Feature Request: Plays nice with Containers!

Bug reports and enhancement requests
Post Reply
SoItBegins
Posts: 6
Joined: Mon Mar 21, 2016 6:36 am

Feature Request: Plays nice with Containers!

Post by SoItBegins »

Firefox recently introduced a feature called Containers, which is still in development. In it, users can open a tab in a 'container' that provides a context different from the regular browsing environment. (See https://wiki.mozilla.org/Security/Conte ... Containers for more information.)

Most importantly, cookies, localStorage, etc., that are in a container are kept separate from other containers and the main browser context. The effect is to create a 'bubble' where a site has no knowledge of what goes on in the rest of the user's browsing session.

Would it be possible to update NoScript so that preferences are normally the same in a container as elsewhere, but can be customized? So, for example, Facebook is not allowed to run Javascript most of the time, except in the Facebook container.
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:52.0) Gecko/20100101 Firefox/52.0
barbaz
Senior Member
Posts: 10863
Joined: Sat Aug 03, 2013 5:45 pm

Re: Feature Request: Plays nice with Containers!

Post by barbaz »

This only makes sense for A) script permissions, B) the "Forbid WebGL" setting under NoScript Options > Embeddings, and C) the XSS filter.

The benefits of (A) are obvious.

(B) is useful if you're playing online HTML5 games in one container and doing other stuff in another. As someone who currently uses something similar to "containers", I find myself un-checking that option when I'm playing HTML5 games, but leaving it checked elsewhere. Don't need hardware-accelerated stuff running on every JS-enabled website under the sun.

(C)... well, some sites are stupidly designed and trip the XSS filter with their normal activity. So if you disable the XSS filter in just the one container, and visit ONLY that one site in that container, that's a lot safer than the status quo isn't it?
*Always* check the changelogs BEFORE updating that important software!
-
User avatar
Thrawn
Master Bug Buster
Posts: 3106
Joined: Mon Jan 16, 2012 3:46 am
Location: Australia
Contact:

Re: Feature Request: Plays nice with Containers!

Post by Thrawn »

I hadn't heard of the Containers initiative, but having read through that page, I like it. It's basically "do your banking in a separate profile" without the hassle of actually managing multiple, simultaneous, profiles.

For NoScript's primary use case - stopping malicious sites from exploiting vulnerabilities via JavaScript and other active content - it's less important, but for all the cross-site protections (XSS, CSRF, Clickjacking), this seems like the ultimate defence.
======
Thrawn
------------
Religion is not the opium of the masses. Daily life is the opium of the masses.

True religion, which dares to acknowledge death and challenge the way we live, is an attempt to wake up.
Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0
User avatar
adamhotep
Posts: 4
Joined: Sat Dec 03, 2016 2:07 am
Location: The Internet
Contact:

Re: Feature Request: Plays nice with Containers!

Post by adamhotep »

I think it's time to reconsider Containers support.

Nowadays, Firefox Containers are built-in (though iirc there is extra functionality if you still install the Firefox Multi-Account Containers add-on).

As noted in prior posts to this topic, this is not as much a security request as it is a privacy and trust request. I don't trust Google but I have to use it for work, so I want to allow its services solely within the container I've set up for that. I also want to limit Facebook's scripts to the Facebook Container (which is a separate add-on because it forces external links to external containers, but I expect it to be identical to standard containers from NoScript's perspective).

See also Security/Contextual Identity Project/Containers on the Mozilla Wiki. Feel free to reference Cookie AutoDelete (MIT/X11 License, compatible with GPL), which supports Containers (including Facebook Containers).
Mozilla/5.0 (X11; Linux x86_64; rv:73.0) Gecko/20100101 Firefox/73.0
cpx
Posts: 1
Joined: Sun Mar 15, 2020 3:00 pm

Re: Feature Request: Plays nice with Containers!

Post by cpx »

First I want to thank to all developer for bringing this great software. It help me quite a lot to avoid unnecessary tracking and javascript.

I also would like to voice to +1 this idea.

This is my use-case. I just don't trust google this day. But i still depend on their product. namely google.
I want to mainly enable google in my personal tab. So I can open google related product there but disable it on everywhere else.

I guess that's this is probably huge changes in the codebase to support this. But would be grate to have this a feature.

Cheers !
Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:74.0) Gecko/20100101 Firefox/74.0
Mad_Man_Moon
Senior Member
Posts: 77
Joined: Fri Oct 27, 2017 12:02 pm

Re: Feature Request: Plays nice with Containers!

Post by Mad_Man_Moon »

+1 :)
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:77.0) Gecko/20100101 Firefox/77.0
barbaz
Senior Member
Posts: 10863
Joined: Sat Aug 03, 2013 5:45 pm

Re: Feature Request: Plays nice with Containers!

Post by barbaz »

aaronkollasch wrote: Thu Aug 11, 2022 11:34 pm I've been developing and using a PR for NoScript with separate policies for each container without requesting the "management" permission.
*Always* check the changelogs BEFORE updating that important software!
-
User avatar
ZeroUnderscoreOu
Posts: 13
Joined: Sat Aug 26, 2017 1:19 am
Contact:

Request to support Firefox Containers

Post by ZeroUnderscoreOu »

I know there is already a topic on this, but I cannot post anything there because of antispam protection.

I'd like to be able to set container-specific page permissions. For example, set Google as trusted in a Google-dedicated container but untrusted by default.
0_o
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:126.0) Gecko/20100101 Firefox/126.0
barbaz
Senior Member
Posts: 10863
Joined: Sat Aug 03, 2013 5:45 pm

Re: Request to support Firefox Containers

Post by barbaz »

ZeroUnderscoreOu wrote: Wed May 22, 2024 4:43 pm I know there is already a topic on this, but I cannot post anything there because of antispam protection.
It's trying to tell you that isn't the correct thread to post in :P You are asking for Firefox Containers support, while the thread you linked is requesting support for the Firefox Multi-Account Containers extension.

Merged your post to the correct thread. If the spam filter gives you trouble, note that you can private message what you want to post to an active Support Team member and we will try to post it for you. PMs to forum staff are not spam-filtered, and the spam filter is more lenient on us.
*Always* check the changelogs BEFORE updating that important software!
Mozilla/5.0 (X11; Linux x86_64; rv:126.0) Gecko/20100101 Firefox/126.0
User avatar
therube
Ambassador
Posts: 7940
Joined: Thu Mar 19, 2009 4:17 pm
Location: Maryland USA

Re: Feature Request: Plays nice with Containers!

Post by therube »

Depending on what google service you're using, you might be able to do something like,
Allow mail.google.com (for gmail), but leave google.com itself set at default, so not allowed - in my case.
(I also Allow gstatic.com, which I suppose is needed ? but don't really know.)


So gmail always works, & all other google services are blocked unless I specifically allow them (on an as needed basis).


(gmail is utter drek since they disallowed the "Classic" layout.)
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball NoScript FlashGot AdblockPlus
Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0 SeaMonkey/2.53.19
Post Reply