Questions about new 'noscript' option
Questions about new 'noscript' option
Thanks for the new version 11.2.1!
Usually I have scripts disabled on websites which work fine without it. Now I need to enable the new 'noscript' option on some of them to make them work (or set the site to trusted).
What's the use of this? Shouldn't the default preset have this option enabled by default? Why does the trusted preset have this option, too?
Usually I have scripts disabled on websites which work fine without it. Now I need to enable the new 'noscript' option on some of them to make them work (or set the site to trusted).
What's the use of this? Shouldn't the default preset have this option enabled by default? Why does the trusted preset have this option, too?
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:85.0) Gecko/20100101 Firefox/85.0
- Giorgio Maone
- Site Admin
- Posts: 9034
- Joined: Wed Mar 18, 2009 11:22 pm
- Location: Palermo - Italy
- Contact:
Re: Questions about new 'noscript' option
The "noscript" pseudo-capability should, indeed, be enabled by default in the DEFAULT preset.
In facts, that's the case if you install from scratch, and it was supposed to be the case if you upgraded from any version < 1.2.1rc4.
Unfortunately a little typo bug sneaked in, and the latter does not actually apply.
I'm trying to rush a quick minor update to limit the "damage", thanks.
In facts, that's the case if you install from scratch, and it was supposed to be the case if you upgraded from any version < 1.2.1rc4.
Unfortunately a little typo bug sneaked in, and the latter does not actually apply.
I'm trying to rush a quick minor update to limit the "damage", thanks.
Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:86.0) Gecko/20100101 Firefox/86.0
Re: Questions about new 'noscript' option
And what's the purpose of this option?
What differences there are if allowed or not?
And should it be allowed and what if not?
What differences there are if allowed or not?
And should it be allowed and what if not?
Mozilla/5.0 (Windows NT 6.1; rv:85.0) Gecko/20100101 Firefox/85.0
- Giorgio Maone
- Site Admin
- Posts: 9034
- Joined: Wed Mar 18, 2009 11:22 pm
- Location: Palermo - Italy
- Contact:
Re: Questions about new 'noscript' option
It controls whether the <noscript> element is rendered or not (included emulating meta refreshes inside the element).Quest wrote: ↑Tue Feb 16, 2021 5:01 pmAnd what's the purpose of this option?
What differences there are if allowed or not?
It's your choice, depending on the site. It has been requested by users who perceived some fallback content/behavior as an annoyance.
Personally I think it's better for the element to be rendered (NoScript emulates it on purpose, indeed, since CSP script blocking wouldn't render it per-se), and in facts the DEFAULT preset is meant to have it checked (even though, unfortunately, it didn't happen for upgrades from 11.2 because of the aforementioned bug).
It controls whether the <noscript> element is rendered or not (included emulating meta refreshes inside the element).
It's your choice, depending on the site. It has been requested by users who perceived some substitution content/behavior as an annoyance.
Personally I think it's better to render <noscript> elements because it often contains useful fallbacks. NoScript emulates it on purpose, indeed, since CSP script blocking wouldn't render it per-se.Quest wrote: ↑Tue Feb 16, 2021 5:01 pmAnd should it be allowed and what if not?
Because of this, the DEFAULT preset is meant to have it checked (even though, unfortunately, it didn't happen for upgrades from 11.2 because of the aforementioned bug).
Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:86.0) Gecko/20100101 Firefox/86.0
Re: Questions about new 'noscript' option
Sorry if I missed it, but I wonder the same but don't see the answer above? What does "noscript" capability do when enabled for a site that has scripts allowed?guest wrote: ↑Tue Feb 16, 2021 3:26 pmWhy does the trusted preset have this option, too?
And shouldn't this be enabled by default for Untrusted preset too?
*Always* check the changelogs BEFORE updating that important software!
-
- Giorgio Maone
- Site Admin
- Posts: 9034
- Joined: Wed Mar 18, 2009 11:22 pm
- Location: Palermo - Italy
- Contact:
Re: Questions about new 'noscript' option
It has it to avoid surprise when cascading restrictions.
My reasoning is that if you mark a site as UNTRUSTED you probably don't care (or even want to avoid) possibly annoying and/or tracking replacement content.
It's configurable, anyway.
Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:86.0) Gecko/20100101 Firefox/86.0
Re: Questions about new 'noscript' option
Thanks. Just to make sure I have it right:Giorgio Maone wrote: ↑Wed Feb 17, 2021 6:33 amIt has it to avoid surprise when cascading restrictions.
- on actually script-allowed sites, it does nothing;
- when "Cascade top documents restrictions..." is enabled, it controls:
- whether <noscript> elements are shown in nominally-script-allowed subdocuments of script-blocked pages;
- whether <noscript> elements are shown in script-blocked subdocuments of script-allowed pages.
*Always* check the changelogs BEFORE updating that important software!
-
- Giorgio Maone
- Site Admin
- Posts: 9034
- Joined: Wed Mar 18, 2009 11:22 pm
- Location: Palermo - Italy
- Contact:
Re: Questions about new 'noscript' option
Yes, it is (pending bugsbarbaz wrote: ↑Wed Feb 17, 2021 6:17 pmThanks. Just to make sure I have it right:Giorgio Maone wrote: ↑Wed Feb 17, 2021 6:33 amIt has it to avoid surprise when cascading restrictions.Is this correct and complete?
- on actually script-allowed sites, it does nothing;
- when "Cascade top documents restrictions..." is enabled, it controls:
- whether <noscript> elements are shown in nominally-script-allowed subdocuments of script-blocked pages;
- whether <noscript> elements are shown in script-blocked subdocuments of script-allowed pages.

Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:86.0) Gecko/20100101 Firefox/86.0
Re: Questions about new 'noscript' option
Thanks Giorgio
I updated viewtopic.php?p=93552#p93552 with this information.

*Always* check the changelogs BEFORE updating that important software!
-