InformAction Forums

This is what I get, Windows 7, this page: https://www.cnbc.com/2026/01/20/stock-market-today-live-updates.html fuller shot: https://i.postimg.cc/rcQsHbS9/noscript-high-contrast.png I'll note, that the very last domain, vsnt.net in this case, is actually cut off, slightly. The ...

... falling back to JSON deep-clone — benign by itself. keys returns Object.keys(this) — benign. No explicit eval()/document.write()/innerHTML/XHR/etc. shown here. Why it’s risky anyway: Embedding function source into a URL can be used to deliver arbitrary JS if the receiving page later ...

... it displays correctly. If I view highly similar pages using the http:// protocol the issue does not occur. The pages in question comprise only HTML and CSS, there's nothing "complicated" (like any scripts) involved. The HTML and CSS have both been checked OK against the W3C validators. ...

... installing NS: FrameData missing for {73a6fe31-595d-460b-a920-fcc0f8843232} page moz-extension://413e608e-4e2d-4e11-8d62-c76d7b41caeb/ui/popup.html ExtensionPageChild.sys.mjs:459 initExtensionContext resource://gre/modules/ExtensionPageChild.sys.mjs:459 initExtensionDocument resource://gre/modules/ExtensionProcessScript.sys.mjs:390

... We detected unusual behaviour from your browser, which resembles that of a bot") - AirBnB.com (images can't be accessed and result in html download endless loop, such as: BzYt4mFj.htm download failed -- moz-safe-about-Ressource) => unable to use website due to endless download attempt ...

... is still the case. 2) Depending how "untrusted" the domain is, you might consider not inserting it directly into HTML by concatenation, and instead using: - URL API and the associated URLSearchParams for inserting the domain in the Startpage search URL - .textContent ...

... is still the case. 2) Depending how "untrusted" the domain is, you might consider not inserting it directly into HTML by concatenation, and instead using: - URL API and the associated URLSearchParams for inserting the domain in the Startpage search URL - .textContent ...

... "content/eventsHook.main.js", "content/syncFetchPolicy.js" ] } ], "options_ui": { "page": "ui/options.html", "open_in_tab": true }, "browser_action": { "default_area": "navbar", "default_title": ...

1. html file
https://cloud.disroot.org/s/rTNspos4YmxKWze

2. Maybe change the order of items in the "Noscript blocked object" window?
https://m.freespeech.club//-XPNa6W8.png

fatboy wrote: ↑Thu Apr 24, 2025 4:19 pm Images are base 64.

Do you mean they're data: URLs?

Could please you share the HTML file to check? Thanks!

Windows 7, Fx 115esr, r3dfox 128, NoScript 12.5.904 There is html saved in one file. Images are base 64. I have to allow each image separately in the menu. https://m.freespeech.club//I01ZUcch.png If I click on placeholder, it opens a window with no visible ...

... in file: -> CUSTOM with the tooltip: "Capability for ‹…› directory." More like if you open "file:///home/fatboy/Downloads/somepage.html" and it tries to load anything, even an image, from an unrelated directory (e.g. "file:///home/fatboy/.config/chromium/Avatars/avatar_generic.png"), ...

... in file: -> CUSTOM with the tooltip: "Capability for ‹…› directory." More like if you open "file:///home/fatboy/Downloads/somepage.html" and it tries to load anything, even an image, from an unrelated directory (e.g. "file:///home/fatboy/.config/chromium/Avatars/avatar_generic.png"), ...

If somerandomsite.com and wallstdata.com are allowed to run scripts on a mybroker.com webpage, their scripts run in the context of the mybroker.com webpage , so any "fetch" they initiate would look the same as a fetch initiated by mybroker.com's first-party scripts. What you're describing ...

... Is it because certain elements in DuckDuckGo are just plain HTML? But shouldn’t “Other” settings cover that? Reddit, however, doesn’t load in the same way: https://forum.torproject.org/uploads/default/original/2X/2/2184b146eac8617ddd4e895991d8ae20bc506c07.png ...