Icon Meaning Clarification

General discussion about the NoScript extension for Firefox
Post Reply
User avatar
therube
Ambassador
Posts: 7924
Joined: Thu Mar 19, 2009 4:17 pm
Location: Maryland USA

Icon Meaning Clarification

Post by therube »

Icon Meaning Clarification
Image - this means that scripts and plugin contents are blocked for the current site and its subframes. Even if some of the 3rd party script sources imported by the page may be in your whitelist, no code could run because the hosting documents are not enabled.

http://noscript.net/features
Could you clarify that.

I go to http://slashdot.org/, nothing Allowed.

All scripts are blocked.

I Allow fsdn.com.
Even though I have, scripts from fsdn.com still will not execute because slashdot.org has not been Allowed?
So for instance, http://c.fsdn.com/sd/all-minified.js will not run.

Is that the idea?

Image
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball NoScript FlashGot AdblockPlus
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1pre) Gecko/20090525 SeaMonkey/2.0b1pre
User avatar
Giorgio Maone
Site Admin
Posts: 9454
Joined: Wed Mar 18, 2009 11:22 pm
Location: Palermo - Italy
Contact:

Re: Icon Meaning Clarification

Post by Giorgio Maone »

Yes it is. When the main document is not in your whitelist, scripts imported with <SCRIPT src="some-other-domain.js"></SCRIPT> are not loaded at all, and even if they were loaded, couldn't execute anyway because their hosting "docshell" has JavaScript disabled.
That's why I slightly changed the icon behavior to reflect this thing, which was not very clear to many users: if the top level is disabled and you've got no active subframe, you get Image (totally forbidden) rather than Image (partially forbidden) like previously. The latter icon now is shown only if the top-level is allowed but some 3rd party resources are blocked.

However, if a subframe with a trusted source is loaded, it can execute scripts even if the top document is not allowed. In this case you get the new Image (subcontent allowed inside a forbidden document).
Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)
User avatar
therube
Ambassador
Posts: 7924
Joined: Thu Mar 19, 2009 4:17 pm
Location: Maryland USA

Re: Icon Meaning Clarification

Post by therube »

So more simply perhaps ...

For whatever reason, I have whitelisted (Allowed) badsite1.com & badsite2.com & badsite3.com.

Now I go & visit disney.com. I have NOT Allowed disney. Disney is harboring scripts from badsite1 & badsite2 & badsite3.

Since I have NOT allowed disney, I am not affected by any of those badsites.

Is that still correct?

Now once I allow disney, I am had.


And in that vein, it would seem not too smart (even less smart) for anyone to run with the setting, Temporarily allow top-level sites by default, enabled.
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball NoScript FlashGot AdblockPlus
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.21) Gecko/20090403 SeaMonkey/1.1.16
User avatar
Giorgio Maone
Site Admin
Posts: 9454
Joined: Wed Mar 18, 2009 11:22 pm
Location: Palermo - Italy
Contact:

Re: Icon Meaning Clarification

Post by Giorgio Maone »

therube wrote:So more simply perhaps ...

For whatever reason, I have whitelisted (Allowed) badsite1.com & badsite2.com & badsite3.com.

Now I go & visit disney.com. I have NOT Allowed disney. Disney is harboring scripts from badsite1 & badsite2 & badsite3.

Since I have NOT allowed disney, I am not affected by any of those badsites.

Is that still correct?

Now once I allow disney, I am had.

And in that vein, it would seem not too smart (even less smart) for anyone to run with the setting, Temporarily allow top-level sites by default, enabled.
It's all correct, but why "even less smart"?
You've not been smart in first place when you allowed badsite1.com, badsite2.com & badsite3.com. If you didn't, when you allowed disney nothin bad would have happened.
Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)
User avatar
therube
Ambassador
Posts: 7924
Joined: Thu Mar 19, 2009 4:17 pm
Location: Maryland USA

Re: Icon Meaning Clarification

Post by therube »

Thanks.

I'm just thinking that some run with Temporarily allow top-level sites by default enabled, which in itself already lessens security. Now if they already happened (for whatever reason) to have some badsite Allowed (if by accident if nothing else), then they would be that much more less protected (so even less smart).

(Heh. <more less> now what kind of sense does that make :lol:.)
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball NoScript FlashGot AdblockPlus
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.21) Gecko/20090403 SeaMonkey/1.1.16
Tom T.
Field Marshal
Posts: 3620
Joined: Fri Mar 20, 2009 6:58 am

Re: Icon Meaning Clarification

Post by Tom T. »

I'm still wishing for the opposite: I have every site at Yahoo Classic Mail either w/l or untrusted, but the blocked sub-objects for attachments and downloading of attachments still do not show in the solid-blue icon. I know this now, of course, but it has to be confusing some less-knowledgeable users when their attachments won't attach despite the all-blue logo. Yes, they should click the menu and see it, but they might not think to do so, since the logo is solid blue. TIA.
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US at an expert level; rv:1.8.1.20) Gecko/20081217 Firefox/2.0.0.20 diehard
Alan Baxter
Ambassador
Posts: 1586
Joined: Fri Mar 20, 2009 4:47 am
Location: Colorado, USA

Re: Icon Meaning Clarification

Post by Alan Baxter »

It does show the solid blue S if you're using Fx 3, but not in Fx 2. See my reply at http://forums.informaction.com/viewtopi ... 5692#p5692.

Edit: I stated this wrong. I meant to say It does not show the solid blue S if there's a blocked object when you're using Fx 3, but it still does in Fx 2.
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10
Tom T.
Field Marshal
Posts: 3620
Joined: Fri Mar 20, 2009 6:58 am

Re: Icon Meaning Clarification

Post by Tom T. »

Alan Baxter wrote:It does show the solid blue S if you're using Fx 3, but not in Fx 2. See my reply at http://forums.informaction.com/viewtopi ... 5692#p5692.
Saw it and replied there; thanks.
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US at an expert level; rv:1.8.1.20) Gecko/20081217 Firefox/2.0.0.20 diehard
Post Reply