NoScript UI Design proposals

[jawz101]

I've given this a few tries, but I am still totally confused.

script object media frame font webgl fetch other

The heck is a user supposed to do with all that?

I think those various things are way too much for anyone to manage regularly.

I think this may help explain the new options. Take a look at this screen from the old NoScript:
https://noscript.net/noscript/screensho ... ddings.png

These options used to be tucked away in the Options | Embeddings screen. Instead of setting these options to block additional page content for all sites, the new way lets you pick which elements are blocked per-domain.

So, if you didn't want to see fonts from fonts.google.com but allow fonts for fonts.notAnAdvertisingCompany.com, you could create a Custom policy that allows fonts for fonts.notAnAdvertisingCompany.com.

What is confusing is currently you can toggle the options for Default, Trusted, and Untrusted items on every domain line when these would really apply on all domains since they are global prefs. Only Custom should have these options on this screen and put the Default, Trusted, and Untrusted sections on the Global Options screen (the screen that comes up when you click the icon in the upper-right corner.)

Script: javascript
Object: a way to embed stuff into a web page (audio, video, Java applets, ActiveX, PDF, and Flash)
Media: audio/video feeds
Frame: HTML Frames are these sorts squares on a web page that are content from another web page https://www.w3schools.com/html/html_iframe.asp
Font: when sites download their own fonts to Beautify the Web https://fonts.google.com
webgl: a graphical animation web technology. Here's some webgl examples https://experiments.withgoogle.com/chrome?tag=WebGL
fetch: a way to pull stuff down to load a web page. It's like the most generic thing that could be blocked or allowed from a domain.
other: I guess other random junk


I would say it's a more advanced way to block if you want to fine-tune how much additional content you want to block besides just being a javascript blocker. We've always had these preferences, they were just tucked away and didn't let you edit them per-site. That's why I wanted to tuck them away for the Default, Trusted, and Untrusted options because those 3 options would toggle it for all Default, Trusted, and Untrusted domains.


Does that help?

[oldetyme1]

Does that help?

Yes and no, but thank you for the detailed response!

Yes, in that it helps explain that such options were there before (which, I knew about) but no in that it's still very murky as to how, where, and to what they are all actually applied in the new interface.

The interface is still very, very confusing as to what it's doing.

Temp allow a top level domain, then it defaults to temp allowing a subdomain, and then after selecting the noscript icon a 3rd time to check again, it loads a bunch of other things (much more slowly than previous versions, it seems). I should still have to allow a sub-domain to run scripts (etc.), yes?
Then, when checking "default" on all other related sites that try to run a script, again, under "default" it is showing "allow" (or, whatever you allowed on the TLD / Custom / ...wherever it's getting its ideas from...)

How that is possible, I'd really like to know. It really, really doesn't make any sense, and doesn't seem like it's actually working the way that it should, at all.

Example: go to godaddy.com, custom allow scripts. It reloads. gui.godaddy.com is allowed (what?).
All other "defaults" show scripting allowed. But, are they? Are they not? Do I have to disable each one?

If you don't see what I'm getting at, I'd be glad to share some images.

edit: further, if opening a new tab, settings there for unrelated domains affect the defaults of temp allow / untrusted. It does not seem to handle multiple sites at all. It's re-dis-allowing things based on ...something... and I have no idea why. Example, open up 2nd tab, go to this forum (https://forums.informaction.com) - by default, it's "default" is allow to run scripts. ??? ... Am I doing something wrong?

[jawz101]

The other thing that's confusing is the add-on current behaves as if the checkbox next to Full Domains (www.noscript.net) on this screen was checked. I usually left it unchecked because I typically blocked at the base domain level and didn't get too granular to pick apart how much of a domain I wanted to allow/deny.

I agree with the reset to default. On the global options screen I was able to put gibberish in as a web address ( I just typed a letter "a" and hit the plus sign) and it added it. The prefs no longer are stored in about:config screen as it used to be. Now it looks like they're stored in a table in a sqlite database named storage-sync.sqlite within your profile folder along with any other extensions that save that way. A reset or delete/edit buttons would need to make queries to that database file for it to do that stuff. I assume that will come later.

I assume, as is, this is like seeing a skeleton of what the add-on features are and eventually, once all of the features are programmed, Giorgio will circle back around to the design and look to us for suggestions in the meantime. That's why I wanted to put this out there.

Some things as far as the traditional look menus that cascadeout can't be done in a webextension - I don't think- so you have to do things like a collapsible menu instead. But I have no idea. I just haven't seen any WebExtensions out there use a cascading menu which would give us some of that old look-and-feel of a menu item saying Untrusted and all of the stuff you marked untrusted are shown in a submenu out to the side.

[bizaff]

I very much agree with most of jawz101's mock up of the interface.

Being able to change the global enables under each site is very counter-intuitive. I'd prefer the option of showing them but having them all grayed out, and only modifying on the main options page.

Better yet, have an option to show all 8 selections for all sites in the main dialog and gray them out for everything except custom.

I also like the ideas in https://forums.informaction.com/viewtop ... 522#p91522 It seems like many people are assuming default is the same as block or untrusted which may not fit everyone - I think there should be both default and untrusted.

Maybe add a small pushpin sub-icon to trusted and custom to signify temporary/permanent? I like the clock style sub-icon, but it just doesn't quite communicate everything clearly.

Another thing that may help is to have temporary/permanently dismissable verbose tool-tips to educate people on how things work the first time, which then change to the simple tool-tips that are there.