I Give Up - It's Too Complicated

General discussion about the NoScript extension for Firefox
Post Reply
arnier
Posts: 1
Joined: Sat Dec 05, 2015 2:40 pm

I Give Up - It's Too Complicated

Post by arnier » Sat Dec 05, 2015 2:52 pm

I give up on my third try to use noscript. It breaks everything and the interface is just plain horrible. I'm never sure what is blocked on what site. The convention of showing the reverse of the current state is idiotic. When something is blocked, the interface shows the inverse (when XXX is marked as untrusted, the interface shows "Mark XXX as untrusted.") The red circle with slash implies that it isn't blocked but you have to click to block. Everything is telling you that it isn't blocked when it is. Red should be clocked. Period. Instead the color coding is confusing.

I've done interface design work for many corporations for many years and have seldom seen anything worse than noscript.
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko

barbaz
Senior Member
Posts: 9143
Joined: Sat Aug 03, 2013 5:45 pm

Re: I Give Up - It's Too Complicated

Post by barbaz » Sat Dec 05, 2015 2:56 pm

Thank you for sharing your opinion. I am not certain on this but I think NoScript 3.x either has or will have a permssions menu that's more the style you'd like...

Just a suggestion, if you don't like it maybe you can try Scripts Globally Allowed mode so that you don't have to deal with the part of the interface you dislike?
*Always* check the changelogs BEFORE updating that important software!
-

User avatar
Thrawn
Senior Member
Posts: 3106
Joined: Mon Jan 16, 2012 3:46 am
Location: Australia
Contact:

Re: I Give Up - It's Too Complicated

Post by Thrawn » Sun Dec 06, 2015 10:06 pm

So...you want the icon to represent an action, and the menu items to represent statuses, rather than the other way around?
======
Thrawn
------------
Religion is not the opium of the masses. Daily life is the opium of the masses.

True religion, which dares to acknowledge death and challenge the way we live, is an attempt to wake up.
Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:42.0) Gecko/20100101 Firefox/42.0

Odin99
Junior Member
Posts: 29
Joined: Fri Jun 26, 2015 1:22 am

Re: I Give Up - It's Too Complicated

Post by Odin99 » Fri Dec 02, 2016 10:41 pm

Barbaz, why do you suggest Globally Allow as opposed to just disabling NoScript?
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0

barbaz
Senior Member
Posts: 9143
Joined: Sat Aug 03, 2013 5:45 pm

Re: I Give Up - It's Too Complicated

Post by barbaz » Fri Dec 02, 2016 10:50 pm

Odin99 wrote:Barbaz, why do you suggest Globally Allow as opposed to just disabling NoScript?

viewtopic.php?p=84377#p84377
*Always* check the changelogs BEFORE updating that important software!
-

barbaz
Senior Member
Posts: 9143
Joined: Sat Aug 03, 2013 5:45 pm

Re: I Give Up - It's Too Complicated

Post by barbaz » Tue Nov 21, 2017 3:17 pm

arnier wrote:Everything is telling you that it isn't blocked when it is. Red should be clocked. Period. Instead the color coding is confusing.
Just wanted to bring this point back up in light of comments about NoScript 10 new interface. People are seeing the green lock and red unlock and interpreting those as permissions, not as HTTPS vs HTTP.

I too would suggest coloring sites red if completely blocked and green if something is Allowed. IMO the colors don't help to clarify the locks, the locks could probably just stay one color for both states.
*Always* check the changelogs BEFORE updating that important software!
-

Look_Up
Posts: 2
Joined: Mon Aug 02, 2010 9:02 pm

Re: I Give Up - It's Too Complicated

Post by Look_Up » Tue Nov 21, 2017 5:31 pm

I want open a new thread but this one telling evertink what i want to say.

It's not clear for me if the website has an allow status, temporary allow or blocked. I say allowded by padlock stay red. The website is blocked but the padlock is green ? What the **** ? Can somebody give me an tutourial ?! :cry: :?: I searched on youtube but can't find any tut.

What happens when i click on the padlock an change it from red to green ? Is scripting allowed or what say the padlock ?

Can i temporary allow all scripts ? Can i export or import my noscript settings ?

I turn NoScript off because i can't find out how it works.
Last edited by barbaz on Tue Nov 21, 2017 6:03 pm, edited 1 time in total.
Reason: Language
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:57.0) Gecko/20100101 Firefox/57.0

barbaz
Senior Member
Posts: 9143
Joined: Sat Aug 03, 2013 5:45 pm

Re: I Give Up - It's Too Complicated

Post by barbaz » Tue Nov 21, 2017 6:06 pm

Look_Up wrote:Can somebody give me an tutourial ?! :cry: :?: I searched on youtube but can't find any tut.
There isn't one yet.
Look_Up wrote:What happens when i click on the padlock an change it from red to green ?
You're setting the permission to apply over HTTPS only instead of plain HTTP.
Look_Up wrote:Can i temporary allow all scripts ? Can i export or import my noscript settings ?
In both cases, not yet.
*Always* check the changelogs BEFORE updating that important software!
-

Mistame
Junior Member
Posts: 28
Joined: Tue Nov 21, 2017 5:47 pm

Re: I Give Up - It's Too Complicated

Post by Mistame » Tue Nov 21, 2017 6:30 pm

The icons to the left of a domain determine its permissions. From left to right you have:

- Default - This is the default state, scripts for that domain are blocked.
- Trusted - Scripts for that domain are allowed. Note that when this active, you can control whether or not the permissions are permanent or temporary by clicking the clock on the right side of Trusted. A faded clock means they're permanent. A larger, brighter clock means they'll be reset to Default after a browser restart.
- Untrusted - The opposite of Trusted. Scripts for the domain are explicitly blocked, permanently.
- Custom - Similar to Trusted, though you specify exactly what types of objects are allowed.
- Match HTTPS Only - This seems to be what's confusing people. I think this is how it works: The color of the lock determines whether or not the permissions only apply to to the domain when accessed via HTTPS (Secure). If the lock is green, the permissions only apply if the domain is accessed through HTTPS. If the lock is red, it matches the domain regardless of HTTP or HTTPS with the caveat that it's limited to that exact domain. In other words, if lock is red, the permissions apply to site.net, but not sub.site.net. Additionally, what the lock defaults to is determined by whether or not the domain is accessed through HTTPS or not. For example, google.com is accessible through HTTPS thus its lock defaults to green (there's no reason to access the site via HTTP) and any second-level subdomains are included (IE, *.google.com).

That said, The interface certainly could use some clarification. Additionally, the XSS pop-ups on some sites are pretty annoying. Especially when there's no "permanent" sanitize option (Eg, viewing an actor on IMDb.com yields some [...] XSS warning that simply will not go away). Some suggestions to minimize confusion:

- Separate "permanent" and "temporary" for "Trusted". A plain S and an S with a clock, respectively. It's too quirky and confusing trying to set permanent or temporary permissions in the current state.
- The XSS pop-up needs a "Permanently Block" or "Don't show this message again for this script" option.
Last edited by Mistame on Tue Nov 21, 2017 7:53 pm, edited 1 time in total.
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:57.0) Gecko/20100101 Firefox/57.0

eNon
Posts: 1
Joined: Tue Nov 21, 2017 6:47 pm

Re: I Give Up - It's Too Complicated

Post by eNon » Tue Nov 21, 2017 6:49 pm

Mistame wrote:The icons to the left of a domain determine its permissions. From left to right you have:

- Default - This is the default state, scripts for that domain are blocked.
- Trusted - Scripts for that domain are allowed. Note that when this active, you can control whether or not the permissions are permanent or temporary by clicking the clock on the right side of Trusted. A faded clock means they're permanent. A larger, brighter clock means they'll be reset to Default after a browser restart.
- Untrusted - The opposite of Trusted. Scripts for the domain are explicitly blocked, permanently.
- Custom - Similar to Trusted, though you specify exactly what types of objects are allowed.
- Match HTTPS Only - This seems to be what's confusing people. I think this is how it works: The color of the lock determines whether or not the permissions only apply to to the domain when accessed via HTTP (Secure). If the lock is green, the permissions only apply if the domain is accessed through HTTPS. If the lock is red, it matches the domain regardless of HTTP or HTTPS with the caveat that it's limited to that exact domain. In other words, if lock is red, the permissions apply to site.net, but not sub.site.net. Additionally, what the lock defaults to is determined by whether or not the domain is accessed through HTTPS or not. For example, google.com is accessible through HTTPS thus its lock defaults to green (there's no reason to access the site via HTTP) and any second-level subdomains are included (IE, *.google.com).
FANTASTIC. Why isn't there a key like this when I go into the NoScript options? It would be SO easy to put something in there, yet we're just expected to look at a completely new interface and just figure it out by trial & error or something. I created an account on here just so I could point this out and say thanks to this poster.
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:57.0) Gecko/20100101 Firefox/57.0

Look_Up
Posts: 2
Joined: Mon Aug 02, 2010 9:02 pm

Re: I Give Up - It's Too Complicated

Post by Look_Up » Tue Nov 21, 2017 7:54 pm

Yes an BIG Thank you to Mistame . Very good explained !!! :idea:

Sorry barbaz for the f-word. Did not know that it is so bad.

That UI needs definitely an update !

Look_Up
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:57.0) Gecko/20100101 Firefox/57.0

Mistame
Junior Member
Posts: 28
Joined: Tue Nov 21, 2017 5:47 pm

Re: I Give Up - It's Too Complicated

Post by Mistame » Tue Nov 21, 2017 7:55 pm

eNon wrote:FANTASTIC. Why isn't there a key like this when I go into the NoScript options? It would be SO easy to put something in there, yet we're just expected to look at a completely new interface and just figure it out by trial & error or something. I created an account on here just so I could point this out and say thanks to this poster.
In the author's defense, he did *just* release it. He's been working his tail off to get it updated to WebExt as soon as possible. Help, etc, are fluff that usually comes after a stable, working release. :)

Edit - More suggestions:

From Above:

- Separate "permanent" and "temporary" for "Trusted". A plain S and an S with a clock, respectively. It's too quirky and confusing trying to set permanent or temporary permissions in the current state.
- The XSS pop-up needs a "Permanently Block" or "Don't show this message again for this script" option.

Also:

- For a "Help" option, I suggest a header over the table of exceptions with an icon that when clicked/moused-over, displays a more detailed pop-up/tool tip.
- Color the domain itself based on the current permissions, not the HTTPS (lock) status.
- Add a button to move exceptions to an "Archive" category. Occasionally, one might want to review/revisit exceptions. When they're all listed in one giant table, it can get tedious sifting through them. This way, if you're absolutely sure about an exception, you can archive it and don't have to see it on the main options page (obviously provide a way to view Archived exceptions separately). Instead, you see only those you haven't archived making perusing them easier.
- In the drop-down menu, add expandable categories, with only those in the "Default" state expanded. IE: Default, Custom, Trusted, Untrusted, etc. IGN.com, for example, has about 30 entries in the list. :/
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:57.0) Gecko/20100101 Firefox/57.0

Post Reply