Search found 10 matches

by cepheus
Fri May 26, 2017 4:28 pm
Forum: NoScript Development
Topic: NS 5.0.4 & later - XSS filter stalls firefox on Postillon
Replies: 29
Views: 13258

Re: [Config workaround] NS 5.0.4 stalls firefox on Postillon

barbaz wrote:Does the hanging occur with NoScript latest development build?
Unfortunately, yes (NoScript 5.0.5rc10).
by cepheus
Fri May 26, 2017 3:34 pm
Forum: NoScript Development
Topic: NS 5.0.4 & later - XSS filter stalls firefox on Postillon
Replies: 29
Views: 13258

Re: [Config workaround] NS 5.0.4 stalls firefox on Postillon

No, the window.name sanitiation is a false flag. That was from googlesyndication.com, while NoScript chokes on something from www-blogger-opensocial.googleusercontent.com. Here is a new log from today. Firefox 55 nightly from today, NoScript 5.0.4 with javascript allowed globally. Other settings def...
by cepheus
Fri May 26, 2017 10:52 am
Forum: NoScript Development
Topic: NS 5.0.4 & later - XSS filter stalls firefox on Postillon
Replies: 29
Views: 13258

Re: [Config workaround] NS 5.0.4 stalls firefox on Postillon

And if you do add an XSS exception, make sure to completely block the site(s) allowed by the exception. This is actual XSS, it's not safe to just allow. Yes it is wise to block everything 3rd-part google* in ABE, be it just for privacy reasons. However, to be clear: I don't think that googleusercon...
by cepheus
Thu May 25, 2017 9:50 am
Forum: NoScript Development
Topic: NS 5.0.4 & later - XSS filter stalls firefox on Postillon
Replies: 29
Views: 13258

Re: [Config workaround] NS 5.0.4 stalls firefox on Postillon

Recent changes to NoScript causes to freez firefox on some site e.g. "http://www.der-postillon.com/" and man others.
Workarounds: See above, XSS exception for www-blogger-opensocial.googleusercontent.com (or other 3rd party sites), or disallow IFrames.
by cepheus
Tue May 16, 2017 8:55 am
Forum: NoScript Development
Topic: NS 5.0.4 & later - XSS filter stalls firefox on Postillon
Replies: 29
Views: 13258

[Config workaround] NoScript 5.0.4 stalls firefox on Postill

Try this ABE rule - ...tpc.googlesyndication.com googlesyndication.com is not the culprit, but I found it: blogger-opensocial.googleusercontent.com. According to umatrix, two frames from there are in the main website. I can get rid of the hang (with XSS protection enabled) with the following rules:...
by cepheus
Mon May 15, 2017 3:09 pm
Forum: NoScript Development
Topic: NS 5.0.4 & later - XSS filter stalls firefox on Postillon
Replies: 29
Views: 13258

Re: NoScript 5.0.4 stalls firefox on www.der-postillon.com

New data: The "hang" goes away with "Sanitize cross-site suspicious requests" off. However, I would like to keep that option on. The hang does also occur with the following insane ABE rule: Site .der-postillon.com Accept Site * Deny So it seems that XSS protection is processed before ABE. And it is ...
by cepheus
Mon May 15, 2017 2:57 pm
Forum: NoScript Development
Topic: NS 5.0.4 & later - XSS filter stalls firefox on Postillon
Replies: 29
Views: 13258

Re: NoScript 5.0.4 stalls firefox on www.der-postillon.com

I think the "safeframe" in the log is a red herring: My problem is not markup or script source code on the website (i don't see any), my problem is an unresponsive firefox process. All other websites from the "safeframe" search result threads load really fast. With www.der-postillon.com - even block...
by cepheus
Mon May 15, 2017 10:38 am
Forum: NoScript Development
Topic: NS 5.0.4 & later - XSS filter stalls firefox on Postillon
Replies: 29
Views: 13258

NS 5.0.4 & later - XSS filter stalls firefox on Postillon

Hello, since version 5.0.4, firefox hangs after opening the following url: http://www.der-postillon.com/ . The whole window seems unresponsive, even when e10s is enabled. I tried several combinations of firefox 52.1 and current nightly (55.0a1), with e10s enabled or disabled, on linux and windows. E...
by cepheus
Wed Apr 12, 2017 4:55 pm
Forum: ABE
Topic: ABE Electrolysis support
Replies: 2
Views: 88478

Re: ABE Electrolysis support

However, with e10s, nothing happens when clicking the link, and it gets an ABE message. Can you please post that Browser Console message here? [ABE] < .twitter.com .twimg.com> Deny INCLUSION on {GET https://twitter.com/internetofshit/status/849231009036066816 <<< https://twitter.com/internetofshit/...
by cepheus
Wed Apr 12, 2017 11:45 am
Forum: ABE
Topic: ABE Electrolysis support
Replies: 2
Views: 88478

ABE Electrolysis support

Hello, I noticed that direct links to sites affected by ABE restrictions do not work anymore. The "big" examples are google, facebook and twitter. I use firefox ESR on linux, and after the upgrade to version 52, I force-enabled multiprocess (Electrolysis,e10s) and replaced some addons which did no l...