Page 1 of 1
noscript.allowedmimeregexp allows all objects
Posted: Mon Oct 20, 2014 6:19 pm
by access2godzilla
I have added the following to noscript.allowedmimeregexp:
This is allowing all objects to be loaded, whether trusted or untrusted, despite these being blocked in Noscript Options>Embeddings. I also have "apply restrictions to whitelisted sites" turned on.
Running NS 2.6.9.2 on PaleMoon 25.0.1 (ignore the UA string below).
Re: noscript.allowedmimeregexp allows all objects
Posted: Mon Oct 20, 2014 7:12 pm
by barbaz
If 127.0.0.1 isn't explicitly marked as Untrusted, isn't that the intended behavior? Or are you saying that allows all embeddings on *other* sites and not just 127.0.0.1?
Re: noscript.allowedmimeregexp allows all objects
Posted: Tue Oct 21, 2014 1:51 am
by access2godzilla
It allows all embeddings on *other* sites, not just 127.0.0.1.
Re: noscript.allowedmimeregexp allows all objects
Posted: Thu Oct 23, 2014 12:57 am
by access2godzilla
It seems that Noscript gets confused about the domains when set to allowed from *@location but not from {content-type}@location.
Confirming that this is a Noscript problem; it also happens with other browsers like Seamonkey too.
Re: noscript.allowedmimeregexp allows all objects
Posted: Thu Oct 23, 2014 10:58 am
by Giorgio Maone
access2godzilla wrote:It seems that Noscript gets confused about the domains when set to allowed from *@location but not from {content-type}@location.
Confirming that this is a Noscript problem; it also happens with other browsers like Seamonkey too.
is not a valid regular expression.
The bug, if any, is NoScript falling back to (?:) (which matches anything), rather than a match-nothing expression.
Anyway, for your purpose the correct expression would likely be