Blocking embedded objects [Much Less] fiddly now?

[Grumpy Old Lady]

Playing around with NS settings to unblock the embedded video on the Fx 3.5 splash page, I observed these behaviours.
http://en-gb.www.mozilla.com/en-GB/fire ... /whatsnew/

With all NS defaults, the blocked video object is labeled

<VIDEO>,video/ogg@http://proxy-58.dailymotion.com/18/320x ... 57a13d1763

and the console message is

Code: Select all

Error: [Exception... "'NoScript aborted redirection to http://proxy-58.dailymotion.com/18/320x240/ogg/15809843-2.ogg?de0265aa53c266fe831c1bf1c439b57a13d1763' when calling method: [nsIChannelEventSink::onChannelRedirect]"  nsresult: "0x8057001e (NS_ERROR_XPC_JS_THREW_STRING)"  location: "<unknown>"  data: no]

Allowing the object per my usual steps:

Try

Code: Select all

 simply allow the object by choosing it from the NS menu, without allowing the main domain.

frame changes to an apparently broken bit of content with a static Fx icon - - but a context menu says it will play
Which it does, in the small frame (after a long pause for buffering, but this could be because of my non-US connection).

Temp allowing mozilla.org gives a transparent overlay play button, and the video is again blocked.
Temp allowing the video gives the Fx icon again (I assume that's the video unblocked) and the transparent overlay play button won't function. And of course the context menu access to the play controls is gone.
Temp allowing dailymotion.com and the play button overlay launches the full animated video (complete with zoom).


Does this new way of embedding make blocking active stuff more difficult using NS?
Is there a better way for a user to approach unblocking active stuff now?

Other problems observed with my own tweaked setup: with iframes blocked, and with NS option to block stuff from trusted sites, with mozilla.org and dailymotion.com temp allowed, the controls are duds again.

All of the above was first noticed on my own configured NS 1.9.5.6, and subsequently reproduced on this clean NS-only profile with NS 1.9.5.6.

[Giorgio Maone]

The new video tag is actually posing some unneeded problems, but the Firefox launch video setup is even more unnecessarily complicated on its own.
I'm working to make NoScript users' life less harder in situations like this, but I'd like web authors and browser vendors being a bit more careful as well...

[therube]

If the site has privileges, can't it just enable script wherever and however it
wants? Like anti-Noscript

All I can say is that Flash does not necessarily need JavaScript.

[Grumpy Old Lady]

Edited to remove personal life clues.

[Giorgio Maone]

Many efforts to mitigate this madness in in latest development build 1.9.5.7

[Grumpy Old Lady]

Many efforts to mitigate this madness in in latest development build 1.9.5.7 :)

Very slick fix, Prof. :applause:

With a clean test profile, all defaults

Code: Select all

choose Temp allow video from Blocked Objects menu

or

Code: Select all

click on NS placeholder

which gives a blank white frame
so let's allow mozilla.org to run mozilla-video-tools.js

Code: Select all

 CTRL SHFT BACKSLASH

or

Code: Select all

 Temp Allow mozilla.com (main domain in menu)

and there's the play button overlay, which responds (after a few seconds delay - and this connection is in Australia, so it could just be the server delay) with full video effects, including stop with an X button.

Also works with iframes forbidden on trusted sites (my customised config)

Clever, clever man.