Localization NS 10

Bug reports and enhancement requests
fatboy
Senior Member
Posts: 82
Joined: Fri Jul 25, 2014 6:56 am
Contact:

Re: Localization NS 10

Post by fatboy »

v 10.2.2rc3, Fx ESR60
I would like to see as warning looks:
"This cross-site request could not be scanned for XSS.
It might be innocuous… "
Maybe there is a page like https://noscript.net/%3Cscript%3E ?

v 10.2.2rc3, TBB 8.0.6
Where should this text be?
"Override Tor Browser's Security Level preset"
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:41.0) Gecko/20100101 SM/2.38 NS/2.9.0.12
User avatar
Giorgio Maone
Site Admin
Posts: 9454
Joined: Wed Mar 18, 2009 11:22 pm
Location: Palermo - Italy
Contact:

Re: Localization NS 10

Post by Giorgio Maone »

fatboy wrote: Thu Mar 14, 2019 10:02 am v 10.2.2rc3, Fx ESR60
I would like to see as warning looks:
"This cross-site request could not be scanned for XSS.
It might be innocuous… "
Maybe there is a page like https://noscript.net/%3Cscript%3E ?
In order to see that you need to (temporarily!) uncheck NopScript Options>Advanced>Scan uploads for potential cross-site attacks and check NopScript Options>Advanced>Ask confirmation for cross-site POST requests which could not be scanned.
Also you need a POST form which as an action attribute pointing to a different domain, and the latter (forums.informaction.com, in this test page) must be set up to run JavaScript (either TRUSTED or by other, even temporary, means), because this is meant as a fallback XSS mitigation.

The rationale behind these (hopefully temporary) work-around options is this issue
fatboy wrote: Thu Mar 14, 2019 10:02 am v 10.2.2rc3, TBB 8.0.6
Where should this text be?
"Override Tor Browser's Security Level preset"
On the same Options tab, but you need an 8.0.7 build.
Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0
fatboy
Senior Member
Posts: 82
Joined: Fri Jul 25, 2014 6:56 am
Contact:

Re: Localization NS 10

Post by fatboy »

Thanks a lot!
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:41.0) Gecko/20100101 SM/2.38 NS/2.9.0.12
fatboy
Senior Member
Posts: 82
Joined: Fri Jul 25, 2014 6:56 am
Contact:

Re: Localization NS 10

Post by fatboy »

NS 11.0.2rc1:
1. + Added "Collapse blocked objects" option in Blocked Objects prompt.
messages.json:
"BlockedObjects": {
"message": "NoScript Blocked\u00A0Objects"
Here is an example of a blocked <MEDIA>. Where can I see this notification?

2. messages.json:
"allowGlobal": {
"message": "Disable all the permissions checks (dangerous)"
Means "access rights to some data"? Where can i see what this looks like?

Fx 60.2.0esr, TBB 8.5.4 (Security "Safer" (the placeholder of the blocked <MEDIA> is visible)).
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:41.0) Gecko/20100101 SM/2.38 NS/2.9.0.12
barbaz
Senior Member
Posts: 10841
Joined: Sat Aug 03, 2013 5:45 pm

Re: Localization NS 10

Post by barbaz »

fatboy wrote: Wed Jul 24, 2019 9:01 am NS 11.0.2rc1:
1. + Added "Collapse blocked objects" option in Blocked Objects prompt.
messages.json:
"BlockedObjects": {
"message": "NoScript Blocked\u00A0Objects"
Here is an example of a blocked <MEDIA>. Where can I see this notification?
visit https://www.w3schools.com/html/html5_video.asp (with w3schools set to Default)
Click the placeholder for the video, you should get a dialog prompting you what to do
I think that string is the title of the dialog, as displayed within the dialog.
*Always* check the changelogs BEFORE updating that important software!
-
fatboy
Senior Member
Posts: 82
Joined: Fri Jul 25, 2014 6:56 am
Contact:

Re: Localization NS 10

Post by fatboy »

Thank you very much! The first question is clear.
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:41.0) Gecko/20100101 SM/2.38 NS/2.9.0.12
fatboy
Senior Member
Posts: 82
Joined: Fri Jul 25, 2014 6:56 am
Contact:

Re: Localization NS 10

Post by fatboy »

@Giorgio
anm spoils the translation again:
Line 22 - NoScript Blocked Object — NoScript заблокировал объектов
http://ipic.su/img/img7/fs/2019-08-20_0 ... 292042.png
He didn't even see what it looked like. He thinks that there should be a number of blocked objects: NoScript Blocked 42 Object.

Besides, he writes with errors:
Line 160 - Дезынфицировать этот запрос.

The second time I ask you to remove it.
-
fatboy
Senior Member
Posts: 82
Joined: Fri Jul 25, 2014 6:56 am
Contact:

Re: Localization NS 10

Post by fatboy »

Now he's translated "ping" into Russian!
Giorgio, do something.
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:41.0) Gecko/20100101 SM/2.38 NS/2.9.0.12
fatboy
Senior Member
Posts: 82
Joined: Fri Jul 25, 2014 6:56 am
Contact:

Re: Localization NS 10

Post by fatboy »

11.0.39rc4
"OptAmnesticUpdates": {
"message": "Always forget temporary permissions across NoScript updates immediately, even if the browsers is not restarted"
},
Maybe "Always forget temporary permissions across NoScript autoupdates…"
(… the above happen exclusively in case of an automatic upgrade of the extension, and not in any other case of extension reload.)
Mozilla/5.0 (Windows NT 6.1; rv:52.0) Gecko/20100101 SM/2.49.5 NS/2.9.0.14
barbaz
Senior Member
Posts: 10841
Joined: Sat Aug 03, 2013 5:45 pm

Re: Localization NS 10

Post by barbaz »

fatboy wrote: Tue Aug 18, 2020 6:04 pm 11.0.39rc4
"OptAmnesticUpdates": {
"message": "Always forget temporary permissions across NoScript updates immediately, even if the browsers is not restarted"
},
Maybe "Always forget temporary permissions across NoScript autoupdates…"
No.
*Always* check the changelogs BEFORE updating that important software!
-
fatboy
Senior Member
Posts: 82
Joined: Fri Jul 25, 2014 6:56 am
Contact:

Re: Localization NS 10

Post by fatboy »

Why not?
"It matters because automatic restartless updates are IMHO the only case justifying such a measure, in order to minimize the disruption caused by a sudden, stealthy and unintended change in the permissions out of user's control (again, see my last point above)."
Mozilla/5.0 (Windows NT 6.1; rv:52.0) Gecko/20100101 SM/2.49.5 NS/2.9.0.14
User avatar
Giorgio Maone
Site Admin
Posts: 9454
Joined: Wed Mar 18, 2009 11:22 pm
Location: Palermo - Italy
Contact:

Re: Localization NS 10

Post by Giorgio Maone »

fatboy wrote: Tue Aug 18, 2020 6:23 pm Why not?
On the other hand, after some more testing, it seems that unfortunately the WebExtensions API does not dicriminate a "drag & drop" update from an automatic one.

Also, I've just accepted and committed another change to that message poposed by Musonius at the (current) end of that thread.
Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:80.0) Gecko/20100101 Firefox/80.0
fatboy
Senior Member
Posts: 82
Joined: Fri Jul 25, 2014 6:56 am
Contact:

Re: Localization NS 10

Post by fatboy »

Good afternoon!
On which pages can I see how "Cross-tab identity leak protection" works?
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:91.0) Gecko/20100101 Fx/91.6.1_ESR NS/11.4.7rc1
User avatar
Giorgio Maone
Site Admin
Posts: 9454
Joined: Wed Mar 18, 2009 11:22 pm
Location: Palermo - Italy
Contact:

Re: Localization NS 10

Post by Giorgio Maone »

Follow these steps:
  1. Open a private browsing window
  2. Open https://chrome.google.com/ and login with any Google account
  3. Open https://noscript.net/getit, be sure that it is JavaScript-enabled and then click the "latest stable for Chrome" link/image
  4. A warning prompt should be shown (for a false positive, in this case)
More strings in NoScript Options>Advanced.

Thank you!
Mozilla/5.0 (X11; Linux x86_64; rv:104.0) Gecko/20100101 Firefox/104.0
fatboy
Senior Member
Posts: 82
Joined: Fri Jul 25, 2014 6:56 am
Contact:

Re: Localization NS 10

Post by fatboy »

Thank you.
"Decisions" are not displayed anywhere and ALL are reset if you click "Forget decisions"?
Maybe name the button "Forget decisions (anonymously/normally)"?
It seems to me that now the expected action is to switch to "Enabled in Private Browsing only" if something else was selected.
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:91.0) Gecko/20100101 Fx/91.6.1_ESR NS/11.4.8rc1
Post Reply