NS10 Surrogates

General discussion about the NoScript extension for Firefox
Post Reply
kukla
Senior Member
Posts: 256
Joined: Mon May 04, 2009 12:08 am

NS10 Surrogates

Post by kukla » Sat Mar 03, 2018 4:23 pm

-Not seeing anything for noscript.surrogate in about:config in NS10 (10.1.6.5), which, if I'm not mistaken, must mean that surrogates have not yet been ported over from NS5. If this is the case, and if it is possible to use surrogates with WE, are there are any plans for this?

-Another thing: just to be sure how surrogates work, at least in NS5, which I still use with the esr, if I allow addthis, for example, does this mean that the addthis surrogate is then being employed, or is not necessary to allow that script, as NS automatically employs the surrogate? In other words, is it necessary for the script to be allowed before its surrogate is enabled, or does allowing it defeat the use of the surrogate?

-Further, I am also using Ghostery, which often flags addthis. Once the addthis surrogate is employed--whichever way that is--do you know if it is also necessary to unblock it in Ghostery? I'm asking this in particular for https://forecast.weather.gov, where in order to change from one forecast location to another, I've found it necessary to allow addthis, among other things, which I'm not particularly happy about, since addthis is noted for employing canvas fingerprinting.

EDIT: upon further testing doesn't appear necessary to allow adthis at weather.gov in order to change forecast location. But would still like to know how these surrogates are supposed to work.

However, does seem necessary to allow WebGL@https://forecast.weather.gov. Please explain what is supposed to make a site which employs WebGL suspect? Think it's also related to canvas fingerprinting. I would assume that for a site such as weather.gov, it isn't necessarily something malevolent.
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:58.0) Gecko/20100101 Firefox/58.0

barbaz
Senior Member
Posts: 9138
Joined: Sat Aug 03, 2013 5:45 pm

Re: NS10 Surrogates

Post by barbaz » Sat Mar 03, 2018 5:59 pm

kukla wrote:-Not seeing anything for noscript.surrogate in about:config in NS10 (10.1.6.5), which, if I'm not mistaken, must mean that surrogates have not yet been ported over from NS5. If this is the case, and if it is possible to use surrogates with WE, are there are any plans for this?
I think surrogates may not be fully technically possible in WebExtensions until at least Firefox 59.
kukla wrote:just to be sure how surrogates work, at least in NS5, which I still use with the esr, if I allow addthis, for example, does this mean that the addthis surrogate is then being employed, or is not necessary to allow that script, as NS automatically employs the surrogate? In other words, is it necessary for the script to be allowed before its surrogate is enabled, or does allowing it defeat the use of the surrogate?
No. If you allow it, the REAL script runs.
kukla wrote:-Further, I am also using Ghostery, which often flags addthis. Once the addthis surrogate is employed--whichever way that is--do you know if it is also necessary to unblock it in Ghostery?
NoScript should run its surrogate whenever the real script is blocked, no matter the reason.
kukla wrote:Please explain what is supposed to make a site which employs WebGL suspect?
Do you want to use some sort of interactive/dynamic graphics content on the site, e.g. a game or a map? If not, it's suspect.
*Always* check the changelogs BEFORE updating that important software!
-

kukla
Senior Member
Posts: 256
Joined: Mon May 04, 2009 12:08 am

Re: NS10 Surrogates

Post by kukla » Sat Mar 03, 2018 7:41 pm

No. If you allow it, the REAL script runs.
Thanks, that's what I always thought was the case.
NoScript should run its surrogate whenever the real script is blocked, no matter the reason.
Good to know. Just to be clear, even if I allow it in Ghostery, if I don't allow it in NS, the surrogate will run anyway, and it doesn't matter if I allow it or not in Ghostery--the surrogate always takes precedence?
Do you want to use some sort of interactive/dynamic graphics content on the site, e.g. a game or a map? If not, it's suspect.
Not something I've ever investigated at weather.gov. Definitely not a game, but I think it must be there for some kind of interactive map. But not sure why it would be needed to change the forecast location, which is simply dealt with by entering a new desired location in the location field.

Image
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:52.0) Gecko/20100101 Firefox/52.0

barbaz
Senior Member
Posts: 9138
Joined: Sat Aug 03, 2013 5:45 pm

Re: NS10 Surrogates

Post by barbaz » Sat Mar 03, 2018 8:45 pm

kukla wrote:Just to be clear, even if I allow it in Ghostery, if I don't allow it in NS, the surrogate will run anyway, and I can ignore allowing it or not in Ghostery?
Correct.
kukla wrote:change the forecast location, which is simply dealt with by entering a new desired location in the location field.
That's not WebGL related. It requires geocode.arcgis.com Allowed in NoScript, and it requires you to wait for the autocomplete dropdown to show up.

Does your NS icon update when that script gets loaded?
*Always* check the changelogs BEFORE updating that important software!
-

kukla
Senior Member
Posts: 256
Joined: Mon May 04, 2009 12:08 am

Re: NS10 Surrogates

Post by kukla » Sun Mar 04, 2018 5:04 am

Hadn't played around with the location field there all that much until the recent onslaught of very bad weather in the northeast. Have finally stripped it down to its essentials. Can get that dropdown and change the location by allowing arcgis.com. Don't need the site font or WebGL, or even qualtrics, either in NS or Ghostery, all of which I mistakenly thought were needed. Getting the arcgis to appear is kind of a chicken-egg thing, as it only shows up after entering a location name and hitting go/enter, so I've whitelisted it permanently. Thanks for pointing me to that.
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:52.0) Gecko/20100101 Firefox/52.0

Post Reply