Search found 3186 matches

by Tom T.
Sat Mar 16, 2013 4:33 am
Forum: NoScript Development
Topic: Websites detecting blockers now?
Replies: 6
Views: 4126

Re: Websites detecting blockers now?

Interestingly, I have no adblocking software; yet, if the top-level script is allowed, I still get the "Adblocking software detected" message. Temp-disabling RequestPolicy didn't change that. So apparently, the fact that NS blocks the ad scripts convinces them that you have ABP or similar ...
by Tom T.
Sat Mar 16, 2013 3:08 am
Forum: Security
Topic: Shoddy Security At Wells Fargo Bank
Replies: 2
Views: 5968

Shoddy Security At Wells Fargo Bank

Background: Anyone in the US is entitled by law to a free copy of their credit file, commonly referred to as a "credit report", once every twelve months, via https://www.annualcreditreport.com (Beware of similar addresses that are *not* the official site.) However, credit scores , which a...
by Tom T.
Wed Mar 13, 2013 6:09 am
Forum: NoScript Support
Topic: [RESOLVED] NoScriptSTS.db-xxxx.tmp
Replies: 10
Views: 6366

Re: NoScriptSTS.db-xxxx.tmp

if i kill the sandboxed FF, the updating and adding files stops in the non-sandboxed one, so there seems to be an interaction across the sandbox boundaries. Most users allow the browser to write through the sandbox to various parts of the actual profile on the hard drive, else new bookmarks, NoScri...
by Tom T.
Mon Mar 11, 2013 11:53 pm
Forum: NoScript Support
Topic: [RESOLVED] NoScriptSTS.db-xxxx.tmp
Replies: 10
Views: 6366

Re: NoScriptSTS.db-xxxx.tmp

Just caught this from the changelog : v 2.6.5.9rc2 Removed STS support for Gecko >= 4, which provides built-in HSTS ... Updating resulted in a NoScriptSTS.db file of zero bytes, and no db.tmp file at all. I would guess that the STS.db file might be removed from Gecko >=4 eventually, as being no long...
by Tom T.
Mon Mar 11, 2013 11:32 pm
Forum: NoScript Development
Topic: Not autoreloading / closing menu if clicked from toolbar
Replies: 11
Views: 5762

Re: Not autoreloading / closing menu if clicked from toolbar

(Assuming that the about:config settings described solved the autoreload issue, and addressing only the message bar.) With your Appearance settings, I can reproduce the lack of the message bar using the browser back and forward arrows as well as Alt+left or right arrow. However, if I then change a p...
by Tom T.
Mon Mar 11, 2013 11:06 pm
Forum: NoScript Support
Topic: [RESOLVED] NoScriptSTS.db-xxxx.tmp
Replies: 10
Views: 6366

Re: NoScriptSTS.db-xxxx.tmp

if i run with all add-ons disabled [safemode] the updating and adding files stops. if i run with all add-ons disabled except NS the updating and adding files starts again. I did not ask you to run in safe mode or disable all add-ons. I asked you to please create a clean profile and install a fresh ...
by Tom T.
Mon Mar 11, 2013 10:53 pm
Forum: NoScript Support
Topic: XSS issues
Replies: 4
Views: 2665

Re: XSS issues

Also, it would still be helpful to us if we could see this happening ourselves. As requested, please provide an exact set of steps to make the XSS message appear. Navigate to what site? Click what link(s)? Fill in what blanks with what? Et cetera -- until the XSS message shows. Then we can do exactl...
by Tom T.
Mon Mar 11, 2013 5:23 am
Forum: NoScript Support
Topic: [RESOLVED] NoScriptSTS.db-xxxx.tmp
Replies: 10
Views: 6366

Re: NoScriptSTS.db-xxxx.tmp

I find only a single instance of a file, NoScriptSTS.db.tmp , without any xxxx (alphanumerics) added, created each time I start the browser. However, this is not a representative case, because I run the browser sandboxed, and the sandbox dumps *everything* each time the browser is closed. Does it st...
by Tom T.
Mon Mar 11, 2013 5:08 am
Forum: NoScript Support
Topic: XSS issues
Replies: 4
Views: 2665

Re: XSS issues

Please provide exact steps to reproduce an XSS error. (II couldn't.) Then open Firefox Error Console (Ctrl+Shift+J), click the blue "Messages" icon, and copy/paste here any messages relating to NoScript. Especially those that start with [XSS]. (Note: If the spam filter trips, try enclosing...
by Tom T.
Sun Mar 10, 2013 5:01 am
Forum: NoScript General
Topic: http://localhost Blocked.
Replies: 12
Views: 10700

Re: http://localhost Blocked.

Try Perspectives.... Why, I just might do that! (I just did). ... it looks like yet another good layer of "defense-in-depth". Will let you know MHO after some experience with it. Thanks for the tip. I think this has been a fair trial period, and wanted to let you know I'm pleased with Per...
by Tom T.
Sun Mar 10, 2013 12:32 am
Forum: NoScript General
Topic: Suggestion: Global whitelist
Replies: 4
Views: 6950

Re: Suggestion: Global whitelist

It would be helpful if there was a global whitelist. Currently you can whitelist indidividual sites. But it would be more helpful if you can all a script for all sites. Are you referring to " Allow Scripts Globally (dangerous )"? This can be enabled via NoScript Options > Appearance , but...
by Tom T.
Wed Mar 06, 2013 8:52 am
Forum: NoScript Support
Topic: Bank Of America Wants To Force JavaScript
Replies: 8
Views: 9029

Re: Bank Of America Wants To Force JavaScript

I'm assuming that you trust BA, or you wouldn't bank there, at least not online, so what is the objection to allowing JS from them? (not from third parties, of course)
Most financial sites that I use require that their own scripting be permitted.
by Tom T.
Wed Mar 06, 2013 8:45 am
Forum: NoScript Development
Topic: Revoke Temporary Permissions On Tab Close
Replies: 5
Views: 3329

Re: Revoke Temporary Permissions On Tab Close

Revoke temporary permissions for SiteX.com does revoke it for all tabs of SiteX.com, regardless of whether you close the tabs. If you are asking for NoScript to automatically revoke the permissions when you close the tab, or the last open tab of SiteX, which if I understand correctly is your request...
by Tom T.
Tue Mar 05, 2013 5:43 am
Forum: ABE
Topic: ABE rule help needed
Replies: 14
Views: 9131

Re: ABE rule help needed

Maybe it's better to keep them split, as Giorgio (and I) suggested: Put the specific site first, and note that Giorgio's examples do *not* end in a global deny. The default SYSTEM rule follows, with the usual global deny. In plain English: Site LOCAL Accept from 192.168.1.36:52199 # Prevent Internet...
by Tom T.
Mon Mar 04, 2013 6:34 am
Forum: ABE
Topic: ABE rule help needed
Replies: 14
Views: 9131

Re: ABE rule help needed

@Guardian: Won't that cause all other local traffic to be blocked? ABE FAQ has a number of examples in which Giorgio specifies putting the specific rule *above* the general, especially FAQ 8.3 - 8.9. They tend to use 127.0.0.1, but I'd think ABE would recognize 192.168.x.x (router or LAN) as a LOCA...