I have a local *.xml file that refers to XSLT stylesheets like this:
<?xml-stylesheet type="text/xsl" href="styles-1.0.xsl" alternate="yes" title="huge table"?>
<?xml-stylesheet type="text/xsl" href="styles-1.0-sparse.xsl" alternate="no" title="list with headings"?>
NoScript 2.6.9.11rc1 on Firefox 35.0 normally blocks the stylesheets. Okay, I can enable active content in file:// either permanently or temporarily, and then it should work.
However, if the "allowLocalLinks" pref is true, then the stylesheets do not work. If the "allowLocalLinks" pref is false, then they work fine. This seems backwards to me, especially as the settings window presents this pref as an extra permission for trusted sites.
"allowLocalLinks":true blocks local XSLT
-
rendar
"allowLocalLinks":true blocks local XSLT
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:35.0) Gecko/20100101 Firefox/35.0
Re: "allowLocalLinks":true blocks local XSLT
Hmm, I wonder if implementing the RFE in viewtopic.php?f=10&t=19884 would help you, because you say it works with local links forbidden...
Just to double check, do you have any capability.* prefs (other than capability.policy.policynames and the capability.policy.*.sites prefs) in about:config that are set to anything other than "allAccess"?
Just to double check, do you have any capability.* prefs (other than capability.policy.policynames and the capability.policy.*.sites prefs) in about:config that are set to anything other than "allAccess"?
*Always* check the changelogs BEFORE updating that important software!
Mozilla/5.0 (Windows NT 5.2; rv:33.0) Gecko/20100101 SeaMonkey/2.30
-
rendar
Re: "allowLocalLinks":true blocks local XSLT
I searched for "capability" in about:config and found:
capability.policy.maonoscript.javascript.enabled (user set): allAccess
capability.policy.maonoscript.sites (user set): addons.mozilla.org about: about:addons about:blank about:blocked about:certerror about:config about:crashes about:credits about:home about:memory about:neterror about:plugins about:privatebrowsing about:sessionrestore about:srcdoc about:support blob: chrome: <<several undisclosed http and https sites>> moz-safe-about: resource:
capability.policy.default.SOAPCall.invokeVerifySourceHeader (default): allAccess
capability.policy.policynames (default): maonoscript
webgl.min_capability_mode (default): false
I apparently don't have the kind of prefs you asked about.
capability.policy.maonoscript.javascript.enabled (user set): allAccess
capability.policy.maonoscript.sites (user set): addons.mozilla.org about: about:addons about:blank about:blocked about:certerror about:config about:crashes about:credits about:home about:memory about:neterror about:plugins about:privatebrowsing about:sessionrestore about:srcdoc about:support blob: chrome: <<several undisclosed http and https sites>> moz-safe-about: resource:
capability.policy.default.SOAPCall.invokeVerifySourceHeader (default): allAccess
capability.policy.policynames (default): maonoscript
webgl.min_capability_mode (default): false
I apparently don't have the kind of prefs you asked about.
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:35.0) Gecko/20100101 Firefox/35.0
Re: "allowLocalLinks":true blocks local XSLT
Is that with allowLocalLinks true or false?rendar wrote:I searched for "capability" in about:config and found:
Does it differ at all with the opposite value, if so how?
*Always* check the changelogs BEFORE updating that important software!
Mozilla/5.0 (Windows NT 5.2; rv:33.0) Gecko/20100101 SeaMonkey/2.30
-
rendar
Re: "allowLocalLinks":true blocks local XSLT
That was with allowLocalLinks false. If I change it to true, then the values of those settings do not change, but one capability.* setting gets added to about:config:
capability.policy.maonoscript.checkloaduri.enabled (user set): allAccess
Changing allowLocalLinks to false removes this setting again, but it does not disappear from the about:config list immediately, only when I close and reopen the tab.
If I set allowLocalLinks = true in the NoScript settings window, local XSLT becomes blocked and capability.policy.maonoscript.checkloaduri.enabled = "allAccess" gets added.
If I then set capability.policy.maonoscript.checkloaduri.enabled = "" in about:config, local XSLT stays blocked.
If I then reset capability.policy.maonoscript.checkloaduri.enabled to the default in about:config, local XSLT stays blocked.
If I set allowLocalLinks = false in the NoScript settings window, local XSLT starts working and capability.policy.maonoscript.checkloaduri.enabled gets removed.
If I then set capability.policy.maonoscript.checkloaduri.enabled = "allAccess" in about:config, local XSLT keeps working.
Therefore, it looks like capability.policy.maonoscript.checkloaduri.enabled itself has no effect on local XSLT.
capability.policy.maonoscript.checkloaduri.enabled (user set): allAccess
Changing allowLocalLinks to false removes this setting again, but it does not disappear from the about:config list immediately, only when I close and reopen the tab.
If I set allowLocalLinks = true in the NoScript settings window, local XSLT becomes blocked and capability.policy.maonoscript.checkloaduri.enabled = "allAccess" gets added.
If I then set capability.policy.maonoscript.checkloaduri.enabled = "" in about:config, local XSLT stays blocked.
If I then reset capability.policy.maonoscript.checkloaduri.enabled to the default in about:config, local XSLT stays blocked.
If I set allowLocalLinks = false in the NoScript settings window, local XSLT starts working and capability.policy.maonoscript.checkloaduri.enabled gets removed.
If I then set capability.policy.maonoscript.checkloaduri.enabled = "allAccess" in about:config, local XSLT keeps working.
Therefore, it looks like capability.policy.maonoscript.checkloaduri.enabled itself has no effect on local XSLT.
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:35.0) Gecko/20100101 Firefox/35.0