Giorgio Maone wrote:<snip> plugin and frame blocking is automatically applied to untrusted sites independently from the other settings.
GµårÐïåñ wrote:I am not sure but I believe that Giorgio is actually consistent in what he has said and is saying now but the difference is that NoScript evaluates for threats and if the iFrame doesn't have any object within it that are considered a threat, by itself its just another HTML tag, so no harm in using it. Only when its embedded to do harm, will it be considered a bad object to be blocked. I am hoping that this is what he is tryign to explain and this will lend a small hand to clarify that "discrepancy" if you will. This is just my humble opinion and I apologize to all if I am off the mark with my understanding of what Giorgio has told me in the past. I am sure he can clarify and correct me if I am wrong, thanks.
al_9x wrote:I asked about this on the old forum but I don't think you responded, what do you think? If a domain is untrusted there is no reason to give them anything or get and parse anything from them. <snip>
Giorgio Maone wrote:Put in my TODO list, thanks for the suggestion.<snip>
GµårÐïåñ wrote:As for the other issue, if NS were to arbitrarily block legitimate HTML tags, it would cripple the rendering of the site and that's a bad thing.
GµårÐïåñ wrote:As long as the iFrame is not executing something or linking to some payload or whatever, it is just another HTML tag and nothing more, blocking it makes no sense.
GµårÐïåñ wrote:The upside of NS blocking functionality is that, IF someone is trying to hide a malicious or even invasive code that is not malicious inside an iFrame or near invisible frame, it will render it ineffective and will cripple it until stated otherwise.
GµårÐïåñ wrote:... my issue which I won't drag into THIS discussion was that when a site is marked as untrusted, treat IT and all its sub-components as such instead of making them pending independent objects.
GµårÐïåñ wrote: The concept of inheritance of permission if you want to think of it that way, if the parent is marked as bad by ME, then treat ALL of it as bad, instead of separating the object permissions on their own.
GµårÐïåñ wrote:if NS were to arbitrarily block legitimate HTML tags, it would cripple the rendering of the site
Users browsing this forum: No registered users and 2 guests