[BUG] Temporarily allow top-level sites and untrusted

Post by **Alan Baxter** » Sat Nov 14, 2009 8:48 am

Cannot merely remove another site from the whitelist if Temporarily allow top-level sites is checked. The site is marked untrusted too.

Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5
NoScript 1.9.9.14, no other extensions, default theme.

Steps to reproduce:
1) Change the default settings as follows:

Temporarily allow top-level sites
Full addresses only
(under Contextual menu, which is not selected)
Base 2nd level Domains
Full Domains
Full Addresses

2) Load http://social.msdn.microsoft.com/Forums/
3) Click Allow social.microsoft.com
4) Click Forbid social.microsoft.com

Expected result: social.microsoft.com is removed from the whitelist and not marked untrusted.
Actual result: social.microsoft.com is marked untrusted
The expected behavior happens if I uncheck Temporarily allow top-level sites and temporarily allow social.msdn.microsoft.com manually.

Post by **therube** » Sat Nov 14, 2009 3:04 pm

Maybe it is intended behavior, similar to this:

when you use "Allow scripts globally", whatever you forbid from then on is automatically marked as untrusted and prevented from running.
In other words, you go in "Blacklist Mode". It's like YesScript, but with much more protection features (anti-XSS, anti-Clickjacking, ABE and so on)

http://forums.informaction.com/viewtopi ... 058#p13058

tuggyne · Post by **tuggyne** » Sat Nov 14, 2009 8:20 pm

I've seen this behavior too, but like therube I'm not sure if it's intended or not. I don't particularly like it, but it does seem like a potentially useful default.

Post by **GµårÐïåñ** » Sat Nov 14, 2009 11:32 pm

I believe that it is intended because by having the top level temporary allowed, when you forbid it, it assumes you want it untrusted not just laying out and about. I am sure if its a bug that Giorgio will weigh in but I wouldn't worry about that, I think we discussed it a while back and it was said to be intentional. If I can find the link I will post it.

Post by **Alan Baxter** » Sat Nov 14, 2009 11:51 pm

Thanks for the input, everyone. Unlike Globally Allowed mode, the only reason the site was Allowed is because it was explicitly whitelisted. I still don't see any reason for thinking it's intended behavior. I'm not worried about it in the slightest, but unintended behavior is often related to subtle bugs in other areas too. That's why it's important to bring it to Giorgio's attention.

Post by **Giorgio Maone** » Tue Nov 17, 2009 4:51 pm

It's intended (for the reasons GµårÐïåñ guessed).
Debatable, but not a bug.

Post by **Alan Baxter** » Tue Nov 17, 2009 5:28 pm

Giorgio Maone wrote:Debatable, but not a bug.

And easily worked around, thanks to the NoScript sticky menu.

InformAction Forums

[BUG] Temporarily allow top-level sites and untrusted

[BUG] Temporarily allow top-level sites and untrusted

Re: Bug: Temporarily allow top-level sites and untrusted problem

Re: [BUG] Temporarily allow top-level sites and untrusted

Re: [BUG] Temporarily allow top-level sites and untrusted

Re: [BUG] Temporarily allow top-level sites and untrusted

Re: [BUG] Temporarily allow top-level sites and untrusted

Re: [BUG] Temporarily allow top-level sites and untrusted