invoking bookmarklet with keyword is prevented

[DWizzy]

I do not use a bookmarks toolbar, but keywords to invoke bookmarklets. For instance, I type "d" to open the bookmark for Diigolet.
However in 2.1.0.5, NoScript recognises this as a typed javascript URI in the address bar:

javascript: and data: URIs typed or pasted in the address bar are disabled to prevent social engineering attacks.
Developers can enable them for testing purposes by toggling the "noscript.allowURLBarJS" preference.

Is there a way NoScript could recognise the javascript URI isn't typed but stems from a bookmark, and thus allow execution?

[therube]

All you need to do is to update to the latest development build.

javascript: on about:blank not working (allowURLBarJS=true)

[DWizzy]

Ah, didn't see that was actually the same problem. Thanks!

I'll work around it till the solution has been fixed in a main release, I was more keen on reporting this than creating a temporary fix

[Guest]

Has this issue resurfaced? allowURLBar -JS and -Imports both true, but NoScript (2.1.2.4rc1) is blocking bookmarklets in Firefox 6+. They'll execute by click, but not keyword. Fresh profile, dev build, etc.

[therube]

Is this a FF7 issue or are you seeing it on earlier versions too?

[al_9x]

Confirming, keyword bookmarklet invocation is not working in Fx 6.0b2 with NS 2.1.2.4rc1. allowURLBarJS does not help, nor should it apply to bookmarklet invocation, which should work without additional prefs, as it's been deliberately excepted from the user typed javascript: ban

I suspect (will check) that in order to make this work, loadURIWithFlags will need to be patched (instead of loadURI), as suggested here.

[al_9x]

I suspect (will check) that in order to make this work, loadURIWithFlags will need to be patched (instead of loadURI)

Indeed, loadURIWithFlags is called in 6.0+, loadURI in 5.0.

[Giorgio Maone]

Fixed in latest development build 2.1.2.4rc2.

[al_9x]

verified

[al_9x]

The Fx built-in equivalent of the SmartSearch new tab problem is alt-enter on the keyword, which runs the bookmarklet in a new tab and is also currently failing.

[therube]

(Note that in SeaMonkey, Ctrl+Enter opens the current URL in a new tab, as it should be . OK, I see, Alt+Enter in FF is the equivalent of Ctrl+Enter in SeaMonkey. Never knew FF had that function. Atl+Enter is a tough combo to hit.)

[zozo]

This problem still exists with Firefox 7.

I've tried the development build (2.1.4rc2 )but isn't it even older than the release version (2.1.4)?

[stvltvs]

Still a problem in FF 8, NoScript 2.2.3.

[Guest]

I'm using FF 10.0.2 and NoScript 2.3.1, and still have this issue.
I have allowURLBarJS, allowURLBarImports, allowBookmarkletImports, and allowBookmarks all true (not sure how many of these are relevant, I just checked for any settings that looked applicable).

Is there a NoScript setting that allows this to work?

[Giorgio Maone]

It works for me with default settings.
What I tried:

• Created a clean profile
• Created a bookmark with URL javascript:alert(1) and keyword al
• Typed "al" in the address bar and hit [Enter]: an alert window with content "1" appeared (keyworded bookmarklet working)
• Installed NoScript and restarted Firefox
• Typed "al" in the address bar and hit [Enter]: an alert window with content "1" appeared (keyworded bookmarklet still working)
  [/quote]
  What am I missing?
  Does your bookmarklet work if invoked by other means (e.g. by clicking it)?