InformAction Forums

http://noscript.net/features#blacklist

How is it possible to type in or mark scripts so that they appear in the untrusted menu/list?

What you want is the 'Untrusted' submenu.

I didn't get how to Blacklist those scripts by NoScript. I would like to Blacklist those, for all the websites.
I also would like to overall blacklist Google Analytics, so that the NoScript bar won't pop up when only this script is blocked. Can someone help me?

Here's one for richrelevance.com (breaks some functionality on walmart.com (namely, store availability JS popup)):

[code]RR={}; rr_flush_onload=r3_placement=r3=r3_item=r3_common=function(){if(typeof Proxy==='undefined'){var f=arguments.callee;return f.__noSuchMethod__=f.Event=f;}var p=Proxy.createFunction({get:function(proxy, name){return name in Object.prototype?Object.prototype[name]:p;}},function(){return p;});return p;}();[/code]

[quote="milithruldur"]Would NS consider expanding its surrogates support with those found in Ghostery? Ghostery also provides surrogate scripts for web elements it blocks. The surrogate scripts can be found inside <profile_directory>/ghostery/surrogates.db.[/quote]
The question is whether pages break without the surrogates.

If you can point to examples of pages that can't work without allowing data-miners etc, then I'm sure Giorgio would be happy to talk about including surrogates for them.

Would NS consider expanding its surrogates support with those found in Ghostery? Ghostery also provides surrogate scripts for web elements it blocks. The surrogate scripts can be found inside <profile_directory>/ghostery/surrogates.db.

Sorry, I should also have pointed you to the sticky post, [url=http://forums.informaction.com/viewtopic.php?f=10&t=7687]SOME SITES YOU MIGHT NOT WANT TO ALLOW[/url].

There are more than 100 sites listed there, whose principal purpose of scripting is for advertising, data-mining, or both.
So you can usually eliminate them from your trial-and-error process, which saves a lot of time.
Or you can mark them Untrusted when they appear, which means you won't see them in the main menu again. This shortens the menu greatly.

You can still find them in the sub-menu, NS Menu > Untrusted, in case you wish to temporarily allow them, to help support your favorite sites with the advertising revenue, but that's up to you. If a site's ads are intrusive, distracting, privacy-invasive, or offensive, I'm not going to allow them. Let the site find better ad agencies.

If any of these script sources (sites) are truly needed to make a site function, there is probably already a [url=http://hackademix.net/2009/01/25/surrogate-scripts-vs-google-analytics/]Surrogate Script[/url] for it, as per the sticky post at the top of this topic.

I hope this helps make the process easier. Feel free to ask any further questions.

[quote="bmazak"]One of the major problems I have seen is something in the blacklist is often required to run things on the page such as an input field or search fields. It is hard to know which of these sites on a page that has been blocked is the one for the input field or search. Any help there?[/quote]
Sometimes it *is* trial-and-error, temporarily allowing one script at a time until it works. If you have specific sites in mind, please post them.

There may be clues in the script names. Please see [url=http://forums.informaction.com/viewtopic.php?f=7&t=268]NoScript Quick Start Guide[/url], and find the section with the [b]bold [/b] notation, "[b]Updated 25 Jan 2012:[/b]", for information on recognizing a site's secondary servers and their scripts.

The [url=https://addons.mozilla.org/en-US/firefox/addon/jsview]JSView[/url] add-on will give you the full names (full file paths) of the scripts that are running on a page. Even if you cannot read Javascript itself, these full names may give more information about the purpose of each individual script. You can access this by clicking on the JSView icon, or by right-clicking on the page, click "View Page Info", and the JSView tab will be visible. Click it to see the list.

As for eBay, if you can post the exact steps needed to reproduce what you described, then perhaps we can indeed find a way to work around it, or create a surrogate if needed. Do you have to have an account there to produce this issue?

You may also find the [url=https://addons.mozilla.org/firefox/addon/9727]RequestPolicy[/url] add-on useful in blocking pop-ups, third-party offers, etc. that originate outside the site. But will Firefox's built-in pop-up blocker not work on the eBay pop-ups themselves? ([i]Firefox Tools > Options > Content > check "Block Popup Windows"[/i].)


Side note: I think I'll remove the addendum to the OP about intending to lock this topic, as it seems as good a place as any to discuss surrogate-related issues.
If there are objections from users, other Mods, or, of course, Giorgio, such posts can always be split off into new topics. But the threads on [url=http://forums.informaction.com/viewtopic.php?f=7&t=6057]disappearing icons[/url] and [url=http://forums.informaction.com/viewtopic.php?f=7&t=8309]Why must I "Temporarily allow all this page" REPEATEDLY?[/url] seem very useful for centralizing those discussions, and for users to search them before posting. Any objections?

One of the major problems I have seen is something in the blacklist is often required to run things on the page such as an input field or search fields. It is hard to know which of these sites on a page that has been blocked is the one for the input field or search. Any help there?

I also appreciate all the time you, the other Mods and especially Giorgio spend on developing NoScript and helping us to use it.
After trying to get rid of some pop ups on e-bay, particular, the one that keeps say thanks here's you free cards which I hate because it is a lie, nothing is free so it is false advertising, I noticed I now can not search on e-bay. Is the a surrogate script that can be make for e-bay? It's OK though because I can use Amazon mean while.

[b]@ DJ-Leith:[/b]

Looks like Spell-Check failed again. :o

Thanks for the catch. I see that it's already been fixed.

And thank you for the kind words. :)

Tom T.

[quote]Listing of script sources for whioh surrogates are provided[/quote]

I think there is a 'wee typo' in the Subject.

IMHO, it is very useful to document this.
[b]I appreciate all the time you, the other Mods and especially Giorgio spend on developing NoScript [size=150]and[/size] helping us to use it.[/b]

Thank you!

DJ-Leith

As explained in the article [url=http://hackademix.net/2009/01/25/surrogate-scripts-vs-google-analytics/]Surrogate Script[/url], NoScript will by default run a "surrogate script" for various data-mining, advertising, and other scripts that leak privacy. These "fake scripts" make pages happy when they would otherwise refuse to function unless you allowed the scripts, yet they have been "neutered" so as not to leak privacy-sensitive data.

The script sources that will be replaced are located in [url=http://kb.mozillazine.org/About:config]about:config[/url], and easily found by typing [b]surr [/b]in the Filter Bar (called "Search Bar" in more recent Firefox).
However, some users are not comfortable in about:config, given the nasty warning that one must click past, and the exact script names as you see them in your browser may not be the same as they are identified in about:config.

Therefore, here is a plain-English listing of the affected sources. If any part of the script name contains the below, you may leave it blocked and know that the surrogate will run. Alphabetized for your convenience, which is not the same order in which they appear in about:config per the above paragraph.

No user action is required. Simply leave the associated script in the default-deny zone, or mark it as Untrusted when you encounter it. Then there should be no need ever to allow them.
[b]NOTE:[/b] If you allow or temp-allow them, the *real* script runs.

Based on Firefox 18.0.2, NoScript 2.6.5.8rc3. Will be updated as time permits.


adagionet.com (inclusion only) [i][size=85] [color=#BFFFFF]...[/color]added 9 May 2012 in NS 2.4.1rc2[/size][/i]
addons.mozilla.org/
adf.ly
adriver (.ru)
adscale (.de)
adsense / pagead2.googlesyndication.com
adtiger
.bidvert
.binlay
connect.facebook.net/en-_US/all/.js
digg.com/newsbar
dimtus/imageteam
disquis.com/*/build/themes/
edge.quantserve.com or quantserve.com (Quantcast Corporation)
facebook.com --- for cookies [b]only[/b]; substitutes a cookie with expiration in 1970.
google-analytics.com
Google Plus1, or apis.google.com/js/plusone.js
https www. google search (variants for links and for Thumbs)
imagebam.com
imagebunk
imagehaven.net
imagevenue.com
imdb.com/video/
liutilities.com [color=#BFFFFF]...[/color] [size=85][i]updated 30 April 2012[/i][/size]
mirago
mirando
pickbucks
picksee
revsci.net
skimlinks.com [color=#BFFFFF]...[/color] [size=85][i]added 30 April 2012, in NS 2.4rc6[/i][/size]
platform.twitter.com (3rd-party; doesn't replace all Twitter scripting, including home site)
uniblue.com [color=#BFFFFF]...[/color] [size=85][i]updated 30 April 2012[/i][/size]
yieldmanager,com


Please find a way to show your appreciation to Giorgio Maone for developing these custom-built tools to enable us to make our pages work, while keeping a bit more of what little privacy we still have left.

- Tom T.

[i][size=85]last update 23 Feb 2013[/size][/i]