Page 2 of 3

Re: Localization NS 10

Posted: Thu Mar 14, 2019 10:02 am
by fatboy
v 10.2.2rc3, Fx ESR60
I would like to see as warning looks:
"This cross-site request could not be scanned for XSS.
It might be innocuous… "
Maybe there is a page like https://noscript.net/%3Cscript%3E ?

v 10.2.2rc3, TBB 8.0.6
Where should this text be?
"Override Tor Browser's Security Level preset"

Re: Localization NS 10

Posted: Thu Mar 14, 2019 10:00 pm
by Giorgio Maone
fatboy wrote: Thu Mar 14, 2019 10:02 am v 10.2.2rc3, Fx ESR60
I would like to see as warning looks:
"This cross-site request could not be scanned for XSS.
It might be innocuous… "
Maybe there is a page like https://noscript.net/%3Cscript%3E ?
In order to see that you need to (temporarily!) uncheck NopScript Options>Advanced>Scan uploads for potential cross-site attacks and check NopScript Options>Advanced>Ask confirmation for cross-site POST requests which could not be scanned.
Also you need a POST form which as an action attribute pointing to a different domain, and the latter (forums.informaction.com, in this test page) must be set up to run JavaScript (either TRUSTED or by other, even temporary, means), because this is meant as a fallback XSS mitigation.

The rationale behind these (hopefully temporary) work-around options is this issue
fatboy wrote: Thu Mar 14, 2019 10:02 am v 10.2.2rc3, TBB 8.0.6
Where should this text be?
"Override Tor Browser's Security Level preset"
On the same Options tab, but you need an 8.0.7 build.

Re: Localization NS 10

Posted: Fri Mar 15, 2019 9:05 am
by fatboy
Thanks a lot!

Re: Localization NS 10

Posted: Wed Jul 24, 2019 9:01 am
by fatboy
NS 11.0.2rc1:
1. + Added "Collapse blocked objects" option in Blocked Objects prompt.
messages.json:
"BlockedObjects": {
"message": "NoScript Blocked\u00A0Objects"
Here is an example of a blocked <MEDIA>. Where can I see this notification?

2. messages.json:
"allowGlobal": {
"message": "Disable all the permissions checks (dangerous)"
Means "access rights to some data"? Where can i see what this looks like?

Fx 60.2.0esr, TBB 8.5.4 (Security "Safer" (the placeholder of the blocked <MEDIA> is visible)).

Re: Localization NS 10

Posted: Wed Jul 24, 2019 2:11 pm
by barbaz
fatboy wrote: Wed Jul 24, 2019 9:01 am NS 11.0.2rc1:
1. + Added "Collapse blocked objects" option in Blocked Objects prompt.
messages.json:
"BlockedObjects": {
"message": "NoScript Blocked\u00A0Objects"
Here is an example of a blocked <MEDIA>. Where can I see this notification?
visit https://www.w3schools.com/html/html5_video.asp (with w3schools set to Default)
Click the placeholder for the video, you should get a dialog prompting you what to do
I think that string is the title of the dialog, as displayed within the dialog.

Re: Localization NS 10

Posted: Wed Jul 24, 2019 5:49 pm
by fatboy
Thank you very much! The first question is clear.

Re: Localization NS 10

Posted: Tue Aug 20, 2019 9:50 am
by fatboy
@Giorgio
anm spoils the translation again:
Line 22 - NoScript Blocked Object — NoScript заблокировал объектов
http://ipic.su/img/img7/fs/2019-08-20_0 ... 292042.png
He didn't even see what it looked like. He thinks that there should be a number of blocked objects: NoScript Blocked 42 Object.

Besides, he writes with errors:
Line 160 - Дезынфицировать этот запрос.

The second time I ask you to remove it.

Re: Localization NS 10

Posted: Wed Jan 08, 2020 3:28 pm
by fatboy
Now he's translated "ping" into Russian!
Giorgio, do something.

Re: Localization NS 10

Posted: Tue Aug 18, 2020 6:04 pm
by fatboy
11.0.39rc4
"OptAmnesticUpdates": {
"message": "Always forget temporary permissions across NoScript updates immediately, even if the browsers is not restarted"
},
Maybe "Always forget temporary permissions across NoScript autoupdates…"
(… the above happen exclusively in case of an automatic upgrade of the extension, and not in any other case of extension reload.)

Re: Localization NS 10

Posted: Tue Aug 18, 2020 6:06 pm
by barbaz
fatboy wrote: Tue Aug 18, 2020 6:04 pm 11.0.39rc4
"OptAmnesticUpdates": {
"message": "Always forget temporary permissions across NoScript updates immediately, even if the browsers is not restarted"
},
Maybe "Always forget temporary permissions across NoScript autoupdates…"
No.

Re: Localization NS 10

Posted: Tue Aug 18, 2020 6:23 pm
by fatboy
Why not?
"It matters because automatic restartless updates are IMHO the only case justifying such a measure, in order to minimize the disruption caused by a sudden, stealthy and unintended change in the permissions out of user's control (again, see my last point above)."

Re: Localization NS 10

Posted: Tue Aug 18, 2020 6:28 pm
by Giorgio Maone
fatboy wrote: Tue Aug 18, 2020 6:23 pm Why not?
On the other hand, after some more testing, it seems that unfortunately the WebExtensions API does not dicriminate a "drag & drop" update from an automatic one.

Also, I've just accepted and committed another change to that message poposed by Musonius at the (current) end of that thread.

Re: Localization NS 10

Posted: Wed Aug 10, 2022 6:33 am
by fatboy
Good afternoon!
On which pages can I see how "Cross-tab identity leak protection" works?

Re: Localization NS 10

Posted: Wed Aug 10, 2022 6:44 am
by Giorgio Maone
Follow these steps:
  1. Open a private browsing window
  2. Open https://chrome.google.com/ and login with any Google account
  3. Open https://noscript.net/getit, be sure that it is JavaScript-enabled and then click the "latest stable for Chrome" link/image
  4. A warning prompt should be shown (for a false positive, in this case)
More strings in NoScript Options>Advanced.

Thank you!

Re: Localization NS 10

Posted: Wed Aug 10, 2022 7:45 am
by fatboy
Thank you.
"Decisions" are not displayed anywhere and ALL are reset if you click "Forget decisions"?
Maybe name the button "Forget decisions (anonymously/normally)"?
It seems to me that now the expected action is to switch to "Enabled in Private Browsing only" if something else was selected.