Impossible to remove the "Support Filterset"

[lunboks]

Every time I restart the browser, the filterset is recreated. I already visit noscript.net with a clean profile on a daily basis, and IMO, these entries are a possible security breach, so I want to disable them. Anyone could just host their exploit code with a URL like this:

Code: Select all

http://evil.site/http://noscript.net/exploit.js

To avoid this, you should anchor your whitelist entries and use the document/match-case flag, like so:

Code: Select all

@@|http://noscript.net/$document,match-case

Also, a notification that this filterset has been added would be nice. If I hadn't followed this topic, I would have had no idea what was going on.

[Giorgio Maone]

Every time I restart the browser, the filterset is recreated.

It's a limitation of the current implementation, I'll try to fix it in the next release.
You can disable it though (by unchecking the checkbox there), and your choice will be permanent (in facts the FAQ says "disable", not "remove").

IMO, these entries are a possible security breach

No they're not. They're already anchored like this:

Code: Select all

@@|http://noscript.net/

(notice the leading pipe).

Also, a notification that this filterset has been added would be nice.

I agree, and it's planned as you can read here.
However you are informed also on the landing release notes page (you should see if you're updating) and warned beforehand in the install pages, both on AMO and on noscript.net.
There's a FAQ entry, too.

[lunboks]

You can disable it though (by unchecking the checkbox there), and your choice will be permanent (in facts the FAQ says "disable", not "remove").

For some reason, I thought disabling a subscription was equivalent to deleting it. Thanks, my bad.

IMO, these entries are a possible security breach

No they're not. They're already anchored like this:

Code: Select all

@@|http://noscript.net/

(notice the leading pipe).

My bad again, didn't see it.

Thank you for your help and sorry for bothering you.