Page 2 of 3
Re: Localization NS 10
Posted: Thu Mar 14, 2019 10:02 am
by fatboy
v 10.2.2rc3, Fx ESR60
I would like to see as warning looks:
"This cross-site request could not be scanned for XSS.
It might be innocuous… "
Maybe there is a page like
https://noscript.net/%3Cscript%3E ?
v 10.2.2rc3, TBB 8.0.6
Where should this text be?
"Override Tor Browser's Security Level preset"
Re: Localization NS 10
Posted: Thu Mar 14, 2019 10:00 pm
by Giorgio Maone
fatboy wrote: ↑Thu Mar 14, 2019 10:02 am
v 10.2.2rc3, Fx ESR60
I would like to see as warning looks:
"This cross-site request could not be scanned for XSS.
It might be innocuous… "
Maybe there is a page like
https://noscript.net/%3Cscript%3E ?
In order to see that you need to (temporarily!) uncheck
NopScript Options>Advanced>Scan uploads for potential cross-site attacks and check
NopScript Options>Advanced>Ask confirmation for cross-site POST requests which could not be scanned.
Also you need
a POST form which as an action attribute pointing to a different domain, and the latter (forums.informaction.com, in this test page) must be set up to run JavaScript (either TRUSTED or by other, even temporary, means), because this is meant as a fallback XSS mitigation.
The rationale behind these (hopefully temporary) work-around options is
this issue
fatboy wrote: ↑Thu Mar 14, 2019 10:02 am
v 10.2.2rc3, TBB 8.0.6
Where should this text be?
"Override Tor Browser's Security Level preset"
On the same Options tab, but you need
an 8.0.7 build.
Re: Localization NS 10
Posted: Fri Mar 15, 2019 9:05 am
by fatboy
Thanks a lot!
Re: Localization NS 10
Posted: Wed Jul 24, 2019 9:01 am
by fatboy
NS 11.0.2rc1:
1. + Added "Collapse blocked objects" option in Blocked Objects prompt.
messages.json:
"BlockedObjects": {
"message": "NoScript Blocked\u00A0Objects"
Here is an
example of a blocked <MEDIA>. Where can I see this notification?
2. messages.json:
"allowGlobal": {
"message": "Disable all the permissions checks (dangerous)"
Means "access rights to some data"? Where can i see what this looks like?
Fx 60.2.0esr, TBB 8.5.4 (Security "Safer" (the placeholder of the blocked <MEDIA> is visible)).
Re: Localization NS 10
Posted: Wed Jul 24, 2019 2:11 pm
by barbaz
fatboy wrote: ↑Wed Jul 24, 2019 9:01 am
NS 11.0.2rc1:
1. + Added "Collapse blocked objects" option in Blocked Objects prompt.
messages.json:
"BlockedObjects": {
"message": "NoScript Blocked\u00A0Objects"
Here is an
example of a blocked <MEDIA>. Where can I see this notification?
visit
https://www.w3schools.com/html/html5_video.asp (with w3schools set to Default)
Click the placeholder for the video, you should get a dialog prompting you what to do
I think that string is the title of the dialog, as displayed within the dialog.
Re: Localization NS 10
Posted: Wed Jul 24, 2019 5:49 pm
by fatboy
Thank you very much! The first question is clear.
Re: Localization NS 10
Posted: Tue Aug 20, 2019 9:50 am
by fatboy
@Giorgio
anm spoils the translation again:
Line 22 - NoScript Blocked Object — NoScript заблокировал объектов
http://ipic.su/img/img7/fs/2019-08-20_0 ... 292042.png
He didn't even see what it looked like. He thinks that there should be a number of blocked objects: NoScript Blocked 42 Object.
Besides, he writes with errors:
Line 160 - Дез
ынфицировать этот запрос.
The second time I ask you to remove it.
Re: Localization NS 10
Posted: Wed Jan 08, 2020 3:28 pm
by fatboy
Now he's translated "ping" into Russian!
Giorgio, do something.
Re: Localization NS 10
Posted: Tue Aug 18, 2020 6:04 pm
by fatboy
11.0.39rc4
"OptAmnesticUpdates": {
"message": "Always forget temporary permissions across NoScript updates immediately, even if the browsers is not restarted"
},
Maybe "Always forget temporary permissions across NoScript
autoupdates…"
(
… the above happen exclusively in case of an automatic upgrade of the extension, and not in any other case of extension reload.)
Re: Localization NS 10
Posted: Tue Aug 18, 2020 6:06 pm
by barbaz
fatboy wrote: ↑Tue Aug 18, 2020 6:04 pm
11.0.39rc4
"OptAmnesticUpdates": {
"message": "Always forget temporary permissions across NoScript updates immediately, even if the browsers is not restarted"
},
Maybe "Always forget temporary permissions across NoScript
autoupdates…"
No.
Re: Localization NS 10
Posted: Tue Aug 18, 2020 6:23 pm
by fatboy
Why not?
"It matters because automatic restartless updates are IMHO the only case justifying such a measure, in order to minimize the disruption caused by a sudden, stealthy and unintended change in the permissions out of user's control (again, see my last point above)."
Re: Localization NS 10
Posted: Tue Aug 18, 2020 6:28 pm
by Giorgio Maone
fatboy wrote: ↑Tue Aug 18, 2020 6:23 pm
Why not?
On the other hand, after some more testing, it seems that unfortunately the WebExtensions API does not dicriminate a "drag & drop" update from an automatic one.
Also, I've just accepted and committed another change to that message poposed by Musonius at the (current) end of that thread.
Re: Localization NS 10
Posted: Wed Aug 10, 2022 6:33 am
by fatboy
Good afternoon!
On which pages can I see how "Cross-tab identity leak protection" works?
Re: Localization NS 10
Posted: Wed Aug 10, 2022 6:44 am
by Giorgio Maone
Follow these steps:
- Open a private browsing window
- Open https://chrome.google.com/ and login with any Google account
- Open https://noscript.net/getit, be sure that it is JavaScript-enabled and then click the "latest stable for Chrome" link/image
- A warning prompt should be shown (for a false positive, in this case)
More strings in NoScript Options>Advanced.
Thank you!
Re: Localization NS 10
Posted: Wed Aug 10, 2022 7:45 am
by fatboy
Thank you.
"Decisions" are not displayed anywhere and ALL are reset if you click "Forget decisions"?
Maybe name the button "Forget decisions (anonymously/normally)"?
It seems to me that now the expected action is to switch to "Enabled in Private Browsing only" if something else was selected.