I came to the forum because I was unable to register with a website because Capcha was being blocked by NoScript. Low and behold when I came to this site to register it needed Capcha but it didn't say it was required. Fortunately I had realized that with 'Allow Scripts Globally' turned on the Capcha form would work correctly. However when I enter Google.com into the white list the Capcha form does not display properly.
So how do I fully accommodate Capcha and nothing else using NoScript?
Forum Registration and Capcha
Forum Registration and Capcha
Mozilla/5.0 (Windows NT 6.2; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0
Re: Forum Registration and Capcha
If I remember correctly, for ReCaptcha you need either have the site that hosts the Captcha, Recaptcha and Google allowed, or the first two not allowed for it to work.
Mozilla/5.0 (Windows NT 6.2; WOW64; rv:19.0) Gecko/20100101 Firefox/19.0
Re: Forum Registration and Capcha
This forum is apparently not using google for recaptchas now. The scripts showing in the menu (when I tried to reply without first logging in) are:
So you may choose which level to allow: all of recaptcha.net or only those sites which use the specific sub-domain api.recaptcha.net.
At other sites, look in the NS menu to see what domain, such as perhaps google, is hosting the recaptcha script.
Code: Select all
-http://api.recaptcha.net
-recaptcha.net
At other sites, look in the NS menu to see what domain, such as perhaps google, is hosting the recaptcha script.
Mozilla/5.0 (Windows NT 5.1; rv:18.0) Gecko/20100101 Firefox/18.0
Re: Forum Registration and Capcha
Thanks for the help - but could you be more specific as I have no technical experience with NoScript.
When under Add-ons I disable NoScript I get the Capcha form with blue buttons just like I do under IE 10. When I 'Temporarily allow all this page' the form again displays correctly. Having placed api.recaptcha.net AND google.com on the whitelist the form does NOT display correctly. When I removed these from the white list and restarted Firefox the Capcha form still displays incorrectly and without the blue buttons.
So prescriptively what individual steps must be taken to get the form to display correctly?
PS: It would be nice to have a one click option to enable Capcha and credit card authentication forms from Visa and MasterCard. When I 'allow scripts globally' I forget to turn it off when next I relaunch Firefox. Master overrides are always abused - I remember a machine some years ago that had a key lock and the operators had broken the key into the lock so the machine was always working with the safeties off.
When under Add-ons I disable NoScript I get the Capcha form with blue buttons just like I do under IE 10. When I 'Temporarily allow all this page' the form again displays correctly. Having placed api.recaptcha.net AND google.com on the whitelist the form does NOT display correctly. When I removed these from the white list and restarted Firefox the Capcha form still displays incorrectly and without the blue buttons.
So prescriptively what individual steps must be taken to get the form to display correctly?
PS: It would be nice to have a one click option to enable Capcha and credit card authentication forms from Visa and MasterCard. When I 'allow scripts globally' I forget to turn it off when next I relaunch Firefox. Master overrides are always abused - I remember a machine some years ago that had a key lock and the operators had broken the key into the lock so the machine was always working with the safeties off.
Mozilla/5.0 (Windows NT 6.2; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0
Re: Forum Registration and Capcha
If they're always coming from the same domain, then you can permanently whitelist that domain; problem solved. If not, then there's no way for NoScript to identify 'this is a Visa/Mastercard form'.NS001 wrote: It would be nice to have a one click option to enable Capcha and credit card authentication forms from Visa and MasterCard.
Yeah, it's not a recommended option. You're better off with 'Temporarily Allow All This Page' - but depending on the page, you may need to use it more than once, as scripts try to import scripts from third-party sites.When I 'allow scripts globally' I forget to turn it off when next I relaunch Firefox.
Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:18.0) Gecko/20100101 Firefox/18.0
Re: Forum Registration and Capcha
I'm sorry I did not make it clear that the steps must be individualized to each site.NS001 wrote:... When I 'Temporarily allow all this page' the form again displays correctly. Having placed api.recaptcha.net AND google.com on the whitelist the form does NOT display correctly. When I removed these from the white list and restarted Firefox the Capcha form still displays incorrectly and without the blue buttons.
So prescriptively what individual steps must be taken to get the form to display correctly?
When the captcha does not appear, open the NoScript menu and look for options to Allow or Temporarily Allow various script sources.
The one that contains the word "captcha" or "recaptcha" should be the one required to display the captcha.
Because Google bought reCaptcha a few years ago, it may be necessarily also to allow Google or some sub-domain, such as recapcha.google.com or google-recaptcha -- the possible variants are many. But they should be apparent from the above.
At this forum, adding "recaptcha.net" to your Whitelist will display the captcha, and may cover many more sites that you encounter.
As Thrawn noted, this is much safer than Globally Allow, and even if that option is used, Temporarily Allow Globally at least gives the fail-safe of autmatically terminating the global allow when the browser is closed.
If you continue to have problems, please check whether any of the following add-ons may be causing problems: AdBlockPlus, Ghostery, RequestPolicy, or any other image-blocking or ad-blocking program.
I hope this helps.
Mozilla/5.0 (Windows NT 5.1; rv:18.0) Gecko/20100101 Firefox/18.0.2
Re: Forum Registration and Capcha
Thanks again.
The drop down ONLY sees recaptcha.net and google.com offering to forbid or temp allow.
There is under Untrusted(1) an entry for informaction.com but it does not effect outcomes.
Noscript is the only add-on affecting Capcha.
Using Inspect Element Q I can see nested api URLs to Google.com that NoScript is ignoring in the drop down (hence no blue buttons).
I suppose it comes down to being a bit odd that the forum that supports Noscript cannot display Capcha blue buttons correctly unless NoScript is disabled in some way. The other gotcha is that I usually do a temp allow all whenever I visit new sites (I know, I know!) but this does not allow Capcha to display blue buttons.
On another laptop that does not have NoScript installed and very few add-ons my wife couldn't complete her online purchase because a Visa security form did not display at all. Plan B is now to go to IE10 and try doing things there and this usually works. The big issue for us is that temp allowing all of the page is no guarantee that the security form will actually display correctly. Frustrating!
PS: I am a PayPal subscriber to the NoScript cause.
The drop down ONLY sees recaptcha.net and google.com offering to forbid or temp allow.
There is under Untrusted(1) an entry for informaction.com but it does not effect outcomes.
Noscript is the only add-on affecting Capcha.
Using Inspect Element Q I can see nested api URLs to Google.com that NoScript is ignoring in the drop down (hence no blue buttons).
I suppose it comes down to being a bit odd that the forum that supports Noscript cannot display Capcha blue buttons correctly unless NoScript is disabled in some way. The other gotcha is that I usually do a temp allow all whenever I visit new sites (I know, I know!) but this does not allow Capcha to display blue buttons.
On another laptop that does not have NoScript installed and very few add-ons my wife couldn't complete her online purchase because a Visa security form did not display at all. Plan B is now to go to IE10 and try doing things there and this usually works. The big issue for us is that temp allowing all of the page is no guarantee that the security form will actually display correctly. Frustrating!
PS: I am a PayPal subscriber to the NoScript cause.
Mozilla/5.0 (Windows NT 6.2; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0
Re: Forum Registration and Capcha
Aha! Got it.NS001 wrote:The drop down ONLY sees recaptcha.net and google.com offering to forbid or temp allow.
There is under Untrusted(1) an entry for informaction.com but it does not effect outcomes.
I reproduced your situation by removing informaction.com from the whitelist and temp-allowing recaptcha.net only.
Then I pretended to be registering at the forum.
As you say, no other scripts show in the main menu.
However, the captcha is delivered by an IFRAME. I assume you have these blocked in NS Options > Embeddings, as I do.
Please ensure that Iin NS Options > Appearance you have checked (Show...) Blocked Objects, and in Options > Embeddings, Show placeholder icon. (IIRC, these are default settings.)
Therefore, by pointing to Blocked Objects in the main menu, you will see a number of choices slide out, including
Temporarily allow <IFRAME>@http://api.recaptcha.net/noscript
Clicking this produces the captcha. (This is the best choice, because the entries with *@http etc. are "wildcards", allowing all objects, versus allowing only an IFrame.)
Alternatively, clicking the placeholder icon (red NS logo above the captcha box) will display the captcha. If you have Embeddings set to "Ask for confirmation before temporarily unblocking an object" (safest), the confirmation box provides the info:
Code: Select all
Temporarily allow http://api.recaptcha.net/noscript?k=6LcM6QsAAAAAAJS48GY1b_JNHal1t5mJq7n-I-ws
(application/x-unknown <IFRAME> / http://forums.informaction.com)
BTW, I never see blue "buttons". I guess you mean the "I'm a human" link? (or "try again" link"?)
Not relevant, as per above. Allowing the iframe and recaptcha.net is all that is required.Using Inspect Element Q I can see nested api URLs to Google.com that NoScript is ignoring in the drop down (hence no blue buttons).
No, it's that NoScript is so conscientious of your safety that it will not allow objects, including iframes, to be inserted into pages without your permission -- even at NoScript's own pages. The objects come from an external source, so NS protects you until you choose to allow them via the menu or placeholder icon. No disabling is necessary.I suppose it comes down to being a bit odd that the forum that supports Noscript cannot display Capcha blue buttons correctly unless NoScript is disabled in some way.
As noted, script permissions are not enough, because they fail to protect you against other potential threats such as iframes, which could be malicious.The other gotcha is that I usually do a temp allow all whenever I visit new sites (I know, I know!) but this does not allow Capcha to display blue buttons.
ETA: "TA All this page" refers to scripts only, and not to plugins (Flash, Java) and other objects like frame or iframe. (Another safety feature.)
OK, no lecture on using temp allow all per se, but doing so at a new site is pretty much the same as Allow Globally (dangerous), because you don't know which third-party scripts will be called, including evil ones. Also, even if you later refine the permissions at this new site, *the damage may already be done* from malware or whatever installed by that original temp-allow. So going back later and finding out which scripts are required is kind of like locking the barn after the cows have all departed.
The only legit uses of TA All IMHO are:
1) A site you *thoroughly* trust throws a bunch of script sources at you in the menu, *and you trust those names as well*. TA ALL is indeed quicker than a dozen individual TA permissions. (But be prepared for the situation described in the sticky post, Why must I "Temporarily allow all this page" REPEATEDLY?, which is well worth reading.)
2) A machine is shared by a user comfortable with NS and by one who can't be bothered (spouse, boy/girlfriend, roommate, parent, child, grandparent, etc.).
For the latter, TA All is still safer than disabling NS, because NS's other, user-transparent, protections still are at work. (XSS, Clickjacking, ABE, etc.)
Try disabling the other add-ons, or create a new profile from scratch, and see if the form then displays.On another laptop that does not have NoScript installed and very few add-ons my wife couldn't complete her online purchase because a Visa security form did not display at all.
Plan B is now to go to IE10 and try doing things there and this usually works.
That's because IE is much more promiscuous than Firefox+NoScript. IE lets almost anything through, so stuff works.
Leaving your car unlocked avoids the inconvenience of locking yourself out of your car. But it also makes it easier for thieves.
Security and convenience are always a trade-off, and anyone who thinks NS is inconvenient should know how inconvenient it is to have your computer become infected, bank accounts drained, credit cards and identity stolen, machine becomes part of a zombie botnet and is used to send thousands of spams a day, law enforcement smashes down the door because your machine has been sending/receiving kidporn, etc......
Hopefully, you now have enough info to diagnose and fix the issue. If not, feel free to post back.The big issue for us is that temp allowing all of the page is no guarantee that the security form will actually display correctly. Frustrating!
On behalf of NS developer Giorgio Maone, thank you very much.PS: I am a PayPal subscriber to the NoScript cause.
However, please be assured that the Support Team of unpaid, part-time volunteers strives to give the best service possible to all users, regardless of their donation status, which we have no way of knowing anyway.
Cheers,
- Tom
Mozilla/5.0 (Windows NT 5.1; rv:18.0) Gecko/20100101 Firefox/18.0.2