GitHub wiki heading anchors

Ask for help about NoScript, no registration needed to post
Ralph Corderoy

GitHub wiki heading anchors

Post by Ralph Corderoy » Fri Jul 27, 2018 9:54 am

Hi, https://github.com/golang/go/wiki/CodeReviewComments is the example I'll use. It has a table of contents at the start. Each bullet item refers to an anchor. That anchor doesn't exist in the page, instead the anchor's id attribute has 'user-content-' prefixed at the start. I understand this is normal for GitHub wiki pages. With NoScript disabled for the tab, ToC items work, i.e. Firefox 61.0.1-1 scrolls to the heading.

However, with NoScript enabled it initially shows assets-cdn.github.com and github.com as Default. Clicking Custom shows Default is Frame + Fetch.

assets-cdn.github.com has Script with a muddy background so I change that to Custom and tick Script, unticking everything else. The page auto reloads, ToC still doesn't work.

github.com has no muddy backgrounds. assets-cdn.github.com still has mud for the still-ticked Script. No new domainname has appeared in the list. What's a user meant to do from here?

When I disable NoScript for the tab, api.github.com appears in the list, and www.google-analytics.com, so something is being blocked, despite the ticked Script.
Mozilla/5.0 (X11; Linux x86_64; rv:61.0) Gecko/20100101 Firefox/61.0

User avatar
Giorgio Maone
Site Admin
Posts: 8957
Joined: Wed Mar 18, 2009 11:22 pm
Location: Palermo - Italy
Contact:

Re: GitHub wiki heading anchors

Post by Giorgio Maone » Fri Jul 27, 2018 10:27 am

I assume you've got the Appearance/List full addresses [...] option checked, and you're trying to achieve the maximum possible granularity correct?
Unfortunately going by the "muddy capability" guidance as you did is not very helpful here, because Github being code quite securely with no inline scripts, and external scripts being all served from the CDN, NoScript doesn't find any script as apparently originating from https://github.com.
But for any external script to be able to run, the "script" capability must be granted to the site of the hosting page anyway.
Seen how this can be confusing to people like you who are trying to be very granular, I probably need to report a "fake" script attempt referred to the main page for each external script load attempt detected, so that that site entries gets its own muddy "script" as well.
Furthermore, until the page's site (https://github.com) has permissions to run script, the "fetch" usage (to interact with api.github.com) cannot be detected.
On the other hand, in the default appearance setting which shows just the top "...github.com" entry, both "script" and "fetch" are muddy (the latter after enabling "script" and reloading, of course) and can be allowed at once.
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:61.0) Gecko/20100101 Firefox/61.0

Guest

Re: GitHub wiki heading anchors

Post by Guest » Mon Jul 30, 2018 2:17 pm

Hi Giorgio,
I assume you've got the Appearance/List full addresses [...] option checked, and you're trying to achieve the maximum possible granularity correct?
Yes, and yes.

Thank you, I now understand what's going on and will tentatively tick a non-muddy Script on the site's schema'd domain if I'd like the site to have more functionality.

Cheers, Ralph.
Mozilla/5.0 (X11; Linux x86_64; rv:61.0) Gecko/20100101 Firefox/61.0

skriptimaahinen
Senior Member
Posts: 213
Joined: Wed Jan 10, 2018 7:37 am

Re: GitHub wiki heading anchors

Post by skriptimaahinen » Tue Jul 31, 2018 5:20 am

This reminds me that there is still an issue with inline-scripts not "seen" either. (https://forums.informaction.com/viewtopic.php?t=24723) Mind fixing that while you are at it?
Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:61.0) Gecko/20100101 Firefox/61.0

Post Reply