InformAction Forums

camputa wrote:
Regardless,

No, it's the central point - see above; you aren't dealing with anybody in this forum who can change the Public Suffix List, even if they believed it was necessary.

why should a (temporary) javascript whitelist policy have *anything* to do with this ill-conceived "public suffix" list?

Repeating: NS is an extension of Firefox, not a stand-alone application. Mozilla/Firefox is where you should aim your complaints.

Grumpy Old Lady wrote:

camputa wrote:
Regardless,

No, it's the central point - see above; you aren't dealing with anybody in this forum who can change the Public Suffix List, even if they believed it was necessary.

why should a (temporary) javascript whitelist policy have *anything* to do with this ill-conceived "public suffix" list?

Repeating: NS is an extension of Firefox, not a stand-alone application. Mozilla/Firefox is where you should aim your complaints.

I didn't ever suggest changing this list. My concern, now, is that noscript even uses this list (via firefox) to determine how to present the user with the list of domains to whitelist. Why does it not just suggest, for www . x . y . z:

Allow http://www.x.y.z
Allow x.y.z
Allow y.z
(Allow z)

what has the "public suffix list" to do with anything? Think about it: this is a *whitelist* selection, you're giving *the user* the choice.

camputa wrote: I didn't ever suggest changing this list. My concern, now, is that noscript even uses this list (via firefox) to determine how to present the user with the list of domains to whitelist. Why does it not just suggest, for www . x . y . z:

Allow http://www.x.y.z
Allow x.y.z
Allow y.z
(Allow z)

See Giorgio's full explanation upthread:
http://forums.informaction.com/viewtopi ... 1896#p7479

NoScript is constrained by Firefox protocols, being a Firefox extension. Giorgio, above all other things he does with NoScript, is a member of the Firefox team; all extension developers are.

what has the "public suffix list" to do with anything? Think about it: this is a *whitelist* selection, you're giving *the user* the choice.

If Giorgio could make your request possible (I have no clue about that), why make it possible if it's not as secure as the current method. That's a rhetorical question because I don't see why a user with a more relaxed approach to security should be able to press NoScript into being less secure for other users.
Giorgio has already implied upthread that Firefox's approach to this particular inconsistency is the correct (more secure) one.

It appears that this will continue to go round in circles if I respond any more.
Sorry I can't find another way to maybe approach helping.

Grumpy Old Lady wrote:
If Giorgio could make your request possible (I have no clue about that), why make it possible if it's not as secure as the current method. That's a rhetorical question because I don't see why a user with a more relaxed approach to security should be able to press NoScript into being less secure for other users.

That's the problem right there: conflating "security" with "allow scripts". I want to allow "nt.gov.au". Why shouldn't I be given that option? Security? The security policy still applies after I've decided to allow scripts from that domain.

camputa wrote:I want to allow "nt.gov.au". Why shouldn't I be given that option?

You can do that. Just enter it into NoScript Options > Whitelist, Allow, OK.

Alan Baxter wrote:

camputa wrote:I want to allow "nt.gov.au". Why shouldn't I be given that option?

You can do that. Just enter it into NoScript Options > Whitelist, Allow, OK.

Ah, thanks Alan Baxter. I was still on the track of the menu items, in particular Temp Allow, that camputa had been arguing is a bug.
I'll shut up now :-)