[Resolved] How to enable restrictSubdocScripting in NoScript 10?

Post a reply

Smilies
:D :) ;) :( :o :shock: :? 8-) :lol: :x :P :oops: :cry: :evil: :twisted: :roll: :!: :?: :idea: :arrow: :| :mrgreen: :geek: :ugeek:

BBCode is ON
[img] is ON
[url] is ON
Smilies are ON

Topic review
   

Expand view Topic review: [Resolved] How to enable restrictSubdocScripting in NoScript 10?

Re: How to enable restrictSubdocScripting in NoScript 10?

by barbaz » Thu Feb 25, 2021 8:04 pm

Re: How to enable restrictSubdocScripting in NoScript 10?

by barbaz » Wed Feb 24, 2021 5:58 pm

Giorgio Maone wrote: Wed Feb 24, 2021 4:37 pm What about Any capability blocked in the top document must be blocked in its subdocuments too?
Sounds good to me Image

Re: How to enable restrictSubdocScripting in NoScript 10?

by Giorgio Maone » Wed Feb 24, 2021 4:37 pm

What about Any capability blocked in the top document must be blocked in its subdocuments too?

Re: How to enable restrictSubdocScripting in NoScript 10?

by barbaz » Wed Sep 25, 2019 7:41 pm

https://simplysecure.org/blog/noscript-case-study wrote: We found that some of the labels were unclear to both novice and experienced users. For example, none of the 6 people we talked to could describe what Cascade top-level documents [...] meant.

Re: How to enable restrictSubdocScripting in NoScript 10?

by barbaz » Sun Aug 25, 2019 4:19 pm

@Quest: If you think of "permission" as whether "script", "object",... are checked or not:
barbaz wrote: Wed Jun 12, 2019 12:55 am The actual effect is more like "Block subdocuments from having more permissions than their top document".
Meaning:

Without the option selected - subdocuments have just whatever permission you've set for their domain/site.

With the option selected - subdocuments are only allowed the permissions that are allowed for BOTH the top-level site AND whatever you've set as allowed for the subdocument's site.

-----

While I'm here, I should also point out that the use of the word "Cascade" to describe this feature is particularly confusing for NoScript Classic users. Look at how it was used there:

Image

And also around the forums, e.g. in the sticky - viewtopic.php?f=7&t=8309

Cascading has always referred to cascading "allows", never cascading "denys". People think by word association, you can't just abruptly invert the association of a word like this without causing confusion. And putting "Cascade" as the first word, puts the emphasis on "Cascade", but it seems the emphasis was intended to be on the word "restrictions".

Now look at my suggested wording "Block subdocuments from having more permissions than their top document", and how the restrictSubdocScripting option was worded in NoScript Classic -

Image

Would be much less confusing, wouldn't it? See? :)

Re: How to enable restrictSubdocScripting in NoScript 10?

by Quest » Sun Aug 25, 2019 3:12 pm

So, if I put some (custom) permissions for ...googlevideo.com then all subdocuments (whatever they are) of googlevideo.com will have exactly same permissions and restrictions? (With that
"Cascade top document's restrictions to subdocuments" checked.

But: What happens if I do the same to https://googlevideo.com?

And what happens if that Cascade thing is unchecked?

Re: How to enable restrictSubdocScripting in NoScript 10?

by musonius » Fri Aug 23, 2019 5:42 am

jawz101 wrote: Fri Aug 23, 2019 3:39 amTo me this sounds like a looser policy. I would rather a subdocuments' permissions be granted or restricted separately. If I allow script/frame/images/fonts/etc on a primary page that doesn't necessarily mean I want to allow them on a subdocument. Right?
No. It's not about inheriting permissions to subdocuments, it's about inheriting restrictions to subdocuments. For example, if you do not allow 'media' for the first party domain, 'media' won't be allowed for any subdocument (not even for those for which you have allowed 'media').

Re: How to enable restrictSubdocScripting in NoScript 10?

by jawz101 » Fri Aug 23, 2019 3:39 am

I still don't understand this pref. So you are saying checked would mean it is a stricter policy?

"Cascade top document's restrictions to subdocuments"

To me this sounds like a looser policy. I would rather a subdocuments' permissions be granted or restricted separately. If I allow script/frame/images/fonts/etc on a primary page that doesn't necessarily mean I want to allow them on a subdocument. Right?

What stinks is there is absolutely no explanation what this preference is for except that it is for the TOR project. Even so, does that imply the TOR project would want this pref checked or not?

It's dumb.

Re: How to enable restrictSubdocScripting in NoScript 10?

by barbaz » Wed Jun 12, 2019 12:55 am

Ok found it: NoScript Options > General > "Cascade top document's restrictions to subdocuments"

IMO that is somewhat misleading wording. It implies that, for example, if a Trusted page embeds a Default frame, the frame would automatically become Trusted. The actual effect is more like "Block subdocuments from having more permissions than their top document".

[Resolved] How to enable restrictSubdocScripting in NoScript 10?

by barbaz » Sun Jun 09, 2019 5:37 pm

According to viewtopic.php?f=7&t=25395 this feature has already been ported. But in my NoScript 10.6.3rc7 on Waterfox 68, it's disabled. How to enable restrictSubdocScripting?

Top