Page 2 of 2

Re: Testers Wanted: NoScript UX Overhaul by Simply Secure

Posted: Thu Oct 03, 2019 5:59 pm
by jawz101
While we're at it, it would be nice to be able to block other 3rd party things even if a script what not referenced. I prefer uBlock Origin nowadays because I can block other items even when the domain does not have scripts. And prevent a bit more as well. I don't know if XHR's and websockets fall under 'other' but I like to know I can control them.

Code: Select all

font,third-party
object
other
websocket
xmlhttprequest,third-party

Re: Testers Wanted: NoScript UX Overhaul by Simply Secure

Posted: Thu Oct 03, 2019 9:35 pm
by barbaz
jawz101 wrote:
Thu Oct 03, 2019 5:59 pm
While we're at it, it would be nice to be able to block other 3rd party things even if a script what not referenced. I prefer uBlock Origin nowadays because I can block other items even when the domain does not have scripts. And prevent a bit more as well. I don't know if XHR's and websockets fall under 'other' but I like to know I can control them.
Image I don't understand what you're asking. NoScript popup should show all domains from which active content is loaded, regardless of whether it's a script or XHR or whatever. And you can already go into NoScript Options > Per-site Permissions, and manually enter a domain to be set as Untrusted.

Re: Testers Wanted: NoScript UX Overhaul by Simply Secure

Posted: Fri Oct 11, 2019 10:41 pm
by jawz101
barbaz wrote:
Thu Oct 03, 2019 9:35 pm
jawz101 wrote:
Thu Oct 03, 2019 5:59 pm
While we're at it, it would be nice to be able to block other 3rd party things even if a script what not referenced. I prefer uBlock Origin nowadays because I can block other items even when the domain does not have scripts. And prevent a bit more as well. I don't know if XHR's and websockets fall under 'other' but I like to know I can control them.
Image I don't understand what you're asking. NoScript popup should show all domains from which active content is loaded, regardless of whether it's a script or XHR or whatever. And you can already go into NoScript Options > Per-site Permissions, and manually enter a domain to be set as Untrusted.
Go to androidpolice.com in ffox/chrome with Developer Tools open and on the network tab.

search for fonts.googleapis.com or sort by domain and see if any other domains were connected to that were not listed on the NoScript list.

I notice it a lot when I look at the number of domains uBlock lists versus NoScript and uBlock seems to see more and block more pieces. I'm pretty sure NoScript only lists a domain if it includes a script.

Re: Testers Wanted: NoScript UX Overhaul by Simply Secure

Posted: Fri Oct 11, 2019 11:16 pm
by barbaz
jawz101 wrote:
Fri Oct 11, 2019 10:41 pm
Go to androidpolice.com in ffox/chrome with Developer Tools open and on the network tab.

search for fonts.googleapis.com or sort by domain and see if any other domains were connected to that were not listed on the NoScript list.
fonts.googleapis.com does not load any active content. It only loads a stylesheet. So it should not be listed in the NoScript menu, and indeed is not.

What I'm seeing is entirely expected behavior.

Blocking this stuff is outside the scope of NoScript, better to use uBlock Origin or µMatrix for that.