Highlighting in the yellow box

Ask for help about NoScript, no registration needed to post
lancelot

Highlighting in the yellow box

Post by lancelot » Sun Dec 24, 2017 7:02 pm

Sorry if this has already been asked before. In the yellow box, some entries are highlighted:

Image

What is the meaning of the darker pink boxes? Does it show what types of content NoScript has detected coming from that source?
Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:57.0) Gecko/20100101 Firefox/57.0

daniel4859

Re: Highlighting in the yellow box

Post by daniel4859 » Sun Dec 24, 2017 7:32 pm

Hello. Thank You very much, lancelot. I wanted to ask a question about exactly the same thing. It's very interesting. I wonder if it has any meaning important to users etc.

Thanks.
Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:52.0) Gecko/20100101 Firefox/52.0

User avatar
Giorgio Maone
Site Admin
Posts: 8697
Joined: Wed Mar 18, 2009 11:22 pm
Location: Palermo - Italy
Contact:

Re: Highlighting in the yellow box

Post by Giorgio Maone » Mon Dec 25, 2017 9:44 am

The red highlighting means that attempts to use that capability have been detected in the page, therefore they're more likely than others to be needed for the page to work fully as intended by its authors.

Also please notice that, unless you want to radically change the way NoScript operates by default (e.g. because you want it to allow more on "new" site, and restrict those you don't like afterwards using UNTRUSTED, i.e. implementing a blacklisting mode opposite to the "normal" whitelisting mode), you'll better not touch the presets and customize only the CUSTOM permissions.
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:57.0) Gecko/20100101 Firefox/57.0

daniel4859

Re: Highlighting in the yellow box

Post by daniel4859 » Mon Dec 25, 2017 5:47 pm

Hello. Mr Maone, thanks for an answer. So, it's better to use a "CUSTOM" to modify options, instead of "TRUSTED"? I'm asking, because if I trust some website, I choose "TRUSTED" (however, I remove some options, such as: media, font and webgl) -- I noticed, that for most cases script is needed.

Generally, what are You suggesting? What is the best method to use NoScript v10? I know, that users can deploy something You have mentioned: "implementing a blacklisting mode opposite to the "normal" whitelisting mode". Does "my method" mentioned above (using "TRUSTED" without some options) is OK?

By the way; is it normal, that after installing NoScript from your website (a development version), it is no longer possible to update NoScript via "Tools > Addons > find updates"? I am asking, because I'd experienced such a situation. I had to install NoScript v10.1.6.1 from the addons.mozilla website (there was an information about various things, such as needed access etc.)

Thanks.
Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:52.0) Gecko/20100101 Firefox/52.0

Tomatix
Senior Member
Posts: 60
Joined: Tue Dec 05, 2017 3:05 pm

Re: Highlighting in the yellow box

Post by Tomatix » Mon Dec 25, 2017 7:01 pm

daniel4859 wrote:Hello. Mr Maone, thanks for an answer. So, it's better to use a "CUSTOM" to modify options, instead of "TRUSTED"? I'm asking, because if I trust some website, I choose "TRUSTED" (however, I remove some options, such as: media, font and webgl) -- I noticed, that for most cases script is needed.

Generally, what are You suggesting? What is the best method to use NoScript v10? I know, that users can deploy something You have mentioned: "implementing a blacklisting mode opposite to the "normal" whitelisting mode". Does "my method" mentioned above (using "TRUSTED" without some options) is OK?
I recommend you to read https://hackademix.net/2017/12/04/noscr ... utshell-2/
daniel4859 wrote: By the way; is it normal, that after installing NoScript from your website (a development version), it is no longer possible to update NoScript via "Tools > Addons > find updates"? I am asking, because I'd experienced such a situation. I had to install NoScript v10.1.6.1 from the addons.mozilla website (there was an information about various things, such as needed access etc.)
Sounds normal to me.
Last edited by Tomatix on Mon Dec 25, 2017 7:34 pm, edited 1 time in total.
Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:57.0) Gecko/20100101 Firefox/57.0

Tomatix
Senior Member
Posts: 60
Joined: Tue Dec 05, 2017 3:05 pm

Re: Highlighting in the yellow box

Post by Tomatix » Mon Dec 25, 2017 7:19 pm

@Giorgio In my opinion the global presets settings should be removed or made read-only in the domains list. It seems to be too confusing and I also don't see actual benefits from having it there.

Edit: clearer wording
Last edited by Tomatix on Tue Dec 26, 2017 10:43 pm, edited 1 time in total.
Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:57.0) Gecko/20100101 Firefox/57.0

Guest

Re: Highlighting in the yellow box

Post by Guest » Tue Dec 26, 2017 12:52 pm

I totally agree that the possibility of changing these fundamental settings here is very confusing and dangerous too. This highlighting thing is quite interesting but causes even more puzzlement when on default bar: you automatically want to tick this option and so it is on everywhere without you noticing anything. Maybe this highlighting could left there but not possibility of changing options.
Of course knowing what the blocked sites want is quite useful (* on custom bar and maybe it would be wise to let the option boxes only there.

*) But not without danger either: As far as I understand ticking an option on Custom bar leaves that option on everywhere for that particular site. Would be nice if this custom setting affects only on page where you were. But I think I remeber that somebody told somewehre else that this is not good idea?

BTW. It would be nice to have some agreement about terminology concerning these menus and things.
Mozilla/5.0 (Windows NT 6.1; rv:57.0) Gecko/20100101 Firefox/57.0

bo elam
Senior Member
Posts: 188
Joined: Sat Oct 14, 2017 2:25 am

Re: Highlighting in the yellow box

Post by bo elam » Tue Dec 26, 2017 10:07 pm

daniel4859 wrote:Hello. Mr Maone, thanks for an answer. So, it's better to use a "CUSTOM" to modify options, instead of "TRUSTED"? I'm asking, because if I trust some website, I choose "TRUSTED" (however, I remove some options, such as: media, font and webgl) -- I noticed, that for most cases script is needed.

Generally, what are You suggesting? What is the best method to use NoScript v10? I know, that users can deploy something You have mentioned: "implementing a blacklisting mode opposite to the "normal" whitelisting mode". Does "my method" mentioned above (using "TRUSTED" without some options) is OK?
I think basically what Giorgio was saying is that it is better to set global presets and let them be, dont keep changing them. And whenever you want to do something different with a particular domain, that would be the time to use the Custom preset.
daniel4859 wrote: By the way; is it normal, that after installing NoScript from your website (a development version), it is no longer possible to update NoScript via "Tools > Addons > find updates"? I am asking, because I'd experienced such a situation. I had to install NoScript v10.1.6.1 from the addons.mozilla website (there was an information about various things, such as needed access etc.)
With version 10, I have been using most of the time the beta. If you are using a beta, the updater from within Firefox will inform you when a new beta is out. If you are using the regular stable version of NoScript, the updater informs you when a new stable version has been released.

Bo
Last edited by bo elam on Tue Dec 26, 2017 10:25 pm, edited 1 time in total.
Mozilla/5.0 (Windows NT 10.0; WOW64; rv:57.0) Gecko/20100101 Firefox/57.0

bo elam
Senior Member
Posts: 188
Joined: Sat Oct 14, 2017 2:25 am

Re: Highlighting in the yellow box

Post by bo elam » Tue Dec 26, 2017 10:15 pm

Tomatix wrote:@Giorgio In my opinion global settings should be removed or made read-only in the domains list. It seems to be too confusing and I also don't see actual benefits from having it there.
I tell you a huge benefit of having the list. Before, in version 5, we couldnt see the list of Untrusted domains. It was very hard to monitor Untrusted domains and make changes as there was no list of Untrusted domains in the UI. To see it, you had to open the NoScript config text file, go to the bottom, and look at it. It was difficult to keep track of what you had in there. Now, its easy to monitor, and delete domains if you want. Or add. In my opinion, having the list of all domains in NoScript Options, all together, is an improvement.

Bo
Mozilla/5.0 (Windows NT 10.0; WOW64; rv:57.0) Gecko/20100101 Firefox/57.0

Tomatix
Senior Member
Posts: 60
Joined: Tue Dec 05, 2017 3:05 pm

Re: Highlighting in the yellow box

Post by Tomatix » Tue Dec 26, 2017 10:32 pm

bo elam wrote:
Tomatix wrote:@Giorgio In my opinion global settings should be removed or made read-only in the domains list. It seems to be too confusing and I also don't see actual benefits from having it there.
I tell you a huge benefit of having the list. Before, in version 5, we couldnt see the list of Untrusted domains. It was very hard to monitor Untrusted domains and make changes as there was no list of Untrusted domains in the UI. To see it, you had to open the NoScript config text file, go to the bottom, and look at it. It was difficult to keep track of what you had in there. Now, its easy to monitor, and delete domains if you want. Or add. In my opinion, having the list of all domains in NoScript Options, all together, is an improvement.

Bo
I have absolutely nothing against the lists. I think you misunderstood the post.
Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:57.0) Gecko/20100101 Firefox/57.0

Tomatix
Senior Member
Posts: 60
Joined: Tue Dec 05, 2017 3:05 pm

Re: Highlighting in the yellow box

Post by Tomatix » Tue Dec 26, 2017 10:55 pm

Guest wrote:I totally agree that the possibility of changing these fundamental settings here is very confusing and dangerous too. This highlighting thing is quite interesting but causes even more puzzlement when on default bar: you automatically want to tick this option and so it is on everywhere without you noticing anything. Maybe this highlighting could left there but not possibility of changing options.
Of course knowing what the blocked sites want is quite useful.
Agree to all these points of yours.
Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:57.0) Gecko/20100101 Firefox/57.0

bo elam
Senior Member
Posts: 188
Joined: Sat Oct 14, 2017 2:25 am

Re: Highlighting in the yellow box

Post by bo elam » Wed Dec 27, 2017 12:33 am

Tomatix wrote: I have absolutely nothing against the lists. I think you misunderstood the post.
OK, I see now, I guess you meant remove global settings from the NoScript menu.

FWIW, in my view, the menu and Settings are working out just fine the way they are.

Bo
Mozilla/5.0 (Windows NT 10.0; WOW64; rv:57.0) Gecko/20100101 Firefox/57.0

Pansa
Senior Member
Posts: 318
Joined: Fri Nov 24, 2017 10:30 pm

Re: Highlighting in the yellow box

Post by Pansa » Wed Dec 27, 2017 2:22 am

Tomatix wrote:@Giorgio In my opinion the global presets settings should be removed or made read-only in the domains list. It seems to be too confusing and I also don't see actual benefits from having it there.

Edit: clearer wording
I personally think it is only confusing if one doen't pay attention.

The new interface is a lot more consistent than it was before.
If you click on default, and set checkmarks, you have changed the default (which means it changes how ALL pages that have no specified rule)
If you click trusted, and set checkmarks, you have changed the setting for trusted domains (all trusted domains)

I could understand the confusion about why this wouldn't be domain specific if not for

If you click on custom and set checkmarks, it creates a CUSTOM rule for that domain only.

If default and trusted also created custom rules, why would there be a custom button?
Not to mention the general weirdness of having a list of things that show "default" or "trusted" but all having individual settings.

And as for removing the ability to change the presets:
You have been here for a bit. You might have noticed that people have VERY different ideas of how they want things to be. Having them fixed would just mean one group is getting it the way they like, and about five would be annoyed.
Some of us have default empty (thus rendering the untrusted set moot). Some people really like the pre-installed settings. Some even have default "allow everything" and just untrust the pages they dislike (therefore rendering the trusted set moot)
Some prefer "trusted" to be still limited, and only give unlimited access to specific sites they push into custom.

I don't think removing that functionality for the benefit of users who don't read or think about what the UI tells them nor (in case of confusion) apply a bit of try and error is the right thing to do.
Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:57.0) Gecko/20100101 Firefox/57.0

Quest

Re: Highlighting in the yellow box

Post by Quest » Wed Dec 27, 2017 8:12 pm

bo elam wrote: I guess you meant remove global settings from the NoScript menu.
FWIW, in my view, the menu and Settings are working out just fine the way they are.
Bo
You mean it's OK to change the Default settings in that yellow box where you can do it easily by mistake?
I believed that you only need to do it once or twice in your lifetime. So why leave such a pitfall in a safety program?
Mozilla/5.0 (Windows NT 6.1; rv:57.0) Gecko/20100101 Firefox/57.0

Pansa
Senior Member
Posts: 318
Joined: Fri Nov 24, 2017 10:30 pm

Re: Highlighting in the yellow box

Post by Pansa » Wed Dec 27, 2017 9:20 pm

Quest wrote:
bo elam wrote: I guess you meant remove global settings from the NoScript menu.
FWIW, in my view, the menu and Settings are working out just fine the way they are.
Bo
You mean it's OK to change the Default settings in that yellow box where you can do it easily by mistake?
I believed that you only need to do it once or twice in your lifetime. So why leave such a pitfall in a safety program?
Because sometimes you sacrifice blatant user error to actually consistency in the interface.
Not to mention that the worst thing that happens is your Firefox behaving as it does without NS.

And linguistically that's where these settings belong, when at the same place in custom you are supposed to set THOSE.
A counterargument are the disabled checkboxes for "script" in trusted and the ones under untrusted, but I personally like the compact "putting the options near the choices" instead of hiding them somewhere completely else in an option tree.

While it may be rare to change them, it currently is a good practice to keep checking on them semi frequently.
Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:57.0) Gecko/20100101 Firefox/57.0

Post Reply