Search found 129 matches
- Sat Nov 09, 2013 4:10 pm
- Forum: NoScript General
- Topic: ScriptNo; NoScript Clone?
- Replies: 46
- Views: 127398
Re: ScriptNo; NoScript Clone?
BTW, the previous extension (HTTP Switchboard) has another fatal flaw, the choices are not persistent between sessions (meaning restarting the browser) - that's a mega giant failure and limitation. That's a mistake I also made at the beginning. If you want to make your choices permament you have to...
- Wed Sep 05, 2012 11:44 am
- Forum: NoScript Development
- Topic: allowing pdf.js only
- Replies: 7
- Views: 6593
Re: allowing pdf.js only
Not that I am aware of. I just tried before posting this with a random PDF (http://samplepdf.com/sample.pdf) and without even allowing the domain and just the script and blob allowed, it showed up, didn't even have to allow samplepdf.com Okay, thanks. I just noticed that it works with FF 17 as ment...
- Fri Aug 31, 2012 3:34 pm
- Forum: NoScript Support
- Topic: Java 0-day exploit question
- Replies: 18
- Views: 10154
Re: Java 0-day exploit question
@ tlu : I've got no idea of why your mime-type@site.com rules appear to work. They shouldn't. Okay, I repeated my tests and found the following: 1. On http://java.com/en/download/installed.jsp?detect=jre the rule seems to work: The code that tried to detect my java version didn't come to an end. (H...
- Thu Aug 30, 2012 1:27 pm
- Forum: NoScript Support
- Topic: Java 0-day exploit question
- Replies: 18
- Views: 10154
- Thu Aug 30, 2012 1:22 pm
- Forum: NoScript Support
- Topic: Java 0-day exploit question
- Replies: 18
- Views: 10154
Re: Java 0-day exploit question
Site java-vm@*.* Deny Sorry, there's a misunderstanding here. Syntax like "java-vm@*" or, more in general, "some-mime-type@some-url" cannot work in ABE (even though is used in NoScript's Blocked Objects menu) because at the time ABE runs (before hitting the network) the mime typ...
- Thu Aug 30, 2012 11:24 am
- Forum: NoScript Development
- Topic: allowing pdf.js only
- Replies: 7
- Views: 6593
Re: allowing pdf.js only
I found that allowing pdf.js that appears on the NS menu, or more specifically the resource://pdf.js as well as blob: was sufficient to get the thing to work. Hm, I tried that but didn't succeed with NS 2.5.3rc4 and FF 16 :( Is there anything else to consider or has something changed in the meantim...
- Thu Aug 30, 2012 10:45 am
- Forum: NoScript Support
- Topic: Java 0-day exploit question
- Replies: 18
- Views: 10154
Re: Java 0-day exploit question
= [checked] Apply these restrictions to whitelisted sites too. This is checked. Does this matter? No, that shouldn't matter in this case. I clicked "OK" and went to this "test page" at chessgames.com Paul Morphy vs Duke Karl / Count Isouard (1858) "A Night at the Opera"...
- Wed Aug 29, 2012 4:12 pm
- Forum: NoScript Support
- Topic: Java 0-day exploit question
- Replies: 18
- Views: 10154
Re: Java 0-day exploit question
Another method: uncheck "Forbid Java" in Noscript Options -> Embeddings tab and add the following rule in Options -> Advanced -> ABE -> User: Site java-vm@*.* Deny This blocks java on any site. If you want to define an exception for sites like, e.g., abc.org or xyz.com, this rule should lo...
- Sat Aug 25, 2012 10:02 am
- Forum: NoScript Development
- Topic: JavaScript-only whitelist?
- Replies: 1
- Views: 1417
Re: JavaScript-only whitelist?
Thrawn, I'm obviously not Giorgio :lol: and can't tell how difficult it would be to implement this feature. But considering that FF now offers click-to-play for plugins (which works very well with Noscript), I don't think that such an enhancement is worth the effort if we assume that NS 3 is (hopefu...
- Fri Aug 24, 2012 11:13 am
- Forum: ABE
- Topic: combination of Sandox and Anonymize actions?
- Replies: 24
- Views: 17295
Re: combination of Sandox and Anonymize actions?
I certainly will Thanks for your reply!GµårÐïåñ wrote: Just keep an eye out for it.
- Thu Aug 23, 2012 12:50 pm
- Forum: ABE
- Topic: combination of Sandox and Anonymize actions?
- Replies: 24
- Views: 17295
Re: combination of Sandox and Anonymize actions?
Thrawn, just out of curiosity: Have you made any progress with SABER? Is there an alpha/beta version to test? What you were planning to implement sounds very interesting, indeed!Thrawn wrote:Is Anonymize+Sandbox on the radar to be implemented? I'd love to support it in SABER.
- Sun Aug 05, 2012 11:14 am
- Forum: NoScript General
- Topic: What's the advantage of NoScript over Click to play
- Replies: 1
- Views: 3006
Re: What's the advantage of NoScript over Click to play
Your first sentence is incorrect: the click-to-play feature ONLY applies to plugins and NOT to javascript. CTP is not a replacement for Noscript at all as NS offers a lot more as explained on its features site and the FAQ , like an excellent protection against XSS and Clickjacking (among many other ...
- Mon Jul 16, 2012 11:14 am
- Forum: NoScript General
- Topic: collusion
- Replies: 14
- Views: 10509
Re: collusion
Yeah in my view Fx is dead browser walking and I foresee that it will go the way of other browsers that got hyped and then died off. Addons like NS and RP are the only reason I stick with it and even then its only about 30% of the time, I use my own builds of Chromium original source so I don't hav...
- Sun Jun 24, 2012 9:58 am
- Forum: NoScript Support
- Topic: Problem with Noscript and Lastpass
- Replies: 4
- Views: 3485
Re: Problem with Noscript and Lastpass
No problem here with NS 2.4.7rc3, Lastpass 2.0 and FF 14. I've added lastpass.com to "Force the following sites to use secure (HTTPS) connections".
Perhaps a problem related to FF 15?
Perhaps a problem related to FF 15?
- Sun Jun 03, 2012 4:25 pm
- Forum: Web Tech
- Topic: Various safety measures, OS comparisons, multi-boot, Flash b
- Replies: 49
- Views: 31094
Re: Flash Player sandboxing is coming to Firefox
I understand your point about adding additional layers of defense, bypassable or otherwise. The flip side of that is that larger footprint = larger attack surface. Tom, that's not necessarily true. It's true, e.g., if you're using more and more addons in your browser. It's not true, e.g., for a com...