Noscript Breaks Disqus - again

Post a reply

Smilies
:D :) ;) :( :o :shock: :? 8-) :lol: :x :P :oops: :cry: :evil: :twisted: :roll: :!: :?: :idea: :arrow: :| :mrgreen: :geek: :ugeek:

BBCode is ON
[img] is ON
[url] is ON
Smilies are ON

Topic review
   

Expand view Topic review: Noscript Breaks Disqus - again

Re: Noscript Breaks Disqus - again

by barbaz » Sun Nov 10, 2019 10:27 am

Capimoska wrote: Sun Nov 10, 2019 9:59 am Just letting you know, I had the same problem in Firefox 70.0.1 (64) on Windows 7 and NoScript looks completely different,
Because this thread is about NoScript Classic, while you're using NoScript Webext. Maybe it would be better to discuss NoScript Webext effects on Disqus in a separate thread, to avoid confusion?
Capimoska wrote: Sun Nov 10, 2019 9:59 am Had to go to Options>Advanced
Click in "Delete all XSS options" (careful, no confirmation prompted)
And know it works, Disqus (and others) appear in the list and ypu can manually block/unblock them (well, depending on your settings).

Not sure how safe is this, but hope it helps someone.
It's safe in that it won't compromise your NoScript security. It just means NoScript will prompt you again next time it encounters a possible XSS attempt from any site you previously "Always blocked" or "Always allowed" XSS attempt.

Re: Noscript Breaks Disqus - again

by Capimoska » Sun Nov 10, 2019 9:59 am

NRG wrote: Sun Jul 07, 2019 7:30 am the solution is very simple:

Open NoScript options and set the XXS pannel adding ^https://disqus.com inside it as in the bottom image:



https://i.postimg.cc/hGJpZ4q3/No-Script-Settings.png
Just letting you know, I had the same problem in Firefox 70.0.1 (64) on Windows 7 and NoScript looks completely different, so couldn't do that.
When clicking in the NoScript button "disqus.com" was not even in the list of scripts (neither blocked or allowed).

Had to go to Options>Advanced
Click in "Delete all XSS options" (careful, no confirmation prompted)
And know it works, Disqus (and others) appear in the list and ypu can manually block/unblock them (well, depending on your settings).

Not sure how safe is this, but hope it helps someone.

Re: Noscript Breaks Disqus - again

by barbaz » Sun Jul 07, 2019 5:51 pm

@NRG While that could be a good solution, please note that it allows every site to XSS disqus.com. Some more info is needed to get a sense of how safe that is.

Could you please open Browser Console (Cmd-Shift-J) and post the NoScript InjectionChecker and NoScript XSS messages associated with breaking Disqus?
(temporarily remove the exception for this)

Re: Noscript Breaks Disqus - again

by NRG » Sun Jul 07, 2019 7:30 am

the solution is very simple:

Open NoScript options and set the XXS pannel adding ^https://disqus.com inside it as in the bottom image:



https://i.postimg.cc/hGJpZ4q3/No-Script-Settings.png

Re: Noscript Breaks Disqus - again

by Pansa » Wed Jan 24, 2018 12:37 am

TalonKarrde wrote:
Right now, noscript users are prevented from participating in internet debates all over the place!
Please fix that!!!
Some are, some are not.
Loading comment chains works fine here (although not in the build you mention, I don't run that).
After allowing both …disqus.com and …disquscdn.com

It shows comments just fine (I guess the 8000+ on that breitbart drat count as "large"?)
The thing with noscript in general is, there is a lot of "user error" that can be experienced, and in those cases, without actually knowing the specific settings of a user, it can't necessarily be established whether there actually IS a bug.
If reproducing behaviour fails, chances are it's the user settings and not the addons fault.

Someone above pointed out that lack of 3rd party cookies interferes (which makes sense because discuss is technically a third party on any given page that embeds it)

The basic problem is, Noscript allows you to mess with webpages. Depending on what you decide more or less. If you decide in a way that conflicts with the websites intend, it will probably not show it in an expected way.
What is "another screen", what are "xss popups" and how do you "clear them" ?
another screen : The other monitor/display device in a dual/multi display setup.

xss popup : a seperate window being created warning you of a cross site scripting call, requiring user input about how to proceed (allow/block once/always)

cross site scripting : a page calling another pages scripts, but not in the regular way properly announcing it, but acting like it is their own script.

clearing them : Making a choice, therefore stopping the pause of loading that script until you allow it (or not).

Which brings us back to settings: If you for instance generally block Xss calls, and don't have them set to "ask me", it won't ask, and thus not create a popup, thus just block the call, which might break something you want to work.

Tldr:
The chance is that it isn't Noscripts fault, but some setting or another that you don't know that you deny something that you want allowed.
Hard to troubleshoot without proper information, and even harder to actually establish as "bug".

Re: Noscript Breaks Disqus - again

by TalonKarrde » Wed Jan 24, 2018 12:04 am

jawz101 wrote:I, for one, can't stand Disqus. I think it's more on there end that the way they do things basically requires you to revert every protection you have in place.
That is not the point. NoScript has a problem here, evidenced by the fact that deactivating noscript is the only thing that remedies the problem

Whoever is in charge here - please fix that Disqus issue! Disqus is the comments engine behind hundred of large and small web sites.

Right now, noscript users are prevented from participating in internet debates all over the place!
Please fix that!!!

Re: Noscript Breaks Disqus - again

by jawz101 » Mon Jan 08, 2018 5:52 pm

I, for one, can't stand Disqus. I think it's more on there end that the way they do things basically requires you to revert every protection you have in place. If I mess with referer control it breaks logins, first party isolation breaks logins, blocking 3rd party cookies breaks logins.. .I've never been able to consistently log into a site using Disqus because once I do, I probably cleaned my cookies or toggled a preference back to something else and suddenly I'm back to a broken Disqus login.

Re: Noscript Breaks Disqus - again

by TalonKarrde » Mon Jan 08, 2018 12:34 am

djl47 wrote:I found the problem. I was getting XSS warning popups on another screen. I cleared those and tried a post at pjmedia and got another XSS warning. I allowed the XSS and Disqus loaded without any further problem.
I have no idea what you are talking about. What is "another screen", what are "xss popups" and how do you "clear them" ?

Re: Noscript Breaks Disqus - again

by TalonKarrde » Mon Jan 08, 2018 12:32 am

Hi,

as this issue seems to persist:

has this problem been recognized as a bug by those in charge of fixing things?
is there an ETA for a fix?

Re: Noscript Breaks Disqus - again

by Buckaroo Bonjovi » Wed Dec 20, 2017 4:59 am

I'm using TOR which has NoScript built in. Default configuration for everything. I also see Disqus threads hanging when the browser attempts to load them.

Doesn't seem right I should have to disable XSS protection to get it loading. What changed? I noticed that some disqus sites load, but not others. Has there been some political targeting?

I'm not able to post the console log because the "anti-spam filter" blocks my post. I tried several times.

Re: Noscript Breaks Disqus - again

by possum » Mon Dec 11, 2017 2:16 pm

Same problem.

I get no warnings but found it's OK if I turn off XSS sanitisation.

This is v 5.1.8.3 on waterfox 55.2.2

Re: Noscript Breaks Disqus - again

by darby » Mon Dec 11, 2017 10:16 am

Getting the same issue the other day. Will try that, thanks!

Re: Noscript Breaks Disqus - again

by djl47 » Mon Dec 11, 2017 2:59 am

I found the problem. I was getting XSS warning popups on another screen. I cleared those and tried a post at pjmedia and got another XSS warning. I allowed the XSS and Disqus loaded without any further problem.

Re: Noscript Breaks Disqus - again

by djl47 » Mon Dec 11, 2017 2:46 am

Doesn't work for me at the link in your post. Disqus works fine for me at Instapundit but not at pjmedia posts outside of Instapundit. Disqus also works when I went to https://blog.disqus.com/disqus-and-zeta

Noscript Breaks Disqus - again

by TalonKarrde » Sun Dec 10, 2017 10:03 pm

Symptom: large disqus threads don't load. (small ones, do, occasionally)
I'm logged in as disqus user

Allow all scripts does NOT fix the issue.
Disabling NoScript does fix the issue.

Noscript Version is 5.1.8.2 on Firefox ESR 52.5.2 (32bit)
No other adblock or content control extensions are present.

I already tried adding .disqus.com to both noscript.clearClick.exceptions and noscript.clearClick.subexceptions (as advised in earlier threads in this forum) , but that doesnt help.

console output for that page (yeah, its Breitbart) (with allow all scripts)

Code: Select all

Connect V5 version : 2.9 loaded  connectV5.js:1:19742
XML Parsing Error: syntax error
Location: http://www.breitbart.com/video/2017/12/10/nikki-haley-trumps-accusers-heard/
Line Number 1, Column 1:  nikki-haley-trumps-accusers-heard:1:1
INIT request received from publisher page with config :  Object { widgetId: "NBzIDXyaTGIG-alRGD80gG0EgZYntzADRCa…", template: "NM07" }  connectV5.js:1:19725
Next widget loading invoked in queue  connectV5.js:1:19742
Found next Adunit in queue  connectV5.js:1:19742
New Direct AN ID publisher Integration  connectV5.js:1:19742
Rendering Standard widget : NBzIDXyaTGIG-alRGD80gG0EgZYntzADRCaNSDUQ  connectV5.js:1:19742
RenderJS invoked  connectV5.js:1:19742
AN: Unable to track viewability. Unfriendly Iframe Error  render.v1.js:1:2501
New Publisher Widget loaded successfully  connectV5.js:1:19742
Next widget loading invoked in queue  connectV5.js:1:19742
Adunit processing queue is clear  connectV5.js:1:19742
An unbalanced tree was written using document.write() causing data from the network to be reparsed. For more information https://developer.mozilla.org/en/Optimizing_Your_Pages_for_Speculative_Parsing  232_16_16.html:1
Script from “http://s.xp1.ru4.com/smarttagevent?_o=26476&_t=64691330&_callback=window.SmartTag.jsonpCallbacks.request_0” was blocked because of a disallowed MIME type.  nikki-haley-trumps-accusers-heard
An unbalanced tree was written using document.write() causing data from the network to be reparsed. For more information https://developer.mozilla.org/en/Optimizing_Your_Pages_for_Speculative_Parsing  232_6_16.html:1
An unbalanced tree was written using document.write() causing data from the network to be reparsed. For more information https://developer.mozilla.org/en/Optimizing_Your_Pages_for_Speculative_Parsing  232_16_1.html:1
An unbalanced tree was written using document.write() causing data from the network to be reparsed. For more information https://developer.mozilla.org/en/Optimizing_Your_Pages_for_Speculative_Parsing  232_16_2.html:1
An unbalanced tree was written using document.write() causing data from the network to be reparsed. For more information https://developer.mozilla.org/en/Optimizing_Your_Pages_for_Speculative_Parsing  232_16_6.html:1
An unbalanced tree was written using document.write() causing data from the network to be reparsed. For more information https://developer.mozilla.org/en/Optimizing_Your_Pages_for_Speculative_Parsing  232_6_1.html:1
Content Security Policy: Directive ‘frame-src’ has been deprecated. Please use directive ‘child-src’ instead.  (unknown)
An unbalanced tree was written using document.write() causing data from the network to be reparsed. For more information https://developer.mozilla.org/en/Optimizing_Your_Pages_for_Speculative_Parsing  232_6_6.html:1
This site appears to use a scroll-linked positioning effect. This may not work well with asynchronous panning; see https://developer.mozilla.org/docs/Mozilla/Performance/ScrollLinkedEffects for further details and to join the discussion on related tools and features!  nikki-haley-trumps-accusers-heard
GET 
https://c.disquscdn.com/next/embed/lounge.load.js [HTTP/2.0 404 Not Found 55ms]
The resource from “https://c.disquscdn.com/next/embed/lounge.load.js” was blocked due to MIME type mismatch (X-Content-Type-Options: nosniff).  comments
Any help is appreciated.

Top