Where is "Untrusted Menu"?

[Nan M]

under the hood issue but since you translated it over to the large list GUI slowdown, it is no different than having a large whitelist

Well, a user with a whitelist even a tenth the size of some blacklists? What kind of NS user is that? (don't answer, that's a rhetorical question )

and the timing should be no worse for the wear

I have no clue about under the hood, as I said --- I was just playing with the idea, friend.
My point, and I do have one, is about the interface entirely.

As for the "clutter" factor and the users' inability to understand where everything is, you can't expect a solution to dumb itself down because users who use a solution get confused,

That's begging the question - - that an interface that's plain/less cluttered is somehow "dumbed down". The view that I'm presenting is that there is a limit to interface accessibility, after which real estate is at a premium - no matter what the intellectual capacity of the user. It's got less to do with smarts than with usability.
As it stands, the NS interface has built on a genius design, with each new security addition getting well designed into the options and the on-the-fly menu. However, it's getting cramped after what is it? 3 years of very intense development.

they need to understand how to use it

Yes, and a developer with any chops pays heed to the "usability" of their interface. The usability is what helps a user understand how to use it.

or settle for the default options provided by the author of the addon.

In an ideal world nobody would touch Options or anything else unless they had read and passed an exam on the Features and FAQs? The boards here show otherwise.

Either way, I am neither pushing for it, nor am I not pushing for it, for me its a nice to have that if implemented I would be pleased to have it and if not, I will lose no sleep.

So, unlike you, I have a definite opinion that I'm prepared to emphasise in another summary, in case I haven't yet made my point clear:
I don't think that any more clutter in the interface unless it's absolutely necessary for the core use of NS - which has been from the beginning, a fast, light way to move around the web with minimum security risk - is going to be helpful to plain users.

[FoamHead]

I think I learned one key point about NoScript in this thread: it is intended for the novice -> intermediate style user. While it works well for power users and advanced users, the goal is to ensure "the masses" can use it secure their browsing. This may mean NoScript is not really meant to handle my option #2. Having a full list of good/trusted sites is obviously necessary, but given the amount of noise on the net, maintaining a bad list could get very large very quickly. Regardless, I do think there are a few UI things that could be improved.

The first is that NoScript uses the word "untrusted" in two different contexts. On the one hand, untrusted means you have recorded this site as something you want to always (and silently) forbid. For example, in the options contextual pop-up menu, you can go to Untrusted | Mark foo.com as Untrusted. On the other hand, untrusted means anything that is not categorized; i.e. it is not listed in the "trusted list" or the "untrusted list". For example, the settings in NoScript Options | Advanced | Untrusted apply to things *not* in the untrusted list.

The second UI issue is the one that started this thread: the lack of fully exposing the untrusted list of sites. I think both issues can be addressed while not overcomplicating NoScript.

Instead of having multiple Option panel tabs for the various white/black-lists, it'd be cleaner to have one "Tracked Sites" panel. In addition to the import/export functionality, it would be a sortable list of all sites you are tracking in any way. To the right of each site would be the details of how you are tracking it. At first these details would be simple: blocked as untrusted or allowed as trusted. However, this style opens up lots of enhancements via more options (e.g. notify me or not) or even going towards a full policy/group based system. And, of course, this leads to the use of the term "untracked" for all sites not in the list.

TBH I can't say I'm sold on the terms "tracked" and "untracked", but I am sold on this idea. I think it'd really help clarify what NoScript is doing while providing a potential platform for more detailed "tracking" controls.

-Foam

[Tom T.]

I think I learned one key point about NoScript in this thread: it is intended for the novice -> intermediate style user. While it works well for power users and advanced users, the goal is to ensure "the masses" can use it secure their browsing. This may mean NoScript is not really meant to handle my option #2.

We're trying to please everyone -- which, of course, is impossible.

... NoScript uses the word "untrusted" in two different contexts. On the one hand, untrusted means you have recorded this site as something you want to always (and silently) forbid. .... On the other hand, untrusted means anything that is not categorized; i.e. it is not listed in the "trusted list" or the "untrusted list". For example, the settings in NoScript Options | Advanced | Untrusted apply to things *not* in the untrusted list.

Outstanding point of semantics. Perhaps the first meaning should be called "Blacklisted", or "Forbidden". ... I think I like "Forbidden" better. http://www.warez.cn is forbidden forever from entering my browser. It's in the Forbidden list. Everything that isn't in Whitelist or Forbidden list is "untrusted" by default: it won't run unless I allow it, but it will present itself if I open the menu, and ask (politely) for permission.

I like this idea. FoamHead is right; there *are* two meanings. This might clear them up without adding to the confusion (always an issue). Comments?

Instead of having multiple Option panel tabs for the various white/black-lists, it'd be cleaner to have one "Tracked Sites" panel. ...TBH I can't say I'm sold on the terms "tracked" and "untracked", but I am sold on this idea.

Not sold on that terminology either, because it, too, has another use: "tracking cookies"; "tracking scripts" --Scripts that track YOU, not scripts that you track.
IMHO, just off the top of my head, either one tab or two, and either a "Whitelist/Blacklist" or, using the thought above, "Whitelist/Forbid List". Whether this is one tab or two... ! In the Fx Tools > Options > Privacy > Accept Cookies > Exceptions, there are three buttons for the site you enter in the box: "Block", "Allow for Session", "Allow".... So *there's* the model for the ScriptList : Type the address in the box, and click either "Allow" or "Forbid". Only one more button inside this box, no extra tabs on the UI, same model as the Fx UI, hopefully would be an easy add for Giorgio and easy to understand for anyone who's used the Fx cookie menu (or the Content window, or the Security window...)

Comments?

[Nan M]

The first is that NoScript uses the word "untrusted" in two different contexts.

Hooray! You've centred on the main idea.

On the one hand, untrusted means you have recorded this site as something you want to always (and silently) forbid. For example, in the options contextual pop-up menu, you can go to Untrusted | Mark foo.com as Untrusted.

My alternative name for this category when I'm showing others in our library users group is Never Consider Trusting

On the other hand, untrusted means anything that is not categorized; i.e. it is not listed in the "trusted list" or the "untrusted list". For example, the settings in NoScript Options | Advanced | Untrusted apply to things *not* in the untrusted list.

That's the whole of the web, in other words. And the settings do, in effect, apply to the "untrusted" list, except the "Untrusted" are, as you say, silently forbidden - - they are still "Untrusted" in the sense of being part of the web that hasn't been given explicit whitelisting. If you remove items from the Untrusted - ie the Never Consider Trusting - state (either on-the-fly, as originally designed) or from the configuration, they return not to trusted, but to Untrusted on the fly - ie the whole of the web. A Venn diagram would have "Untrusted" in the on-the-fly menu as a small circle entirely enclosed by the larger web circle.
My experience with the beginners in the library group is that once the idea of whitelisting is in their grasp, they see these two uses of Untrusted as clearly distinct parts of the whitelisting strategy, without needing to do any deep thought.
That's, as I am trying to say, the genius of the on-the-fly menu as it stands; and it was what made my introduction to NS - quick secure navigation with whitelisting - such a revelation.

The second UI issue is the one that started this thread: the lack of fully exposing the untrusted list of sites. I think both issues can be addressed while not overcomplicating NoScript.

Instead of having multiple Option panel tabs for the various white/black-lists, it'd be cleaner to have one "Tracked Sites" panel. In addition to the import/export functionality, it would be a sortable list of all sites you are tracking in any way. To the right of each site would be the details of how you are tracking it. At first these details would be simple: blocked as untrusted or allowed as trusted. However, this style opens up lots of enhancements via more options (e.g. notify me or not) or even going towards a full policy/group based system. And, of course, this leads to the use of the term "untracked" for all sites not in the list.

TBH I can't say I'm sold on the terms "tracked" and "untracked", but I am sold on this idea. I think it'd really help clarify what NoScript is doing while providing a potential platform for more detailed "tracking" controls.

That's a very well considered design idea for a power users interface, in my non-tech opinion.
Something a little more granular than the Fx cookie acceptance interface, ay?
If NS is going to fork into Pro and Basic, I think that's the turning point.


@Tom T.

Note that I'm staying out of interface change design discussion. It's not in my consideration, as I hope the other posts I've made here demonstrate.

[Tom T.]

My alternative name for this category when I'm showing others in our library users group is Never Consider Trusting

I have a default reluctance to use three words if one will do, at least in UI, menus, etc. (despite my prolix posts lol) Also, considerations of space in menus and UIs.

If NS is going to fork into Pro and Basic, I think that's the turning point.

I wasn't aware that was on the boards, only an "Enterprise" edition (for remote sysadmin over LAN). I hope it never has to come to that. I think with our collective wit, we can accomplish that. Cheers, Matie!

[Nan M]

My alternative name for this category when I'm showing others in our library users group is Never Consider Trusting

I have a default reluctance to use three words if one will do, at least in UI, menus, etc. (despite my prolix posts lol) Also, considerations of space in menus and UIs.

Oh, I wasn't suggesting a change to the UI, which works just fine now - as I have emphasised in every post in this thread
I was making the point to Foam that there is another angle to his interpretation of "Untrusted", and that everything is indeed "Untrusted", just whether it's right now or for good.

If NS is going to fork into Pro and Basic, I think that's the turning point.

I wasn't aware that was on the boards, only an "Enterprise" edition (for remote sysadmin over LAN). I hope it never has to come to that. I think with our collective wit, we can accomplish that. Cheers, Matie!

I am arguing for it - if the pressure for blacklisting granularity continues - for all the reasons I've laid out in the thread.
NS is whitelist centred and the UI is overloaded.
Have a nice day Have a beer on me

[Foam Head]

Mmm... Beer... Ahem. Anyhoo...

That's the whole of the web, in other words. And the settings do, in effect, apply to the "untrusted" list, except the "Untrusted" are, as you say, silently forbidden - - they are still "Untrusted" in the sense of being part of the web that hasn't been given explicit whitelisting. If you remove items from the Untrusted - ie the Never Consider Trusting - state (either on-the-fly, as originally designed) or from the configuration, they return not to trusted, but to Untrusted on the fly - ie the whole of the web. A Venn diagram would have "Untrusted" in the on-the-fly menu as a small circle entirely enclosed by the larger web circle.

Wait a second. How can the settings in NoScript Options | Advanced | Untrusted apply to things in the Blacklist? The Blacklist means I know it's bad so I never want to load anything from it nor get notification that something was blocked.

Consider this example: I know foo.com is bad so I add it to the Blacklist. I want worldofwarcraft.com to work, but I don't want to add it to the Whitelist, so I turn NoScript Options | Advanced | Untrusted | Forbid XSLT off. If I then go to foo.com and it uses XSLT, is it allowed or not? If it's allowed, then what's the point of the Blacklist?

IMHO, NoScript has three distinct categories of content. The Whitelist is for sites you want to allow some/all permissions. The Blacklist is for sites you want to deny most/all permissions. Everything not in the White/Black-lists is classified as "unlisted". While "unlisted" is similar to the Blacklist, it's not hard to imagine giving "unlisted" sites a few more permissions than those on the Blacklist. XSLT is a good example since there are very few exploits for it.

So rethinking some terminology, I'm still suggesting some NoScript UI changes:

1) Use Whitelist and Blacklist terms as we have been here. They are well known terms so there's no reason to reinvent anything. So, for example, all uses of "untrusted" on the Options pop-up menu would be changed to "Blacklist"; a-la "Blacklist -> Add foo.com to the Blacklist", etc.

2) Change the NoScript Options | Whitelist tab to Manage Lists (or Whitelist/Blacklist or even just Lists). Aside from the common Import/Export buttons, you have the lists of sites. I like the idea of one list for all sites with icons, colors, and status text to the right, but two tabs with a list for each would work too.

3) Replace NoScript Options | Advanced | <Untrusted|Trusted> tabs and the NoScript Options | Plugins tab with a single NoScript Options | Permissions tab. The Permissions tab has three sub-tabs: Whitelist, Unlisted, and Blacklist. These tabs are a combination of what's currently in the Plugins tab as well as what's in the corresponding NoScript Options | Advanced sub-tab. The Unlisted and Blacklist sub-tabs start with a "Block everything from these sites" option that, when checked, gray out all of the specific options. The Blacklist sub-tab also has a "Always apply all Unlisted permissions" which, when checked, will ensure that everything in the Blacklist gets at least the permissions in the Unlisted sub-tab.

I realize #3 is a big change, but the current Plugins and Advanced | <Untrusted|Trusted> tabs have enough overlap that IMHO it is not obvious to see what's happening to each group. For example, the Apply these restrictions to trusted sites too setting and ClearClick settings seem out of place in a NoScript Options tab named Plugins.

NoScript supports three groups of sites so makes those groups explicit to the user. As a side note, this setup would allow you to add some/all of the current NoScript Options | Notifications info to the NoScript Options | Permissions | <Whitelist|Unlisted|Blacklist> sub-tabs so you can control notification per group.

Final thought: If NoScript really doesn't support three groups (i.e. it's really just Whitelist/Trusted sites and "everything else"), then it should never refer to any kind of "untrusted list" or "blacklist". If you want to hide notifications of known bad sites, then make a "hide notifications", "disable notifications", or "quiet" list.

For the length of this post, the next beer is on me, gents .
-Foam

[Tom T.]

Mmm... Beer... Ahem. Anyhoo...

Yes, I got the pun in the name right off. Contrary to stereotype, not *everyone* with an interest in puters is lacking in perception of humor.

Consider this example: I know foo.com is bad so I add it to the Blacklist. I want worldofwarcraft.com to work, but I don't want to add it to the Whitelist, so I turn NoScript Options | Advanced | Untrusted | Forbid XSLT off. If I then go to foo.com and it uses XSLT, is it allowed or not? If it's allowed, then what's the point of the Blacklist?

You can make it work. I know nothing of WOW, but just went there, and got it to work without allowing XSLT for foo.anywhere. Give me a few minutes to make and host a screenshot.

IMHO, NoScript has three distinct categories of content. The Whitelist is for sites you want to allow some/all permissions. The Blacklist is for sites you want to deny most/all permissions. Everything not in the White/Black-lists is classified as "unlisted". While "unlisted" is similar to the Blacklist, it's not hard to imagine giving "unlisted" sites a few more permissions than those on the Blacklist. XSLT is a good example since there are very few exploits for it.

Must respectfully disagree with that interpretation. The categorizations are very plain: If you allow all scripting on a site, that site is defined as "trusted" and "whitelisted", and appears in the UI Whitelist. Any plugins that you have forbidden in UI Plugins are still forbidden. However, If, and only if, you uncheck "Apply these restrictions to trusted sites too", then your "trusted sites" have full permission to run all of the listed plugins, etc. But that's a conscious user choice, anti-default.

The Blacklist is for sites/domains whose scripts are never even to appear in the menu to beg for permission, unless you point to 'Untrusted". If foo.bar is a 3rd-party that is popping up everywhere, you don't like them, and you are sick of seeing them, the "untrusted" spares you ever seeing them again. By default, additional restriction apply: "Block every object" and "No placeholder for object" coming from sites marked Untrusted, although again, user-configurable.

I've already agreed with you on the ones in the "middle": not marked as "untrusted" nor Whitelisted. I suggested "Forbidden" for "marked as untrusted", and leave "untrusted" for those that have to ask every time.

So rethinking some terminology, I'm still suggesting some NoScript UI changes:

1) Use Whitelist and Blacklist terms as we have been here. They are well known terms so there's no reason to reinvent anything. So, for example, all uses of "untrusted" on the Options pop-up menu would be changed to "Blacklist"; a-la "Blacklist -> Add foo.com to the Blacklist", etc.

Sounds good. The term "blacklist" is used in many other places on the web and in browsers and apps, and is familiar to most users. We get a lot of requests for a "blacklist" or source of blacklists, sort of like the Hosts file service. "Make your own" is the idea behind NS user-control. I support this suggestion.

2) Change the NoScript Options | Whitelist tab to Manage Lists (or Whitelist/Blacklist or even just Lists). Aside from the common Import/Export buttons, you have the lists of sites. I like the idea of one list for all sites with icons, colors, and status text to the right, but two tabs with a list for each would work too.

I don't want to burden Giorgio with having to add color-coding and icons to the UI beyond what's already in the NS Logo (he manages to stay fairly busy, if you've noticed unless he wants to. I suggested "ScriptLIst", but any of yours is fine. Whatever way is the easiest for Giorgio to demarcate, delineate, or indicate the two different lists is fine with me. Just so, as you said, one can manage both lists from the UI, rather than just the Whitelist. It seems an easy call to prefs.js\user_pref("noscript.untrusted",.

3) Replace NoScript Options | Advanced | <Untrusted|Trusted> tabs and the NoScript Options | Plugins tab with a single NoScript Options | Permissions tab. The Permissions tab has three sub-tabs: Whitelist, Unlisted, and Blacklist. These tabs are a combination of what's currently in the Plugins tab as well as what's in the corresponding NoScript Options | Advanced sub-tab. The Unlisted and Blacklist sub-tabs start with a "Block everything from these sites" option that, when checked, gray out all of the specific options. The Blacklist sub-tab also has a "Always apply all Unlisted permissions" which, when checked, will ensure that everything in the Blacklist gets at least the permissions in the Unlisted sub-tab.

I realize #3 is a big change, but the current Plugins and Advanced | <Untrusted|Trusted> tabs have enough overlap that IMHO it is not obvious to see what's happening to each group. For example, the Apply these restrictions to trusted sites too setting and ClearClick settings seem out of place in a NoScript Options tab named Plugins.

No objection here, although it sounds like a major redesign. Also, the reason (I presume) for the "Advanced" designation is that many home users have no idea what "<a ping", "Web bugs", "Meta-redirections", and "XSLT" are, and so these are blocked by default on non-whitelisted sites for the benefit of such users. Power-users are probably the only ones who should tinker with these, or even be presented with them. We already get complaints that it's too complicated, so you see what a tightrope we're walking here: "Make it so my grandparents can use it without calling me every five minutes" vs. "Make it so that I have fine-grained control over every permission of every object and sub-object from every domain and sub-domain". Uhh, sort of a conflict there.

Perhaps Nan M is right that there should be two versions, not "Pro" in the sense of a premium, paid version, but "Basic" (or "Easy)" and "Advanced": one with minimal UI and user interaction, with easy allow/don't allow this script, and the other with the micro-controls. But supporting two versions is almost twice as much work. Care to visit beautiful Palermo and help, or telecommute and help?

Final thought: If NoScript really doesn't support three groups (i.e. it's really just Whitelist/Trusted sites and "everything else"), then it should never refer to any kind of "untrusted list" or "blacklist". If you want to hide notifications of known bad sites, then make a "hide notifications", "disable notifications", or "quiet" list.

Not bad. It's obvious you've put quite a bit of thought into this, which is greatly appreciated.
The fundamental question: Are there three categories, or only two? (Did I fire six shots, or only five? Do you feel lucky, punk? -- old movie reference). Whichever is the decision, delineate them clearly and allow the user quick access to manage the three or two lists.

For the length of this post, the next beer is on me, gents .
-Foam

Aaaah, and a fine one it was! (With a great head of foam, of course!)

[Tom T.]

Here, scripting from WOW has been allowed, but XSLT and all plugins are still blocked. Note that opening the menu reveals the blocked object, and that the space in the upper left is blank (black).

OK, so I "temporarily allow" the NS Blocked Object from WOW (not the ones from the ad agencies, but you could if youwanted to support the site, or if the site required it). Note that the slide-show images start appearing in what was blackbefore. I'm assuming that this (or further individual blocked objects from WOW) will get you up and running. XSLT fromfoo.bar, or anywhere else, is still mass-forbidden in "Advanced-Untrusted", so long as any of the 3rd-party scripts are blocked.

I hope this helps, cuz I don't want to go any deeper into WOW, sign up, pay money, etc. But looking for these "blocked objects" in NS menu saves a lot of mass-allowing. I've asked Giorgio several times to color the NS logo for such objects, but he keeps having to stomp out the AdBlockPlus forest fires instead
Cheers!

[Nan M]

Well gents,
I believe I do understand the permutations of "untrusted" that you are going into, but I'm maintaining that the zeitgeist of NS is a lightweight, fast, on-the-fly way to securely negotiate web browsing, that "untrusted" is the whole of the web either hidden or in the menu, and that any of the options that are getting discussed here are non-essential for good average web use.

That's what NS has always been for me and many others I share it with. We are average kinds of users who use the web mainly because commerce and government interaction these days demands it.
In average use, most accept the defaults and only go into the Options menu if something doesn't work.
And that's where the problems of complexity in the interface happen. Resetting to defaults is of course a good troubleshooting step if a person's checked the wrong guesses and all that kind of thing, but the reset's been introduced for just the reasons I'm advocating a simple interface - - errors happen, and with multiple choices, multiple errors happen, and a person gets lost in the maze. For those with plenty of time to become power users, the time-consuming and therefore frustrating aspect of troubleshooting is I fancy often forgotten For those of us with day jobs and other pressures and no great technical facility this can become a serious disincentive to using an application. May I remind all of the droves who often simply toggle off security stuff in frustration when something doesn't work. Baddies win again! And I don't mean those with very short fuses who want everything to work immediately if not sooner. I'm advocating for us plodders who want security but who don't have time to become deeply expert in an application.

As a model for your discussion, and not because I particularly want to see it given much emphasis in development, have a look at the Options interface in VLC player. If you've been living on another planet for the last 5 years, here's their home page: http://www.videolan.org/
The Basic filter masks most of the Pro complexity and the reports from the Videolan developers indicate that it's helped many new users to decide where to troubleshoot.
Side point: I'm not at all advocating any commercial model. That's Giorgio's business entirely. I use Pro as a synonym for power-user.

There you go! For an example that I almost don't even think about as I use the web: I just went CTRL SHift BACKSLASH without being conscious of it - because I've missed a couple of emphases as I type, and so I'll use the JS here to speed that up with a bit of mousing. Now I would usually compose in a text editor, but I'm not really supposed to be here for more than a couple of minutes - - and - well - etc etc. So I can use JS to help and so it was a key combo away. Lovely integrated web navigation. Giorgio is teh genius!

[therube]

Tom, because you are on FF2, you are not seeing what the XSLT setting is doing to WOW.
Spoof your UA, change general.useragent.extra.firefox to Firefox/3.0.
Leave XSLT enabled.
Load http://www.worldofwarcraft.com/.

WOW was discussed here, NoScript prevents XML?.


PS: Reset general.useragent.extra.firefox when finished.

[Foam Head]

From your feedback, it sounds like a key feature for NoScript is the ability to provide the casual computer user the ability to secure their surfing without needing to hit the "Allow Scripts Globally" panic button. This makes sense and does seem appropriate -- I'll just have to temper my innate geek-ness to match this design tenet .

So to maintain a fair amount of simplicity, NoScript should only have two categories of sites: Trusted/Allowed/Whitelist and Untrusted/Forbidden. In this two group model, there is no Blacklist or "Untrusted List" because Untrusted is defined as "everything not Trusted". Thus everything currently referred to as "Untrusted List" should be renamed to (my preference) "Quiet List"; e.g. Untrusted | Mark foo.com as Untrusted would become Quiet List | Keep foo.com notifications quiet.

With this two group model, the current options UI is just fine except for two things. First, I'd rename NoScript Options | Plugins to Protection because there are a smattering of settings here that are not related to "plugins". And second, bringing this thread full circle to my first post, it would be nice to have a supported interface (NoScript Options | Quiet List?) that let's users manage their Quiet List.


BTW: While I would certainly enjoy a "Pro" version, having multiple versions takes a heavy toll on development. I've heard there's already an Enterprise version in the works that lets an admin remotely configure employees NoScript settings (an awesome idea!), so forking another version would make three. If there is a compelling reason to add "Pro" like complexity into NoScript, then IMHO you should find a way to set up the UI so that it is "non-Pro" by default but "Pro" areas can be enabled.

For example, if NoScript changed to a full group/policy model, the "non-Pro" UI would be the same as now but the settings would change the corresponding settings in default groups. Turning on "Pro mode" would disable the current UI and force users to manipulate all settings via the new and detailed group/policy management UI. The underlying code that NoScript uses is the same regardless of "Pro-ness" -- the only difference is a "shortcut UI" that allows non-Pros to tweak settings via a simpler UI.


Al-righty-then. This thread may be long, but I definitely learned a lot thru it. I'll be glad to continue this conversation or even help with others (heck, I may even register an account ), just lemme know. Regardless, I *really* appreciate the courteous and prompt responses from the NoScript community. It's so hard to find a good product or a good community and NoScript has both. Kudos!

Cheers!
-Foam

PS. Nan, how dare you remove informaction.com from the default Trusted list!

[Nan M]

the casual computer user the ability to secure their surfing without needing to hit the "Allow Scripts Globally" panic button.

Persackly.
And that's all we had before Giorgio - - JS on or off with the annoyances configurable. Big security help. Not
And who're you calling "casual"? I find this web use very serious

PS. Nan, how dare you remove informaction.com from the default Trusted list!

Ah! Thanks for the heads-up.
I'd been fiddling with the new bookmarks option and left the test settings in.
I have so few in my whitelist that needing to do the keyboard shuffle wasn't even noticeable in this domain I really love how comfortable it is to completely trust a web site. Probably why I spend too much time here when I should be working or sleeping
From the quick glance I took at the ABP filter thread, I'd be looking extremely thick not to be supporting Fx/NS development at Informaction indeed!

And how foolproof is this whitelisting! CTRL SHIFT S M.
Done and no typing errors to bother about.


have a beer on me and see you around the boards.

[Tom T.]

Tom, because you are on FF2, you are not seeing what the XSLT setting is doing to WOW.
Spoof your UA, change general.useragent.extra.firefox to Firefox/3.0.
Leave XSLT enabled.
Load http://www.worldofwarcraft.com/.
WOW was discussed here, NoScript prevents XML?.
PS: Reset general.useragent.extra.firefox when finished.

t
@ therube, thanks for that tip, but I think I'll pass. It seems WOW has been covered adequately elsewhere, so no need to re-invent the wheel. Will make memo to self: F2 - F3 may react differently. Guess it's my solemn duty to keep F2 so I can see what the rest of the F2 die-hards are seeing.

Al-righty-then. This thread may be long, but I definitely learned a lot thru it. I'll be glad to continue this conversation or even help with others (heck, I may even register an account ), just lemme know. Regardless, I *really* appreciate the courteous and prompt responses from the NoScript community. It's so hard to find a good product or a good community and NoScript has both. Kudos!

Thank you for the kind words. "Our praise is our pay." (author unknown and non-googleable).

or even help with others

Anyone with useful information to contribute to a question or post is always welcome to do so. Sounds like you're getting quite an intimate knowledge of NS. Feel free to help where you can. Ummm, registering might lend more credibility and accountability, though.

And who're you calling "casual"? I find this web use very serious

Not to split hairs over semantics, but I believe what FH meant by "casual" was "average, non-tech-involved". Which, despite the limited perceptions of those knowledgeable in *any* field, constitutes the majority, by far. (Having taught in many different fields, ranging from academic to business to sports, trust me on this. Most of the teachers couldn't empathize with zero- or low-knowledge students/clients/users.) </soapbox>
No beer from me. Guardian is buzzed enough already!

[Nan M]

Not to split hairs over semantics, but I believe what FH meant by "casual" was "average, non-tech-involved".

And then you casually* come in and stomp on my attempt at light humour?
cheers and beers, dear You're priceless.

*emphasis and graphics added in the submission box, without needing to toggle NS, because NS in in the WL now - thanks to Foam's percipience.