Testers Wanted: NoScript UX Overhaul by Simply Secure

Bug reports and enhancement requests
jawz101
Senior Member
Posts: 68
Joined: Sun Jul 10, 2011 11:13 pm

Re: Testers Wanted: NoScript UX Overhaul by Simply Secure

Post by jawz101 » Thu Oct 03, 2019 5:59 pm

While we're at it, it would be nice to be able to block other 3rd party things even if a script what not referenced. I prefer uBlock Origin nowadays because I can block other items even when the domain does not have scripts. And prevent a bit more as well. I don't know if XHR's and websockets fall under 'other' but I like to know I can control them.

Code: Select all

font,third-party
object
other
websocket
xmlhttprequest,third-party
Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0

barbaz
Senior Member
Posts: 9227
Joined: Sat Aug 03, 2013 5:45 pm

Re: Testers Wanted: NoScript UX Overhaul by Simply Secure

Post by barbaz » Thu Oct 03, 2019 9:35 pm

jawz101 wrote:
Thu Oct 03, 2019 5:59 pm
While we're at it, it would be nice to be able to block other 3rd party things even if a script what not referenced. I prefer uBlock Origin nowadays because I can block other items even when the domain does not have scripts. And prevent a bit more as well. I don't know if XHR's and websockets fall under 'other' but I like to know I can control them.
Image I don't understand what you're asking. NoScript popup should show all domains from which active content is loaded, regardless of whether it's a script or XHR or whatever. And you can already go into NoScript Options > Per-site Permissions, and manually enter a domain to be set as Untrusted.
*Always* check the changelogs BEFORE updating that important software!
-

jawz101
Senior Member
Posts: 68
Joined: Sun Jul 10, 2011 11:13 pm

Re: Testers Wanted: NoScript UX Overhaul by Simply Secure

Post by jawz101 » Fri Oct 11, 2019 10:41 pm

barbaz wrote:
Thu Oct 03, 2019 9:35 pm
jawz101 wrote:
Thu Oct 03, 2019 5:59 pm
While we're at it, it would be nice to be able to block other 3rd party things even if a script what not referenced. I prefer uBlock Origin nowadays because I can block other items even when the domain does not have scripts. And prevent a bit more as well. I don't know if XHR's and websockets fall under 'other' but I like to know I can control them.
Image I don't understand what you're asking. NoScript popup should show all domains from which active content is loaded, regardless of whether it's a script or XHR or whatever. And you can already go into NoScript Options > Per-site Permissions, and manually enter a domain to be set as Untrusted.
Go to androidpolice.com in ffox/chrome with Developer Tools open and on the network tab.

search for fonts.googleapis.com or sort by domain and see if any other domains were connected to that were not listed on the NoScript list.

I notice it a lot when I look at the number of domains uBlock lists versus NoScript and uBlock seems to see more and block more pieces. I'm pretty sure NoScript only lists a domain if it includes a script.
Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0

barbaz
Senior Member
Posts: 9227
Joined: Sat Aug 03, 2013 5:45 pm

Re: Testers Wanted: NoScript UX Overhaul by Simply Secure

Post by barbaz » Fri Oct 11, 2019 11:16 pm

jawz101 wrote:
Fri Oct 11, 2019 10:41 pm
Go to androidpolice.com in ffox/chrome with Developer Tools open and on the network tab.

search for fonts.googleapis.com or sort by domain and see if any other domains were connected to that were not listed on the NoScript list.
fonts.googleapis.com does not load any active content. It only loads a stylesheet. So it should not be listed in the NoScript menu, and indeed is not.

What I'm seeing is entirely expected behavior.

Blocking this stuff is outside the scope of NoScript, better to use uBlock Origin or µMatrix for that.
*Always* check the changelogs BEFORE updating that important software!
-

Post Reply