InformAction Forums

Giorgio,

What's the situation with NoScript for Chrome? Can I now look at Chrome with a serious eye!?!

Your plugin not being available for Chrome has been the sole reason I have remained faithful to Firefox.

Regards
Duke

Just came across this video. Is NoScript able to counteract this?:

http://securitytube.net/Stripping-SSL-a ... video.aspx

Many thanks, Giorgio.

dhouwn wrote:Like https://addons.mozilla.org/en-US/firefo ... validator/?

Many thanks!!

OS: WinXP SP3 Browser: FireFox 3.6.13 Ok, this one has me totally stumped. If I enter *xmarks.com into https -> force, NoScript stops working. And by working I mean no instance of any https page can be logged into or functions properly. In fact I have to delete the line and restart firefox before th...

Are there any plans to implement support for this functionality within NoScript or does it already do so?

Many thanks in advance.

Many thanks for the clarification. I have noticed that, in firefox error console, an [NoScript HTTPS] Forced URI https://[selection].com is not generated for any of 'or' selections, which is the case if I simply write *.google.com, for example. Is this an issue or normal behavior? Many thanks in adv...

Can anyone enlighten me as to why the following would not work in 'https -> force the following sites'?:

https://(?:encrypted|mail|docs)\.google\./(?:com|co\.uk)\b.*

or

(?:encrypted|mail|docs)\.google\./(?:com|co\.uk)\b.*

Many thanks in advance

Excellent!

So I can dispose of both HTTPS-Everywhere and Force-STS/STS UI (FireFox 4.0b8) by simply specifying domains in 'https-> force the following...'?

Just to be clear,

are you saying that:

1. NoScript automatically handles sites which support STS?
2. The code I exampled is redundant, or is there an instance where:

domain.com Strict-Transport-Security: max-age=31536000; includeSubdomains;

would be used?

Am I correct in assuming that the following code can be written in 'https-> force the following...' secure.informaction.com Strict-Transport-Security: max-age=31536000; includeSubdomains; paypal.com Strict-Transport-Security: max-age=31536000; includeSubdomains to ensure STS for both specified sites?

Giorgio Maone wrote:

Dukeswharf wrote:but am now experiencing problems with images not loading up in my gmail messages.

You should look into Tools|Error Console for messages starting with [NoScript ABE] which refer to GMail, in order to figure out an exception.

Many thanks for the heads-up, Giorgio.

All works fine now.

I have implemented the suggestions made earlier: Site .twimg.com Accept INC(IMAGE) from .twitter.com Site http: Deny INC from https: but am now experiencing problems with images not loading up in my gmail messages. How do I go about resolving this so that, as is the case with the above twitter line,...