Search found 8873 matches

by Giorgio Maone
Mon Apr 12, 2021 6:07 pm
Forum: NoScript General
Topic: pdf.js in Firefox 88+
Replies: 4
Views: 968

Re: pdf.js in Firefox 88+

@therube I see the pdfjs.enableScripting pref in FF 87, so I tried toggling that to true and testing that PDF, but couldn't get the script to work? That one didn't work for me either, but this one pops up a JS alert as soon as you hit the submit button. @Giorgio Can NoScript tell whether a page it ...
by Giorgio Maone
Mon Apr 12, 2021 4:52 pm
Forum: NoScript General
Topic: pdf.js in Firefox 88+
Replies: 4
Views: 968

Re: pdf.js in Firefox 88+

Bad news: NoScript has no control of what happens inside PDF.js-handled pages. Good news: you can disable JavaScript by turning the pdfjs.enablescripting about:config preference to false. Firefox will be also so kind to tell you if this breaks some feature of the current document and offer an extern...
by Giorgio Maone
Sun Apr 04, 2021 12:53 pm
Forum: NoScript Support
Topic: Android - how to install Development Build on Firefox Daylight?
Replies: 5
Views: 3860

Re: Android - how to install Development Build on Firefox Daylight?

But geez, uBlock Origin automatically updated by itself ... whether for a Beta, Release Candidate, or for a new Final version. Why can't NoScript do the same? I am just wondering! Are you saying that you can install a non-AMO uBlock version on Fenix? If so, could you tell me how? As far as I know t...
by Giorgio Maone
Sun Apr 04, 2021 9:33 am
Forum: NoScript General
Topic: Simple explanation of what is "CSS PP0"?
Replies: 5
Views: 627

Re: Simple explanation of what is "CSS PP0"?

The paper does not seem to mention what FireFox version they used, if any at all besides DeterFox and TorBrowser. Since FF85, FireFox has been doing cache partitioning , that supposedly prevents timing attacks on caches among other things. Is the PP0 attack still valid for FireFox? The whole class ...
by Giorgio Maone
Fri Apr 02, 2021 8:15 pm
Forum: NoScript Development
Topic: Feature request to enable/disable PP0 protection.
Replies: 10
Views: 923

Re: Feature request to enable/disable PP0 protection.

2) If this capability is disabled for a site that has scripts enabled, does the script-enabled status still override it as in previous NoScript? No, it doesn't. They're independent now (even though on upgrade from <= 11.2.4 any preset, including CUSTOM ones, which have "script", automatically get t...
by Giorgio Maone
Fri Apr 02, 2021 7:03 pm
Forum: NoScript Development
Topic: Feature request to enable/disable PP0 protection.
Replies: 10
Views: 923

Re: Feature request to enable/disable PP0 protection.

1) "csspp0" is not the best name for this capability IMO. No one who knows what CSS PP0 is would want to explicitly allow it. And every other capability controls what's served by the site, while this one is aimed at what can be done on that site. Not sure about this: "webgl", for instance, is somet...
by Giorgio Maone
Fri Apr 02, 2021 4:37 pm
Forum: NoScript Support
Topic: Limit JS by domain
Replies: 1
Views: 269

Re: Limit JS by domain

It used to be that you could allow scripts from googleapis.com only on google.com, for example. Now it is no longer possible. If I allow scripts from googleapis.com on any domain they are allowed on all domains. I am curious about the reason noscript was crippled in this way. If I allow scripts fro...
by Giorgio Maone
Fri Apr 02, 2021 3:57 pm
Forum: NoScript Support
Topic: New behaviour on some sites
Replies: 3
Views: 367

Re: New behaviour on some sites

In the current form it's too much of an annoyance on many sites. It should be reworked to work more silently or be disabled by default. In 11.2.5rc1 it can be configured per site (the new "csspp0" capability is enabled where you don't want the protection). Btw are there any privacy implications? I ...
by Giorgio Maone
Fri Apr 02, 2021 9:37 am
Forum: NoScript Support
Topic: New behaviour on some sites
Replies: 3
Views: 367

Re: New behaviour on some sites

This is due to the new CSS PP0 protection, which may induce a tiny delay in the loading of stylesheets when they're served cross-site.
by Giorgio Maone
Fri Apr 02, 2021 5:56 am
Forum: NoScript Development
Topic: Feature request to enable/disable PP0 protection.
Replies: 10
Views: 923

Re: Feature request to enable/disable PP0 protection.

On update this capability is un-checked for DEFAULT/UNTRUSTED but checked for TRUSTED. Does the box being checked mean (somewhat confusingly) that CSS PP0 is NOT mitigated? As a capability, it means the site "can do" CSS PP0, i.e. when it's checked the mitigation is off, like any other capability: ...
by Giorgio Maone
Thu Apr 01, 2021 10:37 pm
Forum: NoScript Development
Topic: [Fixed] XSS filter False Positive
Replies: 2
Views: 383

Re: XSS filter False Positive

Please check latest development build : v 11.2.5rc1 ============================================================ x Configurable "csspp0" capability to for sites where the CSS PP0 mitigation should be disabled (e.g TRUSTED) x [nscl] Fix CSS PP0 mitigation still interfering with some WebExtensions (th...
by Giorgio Maone
Thu Apr 01, 2021 10:36 pm
Forum: NoScript Development
Topic: Feature request to enable/disable PP0 protection.
Replies: 10
Views: 923

Re: Feature request to enable/disable PP0 protection.

Please check latest development build : v 11.2.5rc1 ============================================================ x Configurable "csspp0" capability to for sites where the CSS PP0 mitigation should be disabled (e.g TRUSTED) x [nscl] Fix CSS PP0 mitigation still interfering with some WebExtensions (th...
by Giorgio Maone
Thu Apr 01, 2021 10:35 pm
Forum: NoScript Support
Topic: [Fixed] 11.2.4rc5 Conflict with Feed Preview
Replies: 2
Views: 406

Re: 11.2.4rc5 Conflict with Feed Preview

Please check latest development build : v 11.2.5rc1 ============================================================ x Configurable "csspp0" capability to for sites where the CSS PP0 mitigation should be disabled (e.g TRUSTED) x [nscl] Fix CSS PP0 mitigation still interfering with some WebExtensions (th...
by Giorgio Maone
Wed Mar 31, 2021 4:42 pm
Forum: NoScript Development
Topic: Feature request to enable/disable PP0 protection.
Replies: 10
Views: 923

Re: Feature request to enable/disable PP0 protection.

nscl/content/prefetchCSSResources.js:37 "rarget" Fixed, thanks. Though I have hard time figuring out what is the use case for wrapCssAccess... The use case is not (currently) NoScript, since we assume JavaScript-enabled pages have plenty and more accurate ways to accomplish the same thing, but othe...
by Giorgio Maone
Wed Mar 31, 2021 10:38 am
Forum: NoScript Support
Topic: [Bug-Report] - NoScript 11.2.4 - every site is displayed as text only for a second
Replies: 2
Views: 377

Re: [Bug-Report] - NoScript 11.2.4

Is it really every site?
Both TRUSTED and DEFAULT?
I'm asking because it might be the new prefetching protection agains CSS PP0, but it should happen only on pages where JavaScript is disabled and external stylesheets are used.