Granularity of Temporarily set top-level sites to TRUSTED

Bug reports and enhancement requests
Post Reply
tancrackers
Posts: 10
Joined: Thu Mar 17, 2016 11:56 am

Granularity of Temporarily set top-level sites to TRUSTED

Post by tancrackers » Wed Mar 28, 2018 3:52 am

I have checked off: Temporarily set top-level sites to TRUSTED

This should allow the top-level domains, which it does, but I noticed some sites here and there suffer from a bug. Some sites have two domains with the same name, but not both are honored by the Trusted permission.
If we have a site www.example.com we might have:
...example.com
and
http://www.example.com

One of these will be Trusted by NoScript, but the other will not. To me, both should be Trusted by NoScript since they're the same site IMO.

Example site:
http://www.city-data.com/

Temp trusted: http://www.city-data.com

Set to Default: …city-data.com

I have encountered a bunch of sites where this happens. I will supply a list if you want.

Here are my specs:
NoScript Version: 10.1.7.5
Firefox: 59.0.2 x64 on Windows 10
Last edited by barbaz on Fri Mar 30, 2018 1:39 am, edited 2 times in total.
Reason: more descriptive title
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:59.0) Gecko/20100101 Firefox/59.0

barbaz
Senior Member
Posts: 9678
Joined: Sat Aug 03, 2013 5:45 pm

Re: Top-level domains not working properly

Post by barbaz » Wed Mar 28, 2018 3:59 am

That's expected behavior. http://www.city-data.com is a subset of ...city-data.com, trusting the former should *not* automatically trust the latter.
*Always* check the changelogs BEFORE updating that important software!
-

tancrackers
Posts: 10
Joined: Thu Mar 17, 2016 11:56 am

Re: Top-level domains not working properly

Post by tancrackers » Wed Mar 28, 2018 4:02 am

barbaz wrote:That's expected behavior. http://www.city-data.com is a subset of ...city-data.com, trusting the former should *not* automatically trust the latter.
Is there a way to trust *.example.com then?
Last edited by barbaz on Wed Mar 28, 2018 6:54 am, edited 1 time in total.
Reason: kill board-generated link
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:59.0) Gecko/20100101 Firefox/59.0

barbaz
Senior Member
Posts: 9678
Joined: Sat Aug 03, 2013 5:45 pm

Re: Top-level domains not working properly

Post by barbaz » Wed Mar 28, 2018 6:55 am

"...example.com" trusts both "example.com" and *.example.com
*Always* check the changelogs BEFORE updating that important software!
-

tancrackers
Posts: 10
Joined: Thu Mar 17, 2016 11:56 am

Re: Top-level domains not working properly

Post by tancrackers » Wed Mar 28, 2018 2:02 pm

barbaz wrote:"...example.com" trusts both "example.com" and *.example.com
That's the way I wanted the feature to work. I never had a problem with NoScript before Firefox 57 with this.
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:59.0) Gecko/20100101 Firefox/59.0

barbaz
Senior Member
Posts: 9678
Joined: Sat Aug 03, 2013 5:45 pm

Re: Top-level domains not working properly

Post by barbaz » Wed Mar 28, 2018 3:49 pm

tancrackers wrote:
barbaz wrote:"...example.com" trusts both "example.com" and *.example.com
That's the way I wanted the feature to work. I never had a problem with NoScript before Firefox 57 with this.
So to be clear, does it work that way for you or not?
*Always* check the changelogs BEFORE updating that important software!
-

User avatar
Giorgio Maone
Site Admin
Posts: 8954
Joined: Wed Mar 18, 2009 11:22 pm
Location: Palermo - Italy
Contact:

Re: Top-level domains not working properly

Post by Giorgio Maone » Wed Mar 28, 2018 4:47 pm

Notice also that if the lock icon is closed and green, only the HTTPS (secure) version of the site(s) will be trusted, so https://www.city-data.com will work but http://www.city-data.com won't.
For ...citydata.com to match http://www.city-data.com you'll net to set the lock icon to open/red.
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:59.0) Gecko/20100101 Firefox/59.0

tancrackers
Posts: 10
Joined: Thu Mar 17, 2016 11:56 am

Re: Top-level domains not working properly

Post by tancrackers » Wed Mar 28, 2018 5:35 pm

barbaz wrote:
tancrackers wrote:
barbaz wrote:"...example.com" trusts both "example.com" and *.example.com
That's the way I wanted the feature to work. I never had a problem with NoScript before Firefox 57 with this.
So to be clear, does it work that way for you or not?
It does not currently work the way that I was expecting.
Giorgio Maone wrote:Notice also that if the lock icon is closed and green, only the HTTPS (secure) version of the site(s) will be trusted, so https://www.city-data.com will work but http://www.city-data.com won't.
For ...citydata.com to match http://www.city-data.com you'll net to set the lock icon to open/red.
In my settings, they are both red.

Code: Select all

https://i.imgur.com/iNIlZrS.png
Forgive me if I misinterpreted the setting, but my thought was that the setting was that *.city-data.com would be matched as the top-level domain. Therefore, I wouldn't have to worry about whitelisting virtually every site that I would visit, the setting would just temporarily whitelist it automatically. In NoScript before Quantum, this is how it behaved for me. Now, this is not the case?

Essentially, one can look at ScriptSafe on Chrome. Their option: "Allow the same domain and subdomains" is more what I was looking for.
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:59.0) Gecko/20100101 Firefox/59.0

barbaz
Senior Member
Posts: 9678
Joined: Sat Aug 03, 2013 5:45 pm

Re: Top-level domains not working properly

Post by barbaz » Wed Mar 28, 2018 11:06 pm

I am sorry, I totally misunderstood the problem! Let me try to summarise it.

Current state: NoScript Options > General > "Temporarily set top-level sites to TRUSTED" sets full addresses to TRUSTED.

What you want: Ability to make that setting act on base 2nd-level domains instead of full addresses. i.e. a proper equivalent of NoScript Classic's "Temporarily allow top-level sites by default", where the granularity was configurable.

Do I have it right this time?
*Always* check the changelogs BEFORE updating that important software!
-

tancrackers
Posts: 10
Joined: Thu Mar 17, 2016 11:56 am

Re: Top-level domains not working properly

Post by tancrackers » Thu Mar 29, 2018 8:47 pm

barbaz wrote:I am sorry, I totally misunderstood the problem! Let me try to summarise it.

Current state: NoScript Options > General > "Temporarily set top-level sites to TRUSTED" sets full addresses to TRUSTED.

What you want: Ability to make that setting act on base 2nd-level domains instead of full addresses. i.e. a proper equivalent of NoScript Classic's "Temporarily allow top-level sites by default", where the granularity was configurable.

Do I have it right this time?
Yes! Exactly.
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:59.0) Gecko/20100101 Firefox/59.0

barbaz
Senior Member
Posts: 9678
Joined: Sat Aug 03, 2013 5:45 pm

Re: Granularity of Temporarily set top-level sites to TRUSTE

Post by barbaz » Fri Mar 30, 2018 1:40 am

Thanks for confirming. I've changed the thread title to better reflect the issue at hand.
*Always* check the changelogs BEFORE updating that important software!
-

tancrackers
Posts: 10
Joined: Thu Mar 17, 2016 11:56 am

Re: Granularity of Temporarily set top-level sites to TRUSTE

Post by tancrackers » Fri May 04, 2018 6:58 am

Is this a legitimate feature that would be considered for a future release?
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:59.0) Gecko/20100101 Firefox/59.0

Post Reply