When I go to the Advanced tab, then to the HTTPS tab below it and then to the Behavior tab, I see a section related to active content. These are my options:
"Forbid active web content unless it comes from a secure (HTTPS) connection:
* Never
* Always
* When using a proxy (recommended with tor)"
The problem I have here is that the logic appears somewhat ambiguous. For example, suppose I chose option 1: Then, as I understand it, I would never forbid active content unless it comes from a secure connection. Consequently, I would have allowed active content everywhere except for during secure connections. Does that not sound rather odd to anyone else?
If I chose option 3: Then, as I understand it, while I use tor, again I would forbid all instances of active content except for that which occurs during HTTPS connections. However, perhaps my intention was to disallow all active content while I was using tor.
Furthermore, what means does NoScript use to determine whether I am currently using a proxy so that it would know whether this third rule applied to my situation? I mean, does it "kick in" when I have set FF to "Use system proxy settings" or to "Auto-detect proxy settings for this network"?
Advanced HTTPS connections
Advanced HTTPS connections
Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Re: Advanced HTTPS connections
Might help some, Intended behavior of HTTP | Never -> Force HTTPS *.site.com ?
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball NoScript FlashGot AdblockPlus
Mozilla/5.0 (Windows NT 5.1; rv:22.0) Gecko/20100101 SeaMonkey/2.19a2
Re: Advanced HTTPS connections
antipop wrote: The problem I have here is that the logic appears somewhat ambiguous.
It does use a lot of negatives - a triple negative in one case - but it's not actually ambiguous.No, what it means is that you disable the option to 'forbid active content from unsecured connections'. The point of this feature is that unencrypted pages are subject to tampering on the wire, so a person might choose to disable active content on such unsafe pages. The feature is 'forbid active content unless encrypted'; option 1 means 'never use the feature', option 2 means 'always use the feature', and option 3 means 'use the feature when using a proxy'.For example, suppose I chose option 1: Then, as I understand it, I would never forbid active content unless it comes from a secure connection. Consequently, I would have allowed active content everywhere except for during secure connections. Does that not sound rather odd to anyone else?
Why would you do that on an encrypted connection, where you have the assurance that the content really is from the site you're visiting, and no-one else can tamper or snoop? If you trust the site during regular browsing, why would you suddenly stop trusting it on Tor?If I chose option 3: Then, as I understand it, while I use tor, again I would forbid all instances of active content except for that which occurs during HTTPS connections. However, perhaps my intention was to disallow all active content while I was using tor.
I can understand that you wouldn't trust unencrypted Tor connections, but encrypted ones are just as safe as non-Tor ones.
That's a question for Giorgio. I guess I could hunt it down in the code, though, if I get a chance. I'll post back if I do.Furthermore, what means does NoScript use to determine whether I am currently using a proxy so that it would know whether this third rule applied to my situation? I mean, does it "kick in" when I have set FF to "Use system proxy settings" or to "Auto-detect proxy settings for this network"?
Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:19.0) Gecko/20100101 Firefox/19.0
Re: Advanced HTTPS connections
> It does use a lot of negatives - a triple negative in one case - but it's not actually ambiguous.
I certainly have to disagree respectfully with that idea. Unless you are making use of a personal English dictionary, then, yes, it is clearly ambiguous (pardon the expression) by any normal sense of the word: Ambiguous - "open to or having several possible meanings or interpretations" If it were not, we would be discussing a different topic. This is not a simple product, not by any stretch, and it is important to minimize confusion in order to facilitate its use.
I understand what you want it to mean, but that is not what it says logically. However, the ambiguity is easily avoidable, but it probably persists because of stubbornness. It could be rewritten like this:
"Forbid active web content unless it comes from a secure (HTTPS) connection:
* Yes
* No
* Only when using a proxy....
Problem solved from what I can see, or what am I missing? Nevertheless, I am quite curious as to how the program determines whether a proxy is in use.
I certainly have to disagree respectfully with that idea. Unless you are making use of a personal English dictionary, then, yes, it is clearly ambiguous (pardon the expression) by any normal sense of the word: Ambiguous - "open to or having several possible meanings or interpretations" If it were not, we would be discussing a different topic. This is not a simple product, not by any stretch, and it is important to minimize confusion in order to facilitate its use.I understand what you want it to mean, but that is not what it says logically. However, the ambiguity is easily avoidable, but it probably persists because of stubbornness.
It could be rewritten like this:"Forbid active web content unless it comes from a secure (HTTPS) connection:
* Yes
* No
* Only when using a proxy....
Problem solved from what I can see, or what am I missing? Nevertheless, I am quite curious as to how the program determines whether a proxy is in use.
Mozilla/5.0 (Windows NT 5.1; rv:20.0) Gecko/20100101 Firefox/20.0