Search found 129 matches

by tlu
Tue Mar 01, 2011 2:28 pm
Forum: NoScript Development
Topic: NS protection modules not surfaced in the GUI
Replies: 15
Views: 138425

Re: NS protection modules not surfaced in the GUI

I agree. Another candidate would be noscript.injectionCheck, although explained on http://noscript.net/features#xss
by tlu
Tue Mar 01, 2011 2:00 pm
Forum: NoScript Development
Topic: Discussion: Site Specific Permissions Policy
Replies: 165
Views: 71516

Re: Discussion: Site Specific Permissions Policy

Placeholders and one-click permissions don't belong in ABE. And they don't need to, IMHO. For example, in the "Embeddings" tab I've checked "Apply these restrictions to whitelisted sites too" in order to mitigate java/flash related risks. This means, of course, that, e.g, java i...
by tlu
Mon Feb 14, 2011 6:27 pm
Forum: NoScript General
Topic: Firefox extension security and Noscript
Replies: 4
Views: 2536

Re: Firefox extension security and Noscript

In fact, the review process has been improved and tightened a lot during the past years Indeed, I had that already mentioned that in my posting. This doesn't mean a 100% guarantee that a malicious or buggy extension can't be published on AMO, Yes, and it seems that Update Scanner implemented securi...
by tlu
Mon Feb 14, 2011 12:18 pm
Forum: NoScript General
Topic: Firefox extension security and Noscript
Replies: 4
Views: 2536

Re: Firefox extension security and Noscript

Giorgio, thanks a lot for your reply - much appreciated! NoScript cannot be blamed for the Update Scanner's idiocy: if your code allows websites to inject arbitrary content in chrome context, you're opening a gaping hole in the browser's security and deserve to be hanged to the nearest tree. And it ...
by tlu
Sun Feb 13, 2011 5:27 pm
Forum: NoScript General
Topic: Firefox extension security and Noscript
Replies: 4
Views: 2536

Firefox extension security and Noscript

If you search the web, you can find lots of papers which critisize that a Mozilla extension security model is "nonexistent", e.g. this one. This document says: Extensions can be installed by the user, either through the Add-on Manager or via a web page.They also can be installed by an exte...
by tlu
Mon Jan 31, 2011 11:07 am
Forum: NoScript Support
Topic: Status Bar Message
Replies: 30
Views: 15167

Re: Status Bar Message

Thank you very much, Giorgio :D
by tlu
Tue Jan 04, 2011 4:16 pm
Forum: NoScript Support
Topic: Status Bar Message
Replies: 30
Views: 15167

Re: Status Bar Message

Giorgio, I think it's a pity that you removed it. Normally, the noscript icon in the status bar has a short message next to it saying things like "Scripts Partially Allowed..." etc. Sorry, but it has been removed on purpose because: ⋅ It is incompatible with Firefox 4, where the ...
by tlu
Fri Dec 31, 2010 4:19 pm
Forum: NoScript Development
Topic: Disallowing specific JavaScript functions
Replies: 4
Views: 1231

Re: Disallowing specific JavaScript functions

You might want to try Controle de Scripts. Its comprehensive help site can be found here.
by tlu
Sat Oct 23, 2010 1:09 pm
Forum: NoScript General
Topic: An opinion, or why I just disabled NoScript
Replies: 5
Views: 3056

Re: An opinion, or why I just disabled NoScript

Guys, I have opened the Options, and I don't understand one bit of it! I get the feeling that this software was written by and for techies, and not much thought has been given to non-techies, who are the vast majority of the user public. Browser security is a complex matter. I suggest that you fami...
by tlu
Sun Oct 03, 2010 11:34 am
Forum: NoScript Support
Topic: NoScript + Firefox 4.0b6
Replies: 3
Views: 630

Re: NoScript + Firefox 4.0b6

Have you added about:plugins to your whitelist? After doing this it should work.
by tlu
Wed Sep 22, 2010 10:05 am
Forum: NoScript General
Topic: evercookie
Replies: 1
Views: 1383

Re: evercookie

If the site is not whitelisted, Noscript can handle this. It might also help to add user_pref("dom.disable_cookie_set",true); to your user.js. This should prevent that javascript can set cookies. But I don't know if it really helps against this new method - and it might break other sites.
by tlu
Sat Sep 04, 2010 3:25 pm
Forum: NoScript General
Topic: Viewing and logging blocked items
Replies: 24
Views: 8073

Re: Viewing and logging blocked items

This is a highly interesting and informative thread, indeed! And this is an opportunity to point out that jimoe's problem is probably common to particularly (but not only) Noscript newbies. I guess for many NS users it's hard to tell what exactly is responsible if something doesn't work as expected:...
by tlu
Sat Sep 04, 2010 2:36 pm
Forum: NoScript Development
Topic: [DONE] Feature Request: Single Click to Allow Script
Replies: 14
Views: 4199

Re: Feature Request: Single Click to Allow Script

Giorgio Maone wrote:Done in latest development build :)


Great! Thanks, Giorgio :D
by tlu
Sun Aug 29, 2010 3:38 pm
Forum: NoScript General
Topic: Firefox Vunerability - Highly Critical - How can N.S help?
Replies: 11
Views: 2860

Re: Firefox Vunerability - Highly Critical - How can N.S hel

therube wrote:(tlu, are you the tlu of SuRun, SUDO?)

I confess :lol:
by tlu
Sun Aug 29, 2010 12:07 pm
Forum: NoScript General
Topic: Firefox Vunerability - Highly Critical - How can N.S help?
Replies: 11
Views: 2860

Re: Firefox Vunerability - Highly Critical - How can N.S hel

A general solution against this type of attack is presented here. The same can be accomplished with Applocker instead of SRP.