Highlighting in the yellow box

[lancelot]

Sorry if this has already been asked before. In the yellow box, some entries are highlighted:



What is the meaning of the darker pink boxes? Does it show what types of content NoScript has detected coming from that source?

[daniel4859]

Hello. Thank You very much, lancelot. I wanted to ask a question about exactly the same thing. It's very interesting. I wonder if it has any meaning important to users etc.

Thanks.

[Giorgio Maone]

The red highlighting means that attempts to use that capability have been detected in the page, therefore they're more likely than others to be needed for the page to work fully as intended by its authors.

Also please notice that, unless you want to radically change the way NoScript operates by default (e.g. because you want it to allow more on "new" site, and restrict those you don't like afterwards using UNTRUSTED, i.e. implementing a blacklisting mode opposite to the "normal" whitelisting mode), you'll better not touch the presets and customize only the CUSTOM permissions.

[daniel4859]

Hello. Mr Maone, thanks for an answer. So, it's better to use a "CUSTOM" to modify options, instead of "TRUSTED"? I'm asking, because if I trust some website, I choose "TRUSTED" (however, I remove some options, such as: media, font and webgl) -- I noticed, that for most cases script is needed.

Generally, what are You suggesting? What is the best method to use NoScript v10? I know, that users can deploy something You have mentioned: "implementing a blacklisting mode opposite to the "normal" whitelisting mode". Does "my method" mentioned above (using "TRUSTED" without some options) is OK?

By the way; is it normal, that after installing NoScript from your website (a development version), it is no longer possible to update NoScript via "Tools > Addons > find updates"? I am asking, because I'd experienced such a situation. I had to install NoScript v10.1.6.1 from the addons.mozilla website (there was an information about various things, such as needed access etc.)

Thanks.

[Tomatix]

Hello. Mr Maone, thanks for an answer. So, it's better to use a "CUSTOM" to modify options, instead of "TRUSTED"? I'm asking, because if I trust some website, I choose "TRUSTED" (however, I remove some options, such as: media, font and webgl) -- I noticed, that for most cases script is needed.

Generally, what are You suggesting? What is the best method to use NoScript v10? I know, that users can deploy something You have mentioned: "implementing a blacklisting mode opposite to the "normal" whitelisting mode". Does "my method" mentioned above (using "TRUSTED" without some options) is OK?

I recommend you to read https://hackademix.net/2017/12/04/noscr ... utshell-2/

By the way; is it normal, that after installing NoScript from your website (a development version), it is no longer possible to update NoScript via "Tools > Addons > find updates"? I am asking, because I'd experienced such a situation. I had to install NoScript v10.1.6.1 from the addons.mozilla website (there was an information about various things, such as needed access etc.)

Sounds normal to me.

[Tomatix]

@Giorgio In my opinion the global presets settings should be removed or made read-only in the domains list. It seems to be too confusing and I also don't see actual benefits from having it there.

Edit: clearer wording

[Guest]

I totally agree that the possibility of changing these fundamental settings here is very confusing and dangerous too. This highlighting thing is quite interesting but causes even more puzzlement when on default bar: you automatically want to tick this option and so it is on everywhere without you noticing anything. Maybe this highlighting could left there but not possibility of changing options.
Of course knowing what the blocked sites want is quite useful (* on custom bar and maybe it would be wise to let the option boxes only there.

*) But not without danger either: As far as I understand ticking an option on Custom bar leaves that option on everywhere for that particular site. Would be nice if this custom setting affects only on page where you were. But I think I remeber that somebody told somewehre else that this is not good idea?

BTW. It would be nice to have some agreement about terminology concerning these menus and things.

[bo elam]

Hello. Mr Maone, thanks for an answer. So, it's better to use a "CUSTOM" to modify options, instead of "TRUSTED"? I'm asking, because if I trust some website, I choose "TRUSTED" (however, I remove some options, such as: media, font and webgl) -- I noticed, that for most cases script is needed.

Generally, what are You suggesting? What is the best method to use NoScript v10? I know, that users can deploy something You have mentioned: "implementing a blacklisting mode opposite to the "normal" whitelisting mode". Does "my method" mentioned above (using "TRUSTED" without some options) is OK?

I think basically what Giorgio was saying is that it is better to set global presets and let them be, dont keep changing them. And whenever you want to do something different with a particular domain, that would be the time to use the Custom preset.

By the way; is it normal, that after installing NoScript from your website (a development version), it is no longer possible to update NoScript via "Tools > Addons > find updates"? I am asking, because I'd experienced such a situation. I had to install NoScript v10.1.6.1 from the addons.mozilla website (there was an information about various things, such as needed access etc.)

With version 10, I have been using most of the time the beta. If you are using a beta, the updater from within Firefox will inform you when a new beta is out. If you are using the regular stable version of NoScript, the updater informs you when a new stable version has been released.

Bo

[bo elam]

@Giorgio In my opinion global settings should be removed or made read-only in the domains list. It seems to be too confusing and I also don't see actual benefits from having it there.

I tell you a huge benefit of having the list. Before, in version 5, we couldnt see the list of Untrusted domains. It was very hard to monitor Untrusted domains and make changes as there was no list of Untrusted domains in the UI. To see it, you had to open the NoScript config text file, go to the bottom, and look at it. It was difficult to keep track of what you had in there. Now, its easy to monitor, and delete domains if you want. Or add. In my opinion, having the list of all domains in NoScript Options, all together, is an improvement.

Bo

[Tomatix]

@Giorgio In my opinion global settings should be removed or made read-only in the domains list. It seems to be too confusing and I also don't see actual benefits from having it there.

I tell you a huge benefit of having the list. Before, in version 5, we couldnt see the list of Untrusted domains. It was very hard to monitor Untrusted domains and make changes as there was no list of Untrusted domains in the UI. To see it, you had to open the NoScript config text file, go to the bottom, and look at it. It was difficult to keep track of what you had in there. Now, its easy to monitor, and delete domains if you want. Or add. In my opinion, having the list of all domains in NoScript Options, all together, is an improvement.

Bo

I have absolutely nothing against the lists. I think you misunderstood the post.

[Tomatix]

I totally agree that the possibility of changing these fundamental settings here is very confusing and dangerous too. This highlighting thing is quite interesting but causes even more puzzlement when on default bar: you automatically want to tick this option and so it is on everywhere without you noticing anything. Maybe this highlighting could left there but not possibility of changing options.
Of course knowing what the blocked sites want is quite useful.

Agree to all these points of yours.

[bo elam]

I have absolutely nothing against the lists. I think you misunderstood the post.

OK, I see now, I guess you meant remove global settings from the NoScript menu.

FWIW, in my view, the menu and Settings are working out just fine the way they are.

Bo

[Pansa]

@Giorgio In my opinion the global presets settings should be removed or made read-only in the domains list. It seems to be too confusing and I also don't see actual benefits from having it there.

Edit: clearer wording

I personally think it is only confusing if one doen't pay attention.

The new interface is a lot more consistent than it was before.
If you click on default, and set checkmarks, you have changed the default (which means it changes how ALL pages that have no specified rule)
If you click trusted, and set checkmarks, you have changed the setting for trusted domains (all trusted domains)

I could understand the confusion about why this wouldn't be domain specific if not for

If you click on custom and set checkmarks, it creates a CUSTOM rule for that domain only.

If default and trusted also created custom rules, why would there be a custom button?
Not to mention the general weirdness of having a list of things that show "default" or "trusted" but all having individual settings.

And as for removing the ability to change the presets:
You have been here for a bit. You might have noticed that people have VERY different ideas of how they want things to be. Having them fixed would just mean one group is getting it the way they like, and about five would be annoyed.
Some of us have default empty (thus rendering the untrusted set moot). Some people really like the pre-installed settings. Some even have default "allow everything" and just untrust the pages they dislike (therefore rendering the trusted set moot)
Some prefer "trusted" to be still limited, and only give unlimited access to specific sites they push into custom.

I don't think removing that functionality for the benefit of users who don't read or think about what the UI tells them nor (in case of confusion) apply a bit of try and error is the right thing to do.

[Quest]

I guess you meant remove global settings from the NoScript menu.
FWIW, in my view, the menu and Settings are working out just fine the way they are.
Bo

You mean it's OK to change the Default settings in that yellow box where you can do it easily by mistake?
I believed that you only need to do it once or twice in your lifetime. So why leave such a pitfall in a safety program?

[Pansa]

I guess you meant remove global settings from the NoScript menu.
FWIW, in my view, the menu and Settings are working out just fine the way they are.
Bo

You mean it's OK to change the Default settings in that yellow box where you can do it easily by mistake?
I believed that you only need to do it once or twice in your lifetime. So why leave such a pitfall in a safety program?

Because sometimes you sacrifice blatant user error to actually consistency in the interface.
Not to mention that the worst thing that happens is your Firefox behaving as it does without NS.

And linguistically that's where these settings belong, when at the same place in custom you are supposed to set THOSE.
A counterargument are the disabled checkboxes for "script" in trusted and the ones under untrusted, but I personally like the compact "putting the options near the choices" instead of hiding them somewhere completely else in an option tree.

While it may be rare to change them, it currently is a good practice to keep checking on them semi frequently.