Just came across decentraleyes, but it requires "file://"

Ask for help about NoScript, no registration needed to post

Just came across decentraleyes, but it requires "file://"

Post by os38&ABW&7Uwrs6#fUbtuVw$ » Fri Oct 27, 2017 2:17 pm

I just came across an interesting add-on called decentraleyes https://addons.mozilla.org/en-US/firefo ... ntraleyes/ that intercepts some javascript queries. It seems to know and respect other blockers, including NoScript. Also, it seems that it requires a permanent whitelist on "file://", or else it will not work. What are the ramifications of whitelisting "file://" to always run javascript? I have only used it a few times, and figued it would be better to leave it as a temporary allow rather than a permanent allow.
Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0

Senior Member
Posts: 9145
Joined: Sat Aug 03, 2013 5:45 pm

Re: Just came across decentraleyes, but it requires "file://

Post by barbaz » Fri Oct 27, 2017 3:35 pm

Do you trust your own filesystem? If not, you may have a much bigger problem than Javascript permissions for one addon! :o

That said, some people do download spam/malware webpages and analyse them locally in their web browser. If that describes you, it's fair to not want to whitelist "file://". In which case, your best bet would be to set up NoScript surrogate script for the JS you want to run local replacements. For example, to do this for jQuery -

1) Download jQuery from its official site - https://code.jquery.com/
2) Drag the downloaded file into the browser window, and copy the file: URL in the address bar
3) Go to about:config
4) Right-click > New > String
name: noscript.surrogate.jquery.replacement
for value, paste in the file: URL
5) right-click > New > String
name: noscript.surrogate.jquery.sources

Code: Select all

That will make your downloaded jquery replace *all* blocked jquery. If, for example, you only want to replace googleapis jquery, you could try this value -

Code: Select all

6) Test it: Go to a site with jquery loaded from a third-party CDN, then Forbid the domain it's served from. If it doesn't work, and if the file: URL has any spaces, replace each space with "%20" (without quotes) and try again.

Does this help?
*Always* check the changelogs BEFORE updating that important software!

Post Reply