some CAPS questions

al_9x · Post by **al_9x** » Sun Jun 19, 2011 4:42 am

You mentioned that CAPS is scheduled for removal, could you point to some Mozilla info about that, Bugzilla, wiki, whatever exists?
How much of it will be left for the sake of NS?
Is there going to be any replacement functionality?
Is it currently possible to add additional policies with NS installed? What's the trick, it doesn't seem to work?
If not possible, I am curious as to why, since CAPS supports multiple policies.

Post by **Giorgio Maone** » Sun Jun 19, 2011 7:31 am

al_9x wrote: You mentioned that CAPS is scheduled for removal, could you point to some Mozilla info about that, Bugzilla, wiki, whatever exists?

References are very sparse, but CAPS for property access control is already dead, even though its corpse may still contract sometimes, see https://bugzilla.mozilla.org/show_bug.cgi?id=453928#c0 for instance

al_9x wrote: How much of it will be left for the sake of NS?

Domain-wide script execution control. Notice that NoScript 3 currently does not use CAPS at all, though.

al_9x wrote:Is there going to be any replacement functionality?

Nothing of declarative and user-facing, I'm afraid. A combination of page-level surrogates (or pagemods, or whatever can run user scripts before anything else) and Proxies, maybe.

al_9x wrote:Is it currently possible to add additional policies with NS installed? What's the trick, it doesn't seem to work?
[*] If not possible, I am curious as to why, since CAPS supports multiple policies.

It's a CAPS design flaw: even though CAPS does support multiple policies, if the same site is listed in two different policies the results are unpredictable. Therefore, you can use multiple policies as long as their site lists have no intersection (making NoScript generally incompatible with any other site-level policy).

Post by **Thrawn** » Fri Jun 01, 2012 8:04 am

Giorgio Maone wrote:
al_9x wrote:[*] If not possible, I am curious as to why, since CAPS supports multiple policies.
It's a CAPS design flaw: even though CAPS does support multiple policies, if the same site is listed in two different policies the results are unpredictable. Therefore, you can use multiple policies as long as their site lists have no intersection (making NoScript generally incompatible with any other site-level policy).

Does that mean that to apply a different CAPS policy to a site, you would need to leave it untouched (default-denied) in NoScript?

And is it possible for users to tweak the 'trusted'/'untrusted' policies by adding entries to prefs.js?

Post by **Giorgio Maone** » Fri Jun 01, 2012 8:21 am

Thrawn wrote: Does that mean that to apply a different CAPS policy to a site, you would need to leave it untouched (default-denied) in NoScript?

Exactly, otherwise it would be automatically added to NoScript's "maonoscript" policy.
Also, in order to override the default policy, your custom policy must include a

Code: Select all

user_pref("capability.policy.mycustompolicy.javascript.enabled", "allAccess");

clause, in addition to the others.

Thrawn wrote: And is it possible for users to tweak the 'trusted'/'untrusted' policies by adding entries to prefs.js?

Yes, but it requires extreme care for the reasons explained above.

InformAction Forums

some CAPS questions

some CAPS questions

Re: some CAPS questions

Re: some CAPS questions

Re: some CAPS questions