Allow HTTPS scripts globally on HTTPS documents

Bug reports and enhancement requests
Post Reply
hake
Posts: 3
Joined: Fri Jan 16, 2015 11:32 am

Allow HTTPS scripts globally on HTTPS documents

Post by hake »

This 'advanced' feature of NoScript version 5 is very valuable and I use it with Firefox ESR 45.9 and 52.9 with Windows XP. I can browse without the possibility of an HTTP script executing. Unfortunately NoScript 10 lacks this feature and NoScript 5 is incompatible with Firefox Quantum. I realised this lack of functionality when I exported the NoScript configuration file to NoScript 10. I would wish to be able to set an additional check box for 'Allow HTTPS scripts globally on HTTPS documents' in NoScript 10 defaults. The now nearly universal adoption of HTTPS by websites makes this highly desirable to avoid tripping over scam websites with dangerous scripts.

It would be much appreciated if this functionality could be restored to NoScript 10.
Mozilla/5.0 (Windows NT 5.1; rv:45.0) Gecko/20100101 Firefox/45.0
musonius
Master Bug Buster
Posts: 203
Joined: Sun Jul 08, 2018 5:38 pm

Re: Allow HTTPS scripts globally on HTTPS documents

Post by musonius »

Well, you can do that, if you want. Just add "http:" in the site permissions tab (with a red padlock) and set it to UNTRUSTED. Yes indeed, it's just as simple as that.

Do you want to allow first party HTTPS only or third party HTTPS as well?

In the first case configure the DEFAULT preset as you like it for the third party and check the checkbox "Temporary set top-level sites to TRUSTED".

In the second case just allow JavaScript in the DEFAULT preset.
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:63.0) Gecko/20100101 Firefox/63.0
hake
Posts: 3
Joined: Fri Jan 16, 2015 11:32 am

Re: Allow HTTPS scripts globally on HTTPS documents

Post by hake »

Thank you musonius. I would never have guessed that. Your greater knowledge is much appreciated. I will try it tomorrow. 8-)
Mozilla/5.0 (Windows NT 5.1; rv:45.0) Gecko/20100101 Firefox/45.0
hake
Posts: 3
Joined: Fri Jan 16, 2015 11:32 am

Re: Allow HTTPS scripts globally on HTTPS documents

Post by hake »

Thank you again musonius. Your post was the key which unlocked my understanding of NoScript 10. I am now achieving my security aims with Firefox Quantum and NoScript. HTTPS Everywhere is also a component in my schemings. The two extensions do complement each other.
Mozilla/5.0 (Windows NT 5.1; rv:45.0) Gecko/20100101 Firefox/45.0
musonius
Master Bug Buster
Posts: 203
Joined: Sun Jul 08, 2018 5:38 pm

Re: Allow HTTPS scripts globally on HTTPS documents

Post by musonius »

You're welcome! This, unfortunately, is no well documented feature, but it is used by the Tor Browser in the safer configuration and that's why I know it. I have set "http:" to UNTRUSTED myself and the possibility to do so is a major reason why I prefer NoScript to other blockers. As far as I know, no other blocker makes that possible. It is reasonable to allow HTTP less than HTTPS as default.
Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:60.0) Gecko/20100101 Firefox/60.0
Post Reply