Flashing icon feature request

[Fen]

Hello - I was wondering if I could request a feature.

I do a lot of online purchasing, and I semi-frequently run across a problem where the site needs to do something to process the transaction (redirect for verification etc.) and NoScript prevents certain elements from running, causing the transaction to fail. I generally get around this by enabling scripts globally before I finalise the purchase.

Unfortunately I'm horribly forgetful. No matter how many times I keep reminding myself to disable the global function after I'm done, I keep leaving it on and getting hit in the face with fifty thousand ads next time I go anywhere.

Would it be possible to have an option that causes the NoScript icon to flash or become otherwise eye-catching as long as scripts are allowed globally?

Cheers for your help, and thanks for the awesome add-on.

[Tom T.]

Without addressing your RFE, could you not merely "Temporarily allow all this page"? Allowing the page is a bit safer than allowing the entire universe.
Also, by using "Temporary", the permissions are automatically revoked when you close the browser, even if you forget to click "Revoke temporary permissions" before leaving the site.

For sensitive transactions such as online payments or online banking, IMHO the best practice is to start a fresh browser, do the shopping and payment (or banking), then close the browser and restart before proceeding to browse further. This automatically revokes all temp permissions, as above.

You might also have a look at SOME SITES YOU MIGHT NOT WANT TO ALLOW, and mark these as Untrusted as you encounter them. Then you don't get the fifty thousand ads, and they don't clutter the menu. Soon, if you shop at the same places, you'll know which permissions each needs, so you can permanently whitelist them on a selective basis.

Note that you might have to "TA All this page" several times, for reasons described here.

As for the RFE, from a Human Factors standpoint, it would be distracting; people tend to ignore or tune out distractions after some period of time; and others would eventually find it so annoying that they would end up disabling it. (Somewhat like Vista's User Access Control. Eventually, people just click OK to get rid of it; thus defeating the purpose.)

My opinion only. I never use Globally Allow, so it doesn't affect me. If many other users express support, and Giorgio wants to do it, I do not object.

[Giorgio Maone]

You may also want to check the noscript.tempGlobal setting.

[Fen]

Without addressing your RFE, could you not merely "Temporarily allow all this page"? Allowing the page is a bit safer than allowing the entire universe.
Also, by using "Temporary", the permissions are automatically revoked when you close the browser, even if you forget to click "Revoke temporary permissions" before leaving the site.

The problem mainly comes from sites that redirect somewhere else to process things - I can allow the scripts on the initial page, but then it redirects to somewhere else and screws everything up.

Of course, if I make a habit of doing 'Allow all' when transacting I'm only replacing that problem with the possibility of allowing something more malicious, heh. Probably best to suck up a few screwed transactions and learn what's to be trusted, on reflection.

That temp-global thing looks like a good work-around, too - cheers for pointing that out.

[Thrawn]

NoScript already has a feature to play a sound when scripts are blocked; have you tried that?

[Tom T.]

... The problem mainly comes from sites that redirect somewhere else to process things - I can allow the scripts on the initial page, but then it redirects to somewhere else and screws everything up.

Look at the NS menu of the new page, see which scripts are necessary and trustworthy, and TA those.

Of course, if I make a habit of doing 'Allow all' when transacting I'm only replacing that problem with the possibility of allowing something more malicious, heh. Probably best to suck up a few screwed transactions and learn what's to be trusted, on reflection.

Good reflection.

The trial-and-error, and/or research, shouldn't even mess up a transaction. You'll simply get error messages, or non-responsive pages, forms, links, etc., until the necessary permissions are granted. Just watch out for message "Firefox must re-send the request. This may repeat a transaction." (or similar)
That can be avoided by unchecking NoScript Options > General > "Automatically reload affected pages when permissions change." This gives you a chance to investigate the script menu one at a time, TA one, look at the next one, etc. ... and it's easy to re-check that box when this issue is not a factor. (No browser restart required -- takes effect immediately upon "OK".)

That temp-global thing looks like a good work-around, too - cheers for pointing that out.

Definitely a work-around, but with all due respect to my very benevolent Maestro, you still have to remember to revoke the (temp) Global Allow, or close the browser, as mentioned before. Else even the temp-GA remains in effect as you continue to browse. "Learn what's to be trusted" is the safest, and those that are trusted can be made permanent.

If you'd like to know how to make various permissions permanent only for given sites, please see this Sticky Post.

NoScript already has a feature to play a sound when scripts are blocked; have you tried that?

I could be mistaken, and I probably am, so please forgive me, but I believe that Fen is looking for an alarm when scripts are *not* being blocked.

[Thrawn]

I could be mistaken, and I probably am, so please forgive me, but I believe that Fen is looking for an alarm when scripts are *not* being blocked.

You're quite right; my mistake

A bloodred border might be nice, but that would tend to conflict with other addons like Safe...