InformAction Forums

[Tom T.]

(At this point, there was a discussion of the meaning of the icons on the Board and its sub-fora, which was split to Metaforum, here -- Tom T.)

[Tom T.]

...The site looks great and let me know if you need my help at all with forum moderation.
__________________________________
spam-links deleted

Actually, we do pretty well with the moderation on our own, thank you. For example, I just deleted the spam links in your signature, and banned you permanently for violating Forum Rules by posting spam links. So I think we'll pass on helping with the moderation, but hey, thanks for the offer!

[Thrawn]

Lol!

[Tom T.]

(bows graciously)

[Unrealshade]

Hello!

Thanks for making a sticky for this.

I think how noScript works now is rather unintuitiv. I have a suggestion to make it more intuitiv and it will also fix the problem to only allow scripts on the page to where the scripts belong to (e.g. facebook scripts only on facebook etc.).

When I clicked on "temporary allow" I was confused, because I found out, temporary does not mean for this visit but until the browser is closed. I thought until I close that tab or visit another website, the temporarily allowed script will not be allowed anymore. Isn't that the most intuitiv and safe way?

Also, when the option "always temporarily allow top level domain" is checked, the feature I spoke of above will automatically be applied. Because when you visit site1.com it will be allowed until you are no longer on this website.

An option for the whitelist to choose if you want the script to run on other websites then the original source would also be great.

I do not feel very comfortable with the current solution, because 1. I just guessed some code together and can't be sure it really works 2. it always shows a message if something is blocked 3. I have to code something for every website I visit (at least I wasn't able to figure out how to do something for all websites)

Regards and thanks so much for this extension and the support!!!!

[Thrawn]

When I clicked on "temporary allow" I was confused, because I found out, temporary does not mean for this visit but until the browser is closed. I thought until I close that tab or visit another website, the temporarily allowed script will not be allowed anymore. Isn't that the most intuitiv and safe way?

It gets much less intuitive when you remember that the scripts you temporarily allow can be from anywhere. If I visit site1.com, temporarily allow Google Analytics, then browse to site2.com, does that mean that Google Analytics is no longer allowed? How about if I browse to www.site1.com (a subdomain)? Remember, I never visited the Google Analytics site at all. Or how about Facebook? To use it, you'd need to allow fbcdn.net - but you're browsing around facebook.com. NoScript would have to keep track of where you clicked 'Temporarily Allow' and detect when you browse to anywhere else. And what happens when you're using multiple tabs?

It would add a great deal of complexity, probably a lot of processing overhead, and really, if you've chosen to trust a site at all, then it's already had a chance to run malicious scripts if it's going to. Continuing to allow it until you either close the browser or choose to revoke those permissions doesn't really make you more vulnerable.

However, what you're asking for does exist in a way: if the top-level site, the one in your address bar, is blocked, then everything is blocked, regardless of whether it was otherwise whitelisted. If I haven't allowed site2.com, then Google Analytics will not run there, even if I permanently allowed Google Analytics. So, if you keep the default-deny policy, but temporarily allow sites as needed, you're still safe when randomly browsing around.

[Raphael]

There is one thing to say for this: the meaning of "trust" has multiple dimensions. Do I trust Facebook and Google that all their scripts don't harm my computer? Sure. Do I trust them not to use scripts everybody seems to use for tracking users? Hell no!

I want all those Google, Facebook, Amazon, ... scripts enabled on their own services and the handful of -sites that don't work without analytics crap, but I want them to be banned everywhere else. That's why I'm (patiently) waiting for this feature to reach NoScript for PC. It has been over a year now; is there a timetable for version 3.0?

[widhie75]

I have trouble with website with NoScript 2.6.6

1) The site(s) involved
..... alpari-f*rex [dot] c*m/en/contest/

2) The scripts involved
..... I don't know ?

3) What you want to do (allow this here, but not there, etc.)
..... I can not click any tabs (Jackpot, FormulaFX, Full Thottle, Virtual Reality, Succesfull Investor)

4) What you've tried, and what happened.
..... I try allow all script from its web & 3rd party,, and I try to click all tabs on web, but seems no respond,,,
..... I think it completely blocked by NoScript.

[Giorgio Maone]

I have trouble with website with NoScript 2.6.6
..... alpari-f*rex [dot] c*m/en/contest/
[...]
..... I can not click any tabs (Jackpot, FormulaFX, Full Thottle, Virtual Reality, Succesfull Investor)

Those tabs work fine for me as soon as I allow both alpari-forex.com and alpari.org.

[widhie75]

yes,,, i think it works now...
Thanx

[widhie75]

trouble with website with NoScript

1) The site(s) involved
..... https://www.libertyreserve.com/en/login

2) The scripts involved
..... I don't know ?

3) What you want to do (allow this here, but not there, etc.)
..... I can not login

4) What you've tried, and what happened.
..... I try allow scripts from libertyreserve.com & amazonaws.com,, and I try to login, but it always back to same login page,,,
..... then I try to login using Internet Explorer (without NoScript Plugin),,, and it success.

[Giorgio Maone]

trouble with website with NoScript

1) The site(s) involved
..... https://www.libertyreserve.com/en/login

Is there any way for me to test without having a valid accout, i.e. is the behavior wrong/different for failed logins too?

[widhie75]

trouble with website with NoScript

1) The site(s) involved
..... https://www.libertyreserve.com/en/login

Is there any way for me to test without having a valid accout, i.e. is the behavior wrong/different for failed logins too?

After Mozilla updated to version 21, I can re-access Liberty Reserve without problem.
I don't know whats wrong, but its back to normal now.

Thanks