InformAction Forums

11.0.39rc6 on linux. Can't reproduce the original bug with any config, so not able to say anything about how the fix handles that, BUT... While changing permissions on any file, the permissions are not always actually changed after the reload. This would appear to be caused by the onBeforeUnload not...

Can confirm. Problem is in Policy.js: Sites.parse() let path = url.pathname; siteKey = url.origin; if (siteKey === "null") { siteKey = site; } else if (path !== '/') { siteKey += path; } Since origin is null for file:, the fragment (hash) ends up in the siteKey and the url is not matched. It looks l...

Looks good now. Thanks!

Synchronous XHR suspends the current JS execution flow by pushing the current state into a kind of stack. Oh, I knew about that. Should have realized it would be a problem. :oops: Why does NoScript need to do any suspending at all in Firefox? Also "Disable restrictions for this tab" relies on this ...

Of course there is another problem with the above. <html onclick="console.log('CLICK')"></html> Any event attribute in element that gets parsed before the CSP is inserted, is not blocked. For documentElement (<html>) this happens by default as it exists already when contentscripts run. However, remo...

Problem with 11.0.37 Since no more beforescriptexecute safety net, the script in the next sample will not be blocked on file: protocol. Does not appear to cause problems on http:. <html> <head> <script src="notblocked.js"></script> </head> <body></body> </html> After doing some testing, it looks lik...

Did some testing and it seems to be related to the issue at hand. This here script will sometimes (rarely, maybe 1 out of 20 reloads) produce the "sendSyncMessage deferring", but the deferred script is not executed on .35rc4. On .36rc1 it is executed, but onload listeners do not work. // Environment...

How about setting the permissions as Temp.TRUSTED and using "Revoke Temporary Permissions" button to clear them?

Oh. I see. So noscript tags are put in the head like I said, BUT if scripts are disabled and the noscript tag contains stuff that doesn't belong to the head, Firefox moves it to the body. Interesting. Consider this case: <!DOCTYPE html> <html> <head> <noscript> <style>body {background-color:red}</st...

Can confirm the steps do cause both blindspot.fandom.com and wikia.nocookie.net to appear as CUSTOM. But like therube noted, they only appear so. If the options page is refreshed, both are back to TRUSTED. Additional things: Right after the permissions change to CUSTOM: 1. If the wikia.nocookie.net ...

<noscript> is a valid tag for head and since you didn't specify where it goes, Firefox guessed head.

Noscript on the other hand does not care where the <noscript> is and converts all of them to <span>. For head it does not make much sense, but doesn't seem to break anything.

Bookmarklets are (partially) broken pre FF 69. They work now with some limitations.

More info:
https://bugzilla.mozilla.org/show_bug.cgi?id=866522
https://bugzilla.mozilla.org/show_bug.cgi?id=1478037

(CSP is what NoScript uses to block javascript.)

No apparent problem here. Need to enable following permissions: dailyfx.com scripts c-dn.net scripts s3.amazonaws.com scripts tradingview.com scripts, frames Though note that this is bare minimum to get the chart showing. Additional permissions might be required for other features.

Can confirm. Couple more test cases: https://www.mediaevent.de/font-in-css-einbetten/ - If the large "Pacifico" text (scroll down to midway of the page) is in beautiful cursive, the data-fonts are not blocked. https://yle.fi/uutiset - If the blue nav-bar on top of the page has "location marker" on t...

1 & 2: Allowing domains per site basis is a planned feature in the next major overhaul. https://forums.informaction.com/viewtopic.php?p=101356#p101356 Not sure if you can automatically allow everything for a site though. 3: This is possible but not through the popup. You need to manually find the pa...