InformAction Forums

Dear everyone,

I recently started using Firefox (Icecat 3.12 for GNU/Linux Trisquel 7) with add ons. I have the following add ons in my browser now: NoScript, HTTPS Everywhere, SpyBlock, and Reader . "Reader" is a Firefox add on ( https://addons.mozilla.org/en-US/firefox/addon/reader/ ) which

...provides you the best reading experience by transforming text on any website using fonts, colors, and layouts of your choosing in a clean and distraction free environment.

I use it mostly on online newspaper websites.

I am unable to execute the Reader add on unless I choose "temporarily allow all this page" option from NoScript.

When a page loads the NoScript information bar displays the number of Scripts and Objects blocked - 74 in the following case (see screen shot) - http://i.imgur.com/imvCn9r.png

After the page fully loads when I click on the Reader icon the number of blocked Scripts goes up by 2 - from 74 to 76 in the following case (see screen shot) - http://i.imgur.com/mUjkVdN.png

Unless I select "allow all on this page" I am unable to run the add on. When I select "allow all on this page" the number of scripts in the above page went upto 124. Then when I click on the Reader icon and execute the scripts the number of scripts on the page as shown by the NoScript information bar goes up to 128 - (see screen shot) - http://i.imgur.com/G4okNKg.png

While the information bar shows the number of scripts blocked, or allowed as the case may be, there is no way to see all the scripts that are blocked. Clicking on the NoScript icon lists only a partial list of those blocked scripts and not the entire list of 74. How do I see the entire list and set permission to each one of them individually?

I would like to whitelist this add on so that I can allow the scripts of this add on alone and not the other scrips available in an particular page. I contacted the developer of Reader at http://barisderin.com/?p=372 and asked what to do. I got a response with the following details:

Base URL for our add-on is:
chrome://firefoxreader/content/

Reader Script folder is:
chrome://firefoxreader/content/scripts/

Related scripts which you may want to allow:
chrome://firefoxreader/content/scripts/autoscroll.js
chrome://firefoxreader/content/scripts/bulk.js
chrome://firefoxreader/content/scripts/jquery.min.js
chrome://firefoxreader/content/scripts/target.js

I know that whitelist is for webpages/websites. I dont know how to whietlist other add ons to execute scripts on browser. Kindly help me. Thanks.

> Clicking on the NoScript icon lists only a partial list of those blocked scripts and not the entire list

Are you not able to scroll through the list?

> list of 74. How do I see the entire list and set permission to each one of them individually

You really want to do that .

> I would like to whitelist this add on so that I can allow the scripts of this add on alone

I would suspect (though have no idea) that content from http://barisderin.com (or similar) is being loaded & that is what that extension is going to require to be Allowed?

I dont want to see and set permission to every script running on every webpage. That would be crazy. But I would like to be able to allow this particular add on's script(s). So seeing the entire list for this purpose is inevitable.

And the scripts are not loaded from http://barisderin.com . That is just the homepage of the reader add on. The scripts are loaded from the local HDD. I attached details about the folders and scripts that are installed in (and run from) the local HDD by the Reader add on.

When it fails, do you see anything related in the Browser Console? (Ctrl-Shift-J)
(if you don't know what's related, turn off CSS warnings and post everything else you see)

Also, what are the domains (or whatever) that get added to the script list by the extension?

If the extension is injecting scripts into the page, you will always need to (Temp-)allow the domain you're on.

archer wrote:the scripts are not loaded from http://barisderin.com . That is just the homepage of the reader add on. The scripts are loaded from the local HDD.

Not quite. If the scripts are being injected into a page, then they are treated as coming from the page.

You might try installing the Tranquility add-on.

So far has been the only "reader" extension I found that doesn't requiere javascript enabled on the site I want to read.

Jimmy.

barbaz wrote:When it fails, do you see anything related in the Browser Console? (Ctrl-Shift-J)
(if you don't know what's related, turn off CSS warnings and post everything else you see)

Also, what are the domains (or whatever) that get added to the script list by the extension?

If the extension is injecting scripts into the page, you will always need to (Temp-)allow the domain you're on.

@barbaz:

The Test Webpage used: http://www.theguardian.com/science/2014 ... lae-lander

Console Log for JS alone (CSS removed) before loading the Reader add on:

window.controllers is deprecated. Do not use it for UA detection. https-everywhere.js:342

Use of getUserData() or setUserData() is deprecated. Use WeakMap or element.dataset instead. requestNotifier.js:64

window.controllers is deprecated. Do not use it for UA detection. https-everywhere.js:342

Use of getUserData() or setUserData() is deprecated. Use WeakMap or element.dataset instead. requestNotifier.js:64

All candidate resources failed to load. Media load paused. philae-lander-tight-spot-comet-tough-decisions-esa-rosetta

Use of getUserData() or setUserData() is deprecated. Use WeakMap or element.dataset instead. requestNotifier.js:64

Security Error: Content at https://image.guim.co.uk/ni/14158987179 ... nce-WE.svg may not load data from https://image.guim.co.uk/ni/14158987179 ... nce-WE.svg.

There is no change in this log after trying and failing to load the "Reader" add on.

barbaz wrote:Also, what are the domains (or whatever) that get added to the script list by the extension?

I dont know if any domain is added. And the NoScript information bar does not list "all" the scripts that are being blocked.

barbaz wrote:If the extension is injecting scripts into the page, you will always need to (Temp-)allow the domain you're on.

Yes I know I can do that. I want to know if it is possible to add exception to the add on. I dont want to even temp allow "all" scripts on newpaper websites.

archer wrote:I dont want to even temp allow "all" scripts on newpaper websites.

You shouldn't need to allow all, just the top-level domain.

There isn't really a way around this, so long as the addon keeps inserting scripts into the page. By design, they are treated as if they came from the site.