InformAction Forums

Had a similar issue: https://forums.informaction.com/viewtopic.php?f=7&t=23870 The actual issue is just the website having a broken SEO/metatag for image or description.(respectively using a JS templating system for their SEO information) When Firefox then tries to load this, it tries to load it...

BTW the actual bug here is no XSS: It is just a broken request containing the string "{". And because of that string, NoScript categorizes it as XSS.

Each modern browser uses JavaScript everywhere. In the DevTools, in the settings page, etc. That's just how you develop things… And as long as these pages are still sandboxed (and not elevated inm contrast to usual pages) that's not really bad. I mean nowadays we even have whole desktop applications...

Ah thanks, that screenshot was very useful. And from my point of view, this is really a bug and *not* expected behaviour…

Please access about:newtab, press F12, select network inspector. Click on reload there. You'll see where they are loaded from.

And as I cannot reproduce the initial issue right now anyway… so there is no need to discuss that further.

Also we are getting of-topic.

You completely miss the point. (that WebExtension should not be able to access browser-stuff or other add-ons is a technical point, not my opinion, e.g.) But I've found two ways I can express this issue to the Firefox devs, indeed, and one is why EmojiOne was loaded in the first place (because contr...

It is closed, because they say it is a bug in NoScript, which I can understand… Hmm, yeah, but it is more surprising that this works at all. Because should not WebExtensions have no access to about:newtab as it is a Firefox-internal site? At least it looks as if they do not have, as all add-ons do n...

Okay, reported upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1421095

It would be strange if they contact EmojiOne… There is not even Emoji displayed.

Okay, possibly uMatrix can also do this, but NoScript had this feature – even as an extra checkbox. I mean to implement this it would not even need a whole new feature. They'd just need to accept "https://*" as an input. And that other add-on does not help me. I just want to prevent all ja...

Randomly this popup appears: https://hostux.pics/images/2017/11/27/b6f7eb65af4e52222cb60ddcebf32a5d.png Could it be caused by another WbeExtension? (e.g. my Emoji toolbar) But AFAIK it could not as WebExtensions are separated from each other. But I also could not find out to which page it belongs. S...

(*removed post in wrong topic*)

BTW AFAIK WebExtensions are now compatible with Firefox 57 for Android, so you should be able to install the "official" "NoScript" addon via AMO or so.

I think that white popup is a problem of Firefox. (I could also reproduce this with another WebExtension) Are you all using Linux? I have reported this at https://bugzilla.mozilla.org/show_bug.cgi?id=1421037. If you are affected by this problem, follow the bug there and/or report your system specs, ...

Any news?

In the Firefox 57 version of NoScript there seems to be no way of enabling/whitelisting all HTTPS content. In the old version I could either do this by just adding "https://" to the whitelist or (prefered) via a special setting in the advanced options. I tried to enter "https://*"...