[RESOLVED] about:config

Ask for help about NoScript, no registration needed to post
User avatar
computerfreaker
Senior Member
Posts: 220
Joined: Wed Sep 16, 2009 10:03 pm
Location: USA

[RESOLVED] about:config

Post by computerfreaker »

Just went into about:config for a routine FF modification, and found over a dozen NoScript prefs there... a couple of notable ones:
noscript.AllowClipboard
noscript.AllowLocalLinks
noscript.clearClick.Exceptions (check out the value of this one, it made me wonder a little)
noscript.forbidBookmarklets
noscript.forbidChromeScripts
noscript.untrusted

A couple of questions for Giorgio or anyone else who knows the answer...
* Why does noscript.clearClick.Exceptions have noscript.net, flashgot.net and ebay.com allowed?? I can partially understand noscript.net and flashgot.net, but ebay???
* Why don't some of these have UI? For example, noscript.clearClick.Exceptions and noscript.untrusted
* How can I add/remove items in noscript.clearClick.Exceptions?
* How can I add/remove items in noscript.untrusted?
* Will setting noscript.AllowClipboard to false keep pages from copying to/pasting from the clipboard?
* Will setting noscript.AllowLocalLinks to false keep JavaScript from running in local web pages?

Thanks in advance!
Last edited by Tom T. on Sat Oct 24, 2009 11:27 pm, edited 1 time in total.
Reason: resolved
With great power comes great responsibility.
Learn something new every day, and the rest will take care of itself.
Life is a journey, not a destination. Enjoy the trip!
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.13) Gecko/2009073022 Firefox/3.0.13
User avatar
Giorgio Maone
Site Admin
Posts: 9454
Joined: Wed Mar 18, 2009 11:22 pm
Location: Palermo - Italy
Contact:

Re: about:config

Post by Giorgio Maone »

computerfreaker wrote:* Why does noscript.clearClick.Exceptions have noscript.net, flashgot.net and ebay.com allowed?? I can partially understand noscript.net and flashgot.net, but ebay???
http://forums.mozillazine.org/viewtopic ... &p=6033035
computerfreaker wrote:Why don't some of these have UI? For example, noscript.clearClick.Exceptions and noscript.untrusted
Because not all features are created equal and there's no time to add UI to every preferences, especially those which are unlikely to be used routinely.
However both these two are going to have an UI, eventually.
computerfreaker wrote: How can I add/remove items in noscript.clearClick.Exceptions?
Just double click the preference and edit it.
computerfreaker wrote: How can I add/remove items in noscript.untrusted?
http://noscript.net/features#blacklist
computerfreaker wrote: Will setting noscript.AllowClipboard to false keep pages from copying to/pasting from the clipboard?
No, it keeps scripts from doing that. It's needed mainly by WYSYWYG editors to enable the "Copy", "Cut" and "Paste" buttons.
computerfreaker wrote: Will setting noscript.AllowLocalLinks to false keep JavaScript from running in local web pages?
Local web pages are not allowed to run Javascript by default. You need to "Allow file://", in order to enable Javascript there.
This preference is used to allow some sites (mainly MMO games) to link local files, especially images, for performance reasons.

On a side note, both noscript.allowClipboard and noscript.allowLocalLinks do have their UI, under NoScript Options|Advanced|Trusted.
Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.9.1.3) Gecko/20090824 Firefox/3.5.3 (.NET CLR 3.5.30729)
User avatar
GµårÐïåñ
Lieutenant Colonel
Posts: 3365
Joined: Fri Mar 20, 2009 5:19 am
Location: PST - USA
Contact:

Re: about:config

Post by GµårÐïåñ »

I just saw this and you already answered it, but wanted to say that the first link was a reply to me on the old forum, I can't believe you remembered it. :P
~.:[ Lï£ê ï§ å Lêmðñ åñÐ Ì Wåñ† M¥ Mðñê¥ ßå¢k ]:.~
________________ .: [ Major Mike's ] :. ________________
Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.3) Gecko/20090824 Firefox/3.5.3
User avatar
computerfreaker
Senior Member
Posts: 220
Joined: Wed Sep 16, 2009 10:03 pm
Location: USA

Re: about:config

Post by computerfreaker »

Giorgio Maone wrote: computerfreaker wrote:* Why does noscript.clearClick.Exceptions have noscript.net, flashgot.net and ebay.com allowed?? I can partially understand noscript.net and flashgot.net, but ebay???


http://forums.mozillazine.org/viewtopic ... &p=6033035
ah, thank you! Forgive me if I'm wrong, but this looks like the relevant part of the discussion...
On the MozillaZine forums, Giorgio Maone wrote:@859:
ClearClick exceptions are sites which are allowed to perform UI redressing (i.e. to embed frames to 3rd party sites with portions of them hidden).
This option has no UI because you generally should not add anything there, unless a surely non-hostile top-level sites is proven to have a valid reason to UI-redress.

1. noscript.net and flashgot.net do use UI-redressing as an user convenience for their "Add to Firefox" buttons, which comes actually from addons.mozilla.org.
2. ebay.com has been added because the one click bid feature apparently conflicted with ClearClick and there's been no way to reproduce this issue, even though a very kind NanM temporarily donated her account (with money) to investigate.
I see... but since I don't use eBay, how do I delete the eBay exception? (I know how to edit an about:config option, and do it on a regular basis for FF customization, but as a programmer I know that editing a delimited file, and screwing up the delimiting (i.e. a tab ends the option setting, but a user accidentally deletes the tab), can have disastrous results to the program)
Giorgio Maone wrote: computerfreaker wrote:Why don't some of these have UI? For example, noscript.clearClick.Exceptions and noscript.untrusted


Because not all features are created equal and there's no time to add UI to every preferences, especially those which are unlikely to be used routinely.
However both these two are going to have an UI, eventually.
OK, I see... thanks for the explanation.
Giorgio Maone wrote: computerfreaker wrote:How can I add/remove items in noscript.clearClick.Exceptions?


Just double click the preference and edit it.
Not quite what I meant... :oops:
please see my comment above, I know how to edit about:config tweaks but not the specific structure of the setting.
Giorgio Maone wrote: computerfreaker wrote:Will setting noscript.AllowClipboard to false keep pages from copying to/pasting from the clipboard?


No, it keeps scripts from doing that. It's needed mainly by WYSYWYG editors to enable the "Copy", "Cut" and "Paste" buttons.
Oh, ok... well, I rarely need something like that (drag-and-drop is my specialty with text moving), but I reckon I'll leave it enabled... just in case...
Giorgio Maone wrote: computerfreaker wrote:Will setting noscript.AllowLocalLinks to false keep JavaScript from running in local web pages?


Local web pages are not allowed to run Javascript by default. You need to "Allow file://", in order to enable Javascript there.
This preference is used to allow some sites (mainly MMO games) to link local files, especially images, for performance reasons.

On a side note, both noscript.allowClipboard and noscript.allowLocalLinks do have their UI, under NoScript Options|Advanced|Trusted.
Thanks for the explanations! I understand now... :)

btw, one more question... under NoScript Options|Advanced|Untrusted, what the heck are "Web bugs"? (Option name: "Forbid web bugs")
EDIT: nvm, found it. http://en.wikipedia.org/wiki/Web_bug
Weird coincidence, I have a former friend, on a well-known forum, who tracked IP addresses with an image (btw, for those interested, I dumped him as soon as I found out about his IP logging)... I was recently trying to get some "hard evidence" on his activity so he could be banned, but apparently that's going to be almost impossible/actually impossible to do...
With great power comes great responsibility.
Learn something new every day, and the rest will take care of itself.
Life is a journey, not a destination. Enjoy the trip!
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.13) Gecko/2009073022 Firefox/3.0.13
Tom T.
Field Marshal
Posts: 3620
Joined: Fri Mar 20, 2009 6:58 am

Re: about:config

Post by Tom T. »

computerfreaker wrote:
Giorgio Maone wrote: computerfreaker wrote:How can I add/remove items in noscript.clearClick.Exceptions?

Just double click the preference and edit it.
Not quite what I meant... :oops:
please see my comment above, I know how to edit about:config tweaks but not the specific structure of the setting.
Leave a single blank space between each domain. No commas nor anything else. No end-of-string character is necessary. You can add/remove as many as you like in this manner.
computerfreaker wrote:Weird coincidence, I have a former friend, on a well-known forum, who tracked IP addresses with an image (btw, for those interested, I dumped him as soon as I found out about his IP logging)... I was recently trying to get some "hard evidence" on his activity so he could be banned, but apparently that's going to be almost impossible/actually impossible to do...
If the site is interested, their logs should provide such evidence, shouldn't they? -- once you call it to their attention. The more details, the better (date range this occurred, the name or description of the image if you know it....)

Kudos for dumping a "friend" with such poor ethics.
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.20) Gecko/20081217 Firefox/2.0.0.20
User avatar
computerfreaker
Senior Member
Posts: 220
Joined: Wed Sep 16, 2009 10:03 pm
Location: USA

Re: about:config

Post by computerfreaker »

Tom T. wrote:
computerfreaker wrote:
Giorgio Maone wrote: computerfreaker wrote:How can I add/remove items in noscript.clearClick.Exceptions?

Just double click the preference and edit it.
Not quite what I meant... :oops:
please see my comment above, I know how to edit about:config tweaks but not the specific structure of the setting.
Leave a single blank space between each domain. No commas nor anything else. No end-of-string character is necessary. You can add/remove as many as you like in this manner.
Thanks, that's what I wanted to know! :)
Tom T. wrote:
computerfreaker wrote:Weird coincidence, I have a former friend, on a well-known forum, who tracked IP addresses with an image (btw, for those interested, I dumped him as soon as I found out about his IP logging)... I was recently trying to get some "hard evidence" on his activity so he could be banned, but apparently that's going to be almost impossible/actually impossible to do...
If the site is interested, their logs should provide such evidence, shouldn't they? -- once you call it to their attention. The more details, the better (date range this occurred, the name or description of the image if you know it....)
Well, the timeline here is kinda screwed up... (probably deliberate on the part of my "friend")
First, he created an account with an IP Viewer in his sig - people could see their IP's, together with a "text art" icon.
I thought this was really cool, and asked him for the source code (got the source from him, too - he did admit to modifying the code a bit, though)
A little later, he created a new account (yes, I have proof of this - could be viewed as circumstantial evidence, but I seriously doubt it) without an IP Viewer - instead, he had an image linked to his website.
A few months after that, I was talking to another of my friends; we were setting up a new phpBB3 forum, and I suggested bringing in my "friend", who was good with that kind of stuff. My other friend told me about a conversation he had with my cracker "friend" - the "friend" had been chewed out (for having the IP Viewer) by the site admin on numerous occasions. My cracker "friend" was laughing that he didn't just show people their IP's, he logged them as well; he was also laughing that, with his new account, he could still log people's IP's (through the image) without the site admin finding out. At that point, I dumped my former friend - haven't spoken to him since, and danged if I do again.
I doubt the site admins could get him though, it looks like he's logging IP addresses as others' browsers fetch the image from his server (IIUC, browsers send the user's IP address to a server when they fetch an image from that server) - because he's got his own server, I don't think anyone could look at the source for that image-fetcher without breaking the law... and I doubt the site logs would help any, since they'd probably just show browsers fetching the image from my "friend"'s site... what a headache. :x :evil:
Tom T. wrote:Kudos for dumping a "friend" with such poor ethics.
Thanks!
IMHO, the only thing to learn from this guy is what not to do...
With great power comes great responsibility.
Learn something new every day, and the rest will take care of itself.
Life is a journey, not a destination. Enjoy the trip!
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.13) Gecko/2009073022 Firefox/3.0.13
Tom T.
Field Marshal
Posts: 3620
Joined: Fri Mar 20, 2009 6:58 am

Re: [RESOLVED] about:config

Post by Tom T. »

(At this point, the thread continued as a discussion of various security topics beyond the OP. Split from here on and moved to forum Security, here. Since the original questions were answered, marked topic as Resolved.)
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.20) Gecko/20081217 Firefox/2.0.0.20
Post Reply