I have been using noscript along side pdf.js [mozilla project - i think their calling it call pdf viewer now] and i constantly need to allow All scripts from a webpage to render pdf, so could future versions allow pdf.js execute while other scripts are disabled.
The extension [pdf.js] is located at https://addons.mozilla.org/en-US/firefo ... serprofile.
thanks.
allowing pdf.js only
allowing pdf.js only
Mozilla/5.0 (Windows NT 6.1; rv:15.0) Gecko/15.0 Firefox/15.0a1
- GµårÐïåñ
- Lieutenant Colonel
- Posts: 3365
- Joined: Fri Mar 20, 2009 5:19 am
- Location: PST - USA
- Contact:
Re: allowing pdf.js only
I found that allowing pdf.js that appears on the NS menu, or more specifically the resource://pdf.js as well as blob: was sufficient to get the thing to work. As for needing to allow the path, once I temporary allowed JUST the domain-path of the PDF file itself, it worked just fine, without having to do anything else. So not sure what issue you are having here.
Keep in mind PDF.js is a script file, so its treated as such. Which means that it is subject to the same restrictions and requirements as any other script that NS handles. I think the failure here is that they are releasing a raw script file as an addon when in fact if they incorporated it properly into an actual chrome architecture, this issue would be for all intents and purposes moot. So its about poor implementation than anything else.
Now Giorgio can hack a special arrangement for this particular item, but the fact is that there is no vouching or knowing for sure that it will always be benign or a trustworthy resource that cannot be exploited like anything else as an attack vector. So to weaken NS by allowing this special circumstance would be something that I think is not really our, specifically the NS developer, Giorgio's, responsibility but rather as a late comer to the party, THEY should make every effort to make it seamless rather than require compromise from everyone else. Just saying.
Keep in mind PDF.js is a script file, so its treated as such. Which means that it is subject to the same restrictions and requirements as any other script that NS handles. I think the failure here is that they are releasing a raw script file as an addon when in fact if they incorporated it properly into an actual chrome architecture, this issue would be for all intents and purposes moot. So its about poor implementation than anything else.
Now Giorgio can hack a special arrangement for this particular item, but the fact is that there is no vouching or knowing for sure that it will always be benign or a trustworthy resource that cannot be exploited like anything else as an attack vector. So to weaken NS by allowing this special circumstance would be something that I think is not really our, specifically the NS developer, Giorgio's, responsibility but rather as a late comer to the party, THEY should make every effort to make it seamless rather than require compromise from everyone else. Just saying.
~.:[ Lï£ê ï§ å Lêmðñ åñÐ Ì Wåñ† M¥ Mðñê¥ ßå¢k ]:.~
________________ .: [ Major Mike's ] :. ________________
________________ .: [ Major Mike's ] :. ________________
Mozilla/5.0 (Windows NT 6.1; rv:12.0) Gecko/20100101 Firefox/12.0
Re: allowing pdf.js only
fair point, thanks
Mozilla/5.0 (Windows NT 6.1; rv:15.0) Gecko/15.0 Firefox/15.0a1
Re: allowing pdf.js only
Mozilla/5.0 (Windows NT 6.2; WOW64; rv:17.0) Gecko/17.0 Firefox/17.0
Re: allowing pdf.js only
Hm, I tried that but didn't succeed with NS 2.5.3rc4 and FF 16 Is there anything else to consider or has something changed in the meantime?GµårÐïåñ wrote:I found that allowing pdf.js that appears on the NS menu, or more specifically the resource://pdf.js as well as blob: was sufficient to get the thing to work.
Ah - I see. Should be https://github.com/mozilla/pdf.js/pull/1943dhouwn wrote:Issue with NoScript now fixed and in of Firefox 17.
Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:16.0) Gecko/20120827 Firefox/16.0
- GµårÐïåñ
- Lieutenant Colonel
- Posts: 3365
- Joined: Fri Mar 20, 2009 5:19 am
- Location: PST - USA
- Contact:
Re: allowing pdf.js only
Not that I am aware of. I just tried before posting this with a random PDF (http://samplepdf.com/sample.pdf) and without even allowing the domain and just the script and blob allowed, it showed up, didn't even have to allow samplepdf.com
~.:[ Lï£ê ï§ å Lêmðñ åñÐ Ì Wåñ† M¥ Mðñê¥ ßå¢k ]:.~
________________ .: [ Major Mike's ] :. ________________
________________ .: [ Major Mike's ] :. ________________
Mozilla/5.0 (Windows NT 6.1; rv:15.0) Gecko/20100101 Firefox/15.0
Re: allowing pdf.js only
Okay, thanks. I just noticed that it works with FF 17 as mentioned by dhouwn.GµårÐïåñ wrote:Not that I am aware of. I just tried before posting this with a random PDF (http://samplepdf.com/sample.pdf) and without even allowing the domain and just the script and blob allowed, it showed up, didn't even have to allow samplepdf.com
Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:17.0) Gecko/17.0 Firefox/17.0
- GµårÐïåñ
- Lieutenant Colonel
- Posts: 3365
- Joined: Fri Mar 20, 2009 5:19 am
- Location: PST - USA
- Contact:
Re: allowing pdf.js only
No problem
~.:[ Lï£ê ï§ å Lêmðñ åñÐ Ì Wåñ† M¥ Mðñê¥ ßå¢k ]:.~
________________ .: [ Major Mike's ] :. ________________
________________ .: [ Major Mike's ] :. ________________
Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/21.0.1180.89 Safari/537.1