noscript.allowedmimeregexp allows all objects

access2godzilla · Post by **access2godzilla** » Mon Oct 20, 2014 6:19 pm

I have added the following to noscript.allowedmimeregexp:

*@http://127\.0\.0\.1

This is allowing all objects to be loaded, whether trusted or untrusted, despite these being blocked in Noscript Options>Embeddings. I also have "apply restrictions to whitelisted sites" turned on.

Running NS 2.6.9.2 on PaleMoon 25.0.1 (ignore the UA string below).

Post by **barbaz** » Mon Oct 20, 2014 7:12 pm

If 127.0.0.1 isn't explicitly marked as Untrusted, isn't that the intended behavior? Or are you saying that allows all embeddings on *other* sites and not just 127.0.0.1?

access2godzilla · Post by **access2godzilla** » Tue Oct 21, 2014 1:51 am

It allows all embeddings on *other* sites, not just 127.0.0.1.

access2godzilla · Post by **access2godzilla** » Thu Oct 23, 2014 12:57 am

It seems that Noscript gets confused about the domains when set to allowed from *@location but not from {content-type}@location.

Confirming that this is a Noscript problem; it also happens with other browsers like Seamonkey too.

Post by **Giorgio Maone** » Thu Oct 23, 2014 10:58 am

access2godzilla wrote:It seems that Noscript gets confused about the domains when set to allowed from *@location but not from {content-type}@location.

Confirming that this is a Noscript problem; it also happens with other browsers like Seamonkey too.

Code: Select all

*@location

is not a valid regular expression.
The bug, if any, is NoScript falling back to (?:) (which matches anything), rather than a match-nothing expression.
Anyway, for your purpose the correct expression would likely be

Code: Select all

.*?@127\.0\.0\.1

InformAction Forums

noscript.allowedmimeregexp allows all objects

noscript.allowedmimeregexp allows all objects

Re: noscript.allowedmimeregexp allows all objects

Re: noscript.allowedmimeregexp allows all objects

Re: noscript.allowedmimeregexp allows all objects

Re: noscript.allowedmimeregexp allows all objects