoScript10 to mature. I've been playing with ScriptSafe.
In NoScript 5, we couldn't manage the blacklist via the UI. It was kind of awkward and difficult to monitor. You had to open NoScript settings as a text file and there you could see it, make amends if you wanted and import it back. That was one way of handling Untrusted domains. Now with the new version, the blacklist is mixed with Custom and Trusted/white listed domains. A big plus for the new version. In version 5, there was the option to Untrust domains just like allow and temporarily allow. But it was all kind of hidden but was there in the menu. You just had to know how to Untrust a domain, or how to get it out of the Blacklist. Here, I just found this picture. https://cdn.ghacks.net/wp-content/uploads/2016/03/noscript.png You hovered the browser over Untrusted, and any domain in your Untrusted/black list, and default domains would appear there. There you had the choices for untrusting a default domain or getting a domain out of your black list. If 6 domains were blacklisted in the site you were visiting, that number would appear in the Untrusted line. To see what they were, you hovered the browser over Untrusted. Bo
Hmm, and I thought Forbid was only offered after site was Allow. I never thought "Blacklist" because building a small whitelist seemed a lot easier than building a huge blacklist. Just me.
You clicked Forbid to Untrust/Black list a domain. Also, if a domain was white listed, you had the choice to Forbid that domain. White listed domains would have a Forbid next to them. Bo