NoScript Direction concerning Defaulted Whiltelist Changes
Posted: Sat Jul 04, 2015 7:28 pm
NoScript Direction concerning Defaulted Whiltelist & Changes Thereof?
Eh, weird topic.
But similar to JavaScript CDNs to add to whitelist what should NoScript policy be pertaining to the default whitelist, changes initiated on the NoScript side, & settings made by the user?
So how it comes about...
Youtube HTML5 video all of a sudden sucks.
Takes ~10 seconds before playback starts.
Existing Profile (& so all the garbage that has accumulated, goes along with that).
And what changed?
Instead of my normal (well dated at this point) SeaMonkey 2.33.1 release, I'm now messing with SeaMonkey Aurora/Nightly, 2.38/2.39. And I click a link to some YT video & its taking forever for playback to begin. And I know that with 2.39, I'm using HTML5, where with 2.33 you're still served Flash.
2.33 Flash, fires right up.
2.39 HTML5, slow.
Simple. No other changes, just fast/slow.
So I try a different Profile I've got laying about - with 2.39 & YT fires right up - using HTML5.
Tells me its something in my original Profile.
Guessing it will turn out to be extension related.
So create a new, empty Profile, copy everything extensions related into it, so /extensions/* & extensions*.*.
Fire up 2.39, visit Youtube, pick a clip, & playback starts right away.
Tells me its something in my prefs.js.
Immediate thought (even before this point) was NoScript.
So I make all the same (NoScript) changes (particular Pref setings) I've made from my original Profile, in this new one - except I do not mess with the whitelist.
Still, YT runs fine.
I then again copy over original prefs.js & confirm that YT runs slowly. It does.
I then do a Reset of the whitelist, & with that YT runs fine.
A quick comparison between the whitelists points to googlevideo.com.
Sure enough, that's it.
HTML5 playback still works on YT, actually everything works, only it is very slow to start its playback if googlevideo.com is not allowed.
So... at some point in the past, googlevideo.com had been added to the default whitelist, probably for this very reason, but until now, its inclusion, or not, has not affected me.
So I now include it.
No big deal.
But, what should NoScripts policy be towards these whilelist changes?
Should it say, hey, not there, I'm adding such & such domain?
Should it say, hey, this existing one is wrong, so I'm removing such & such domain?
Should a user be prompted of some sort of mismatch?
Should a user know, that over time, defaults change & what worked or what was accepted yesterday, may not be today, and may yet change again tomorrow. Well that part goes without saying.
So, what should be done in this regard?
(I'm sure I have plenty of cruft in my existing Profiles & tend to start afresh every so often, but if someone has ages old Profiles, no telling what "wrong" settings are laying about, or in regard to NoScript, what may or may not be included in a defaulted whitelist, or even other specific Prefs.)
Eh, weird topic.
But similar to JavaScript CDNs to add to whitelist what should NoScript policy be pertaining to the default whitelist, changes initiated on the NoScript side, & settings made by the user?
So how it comes about...
Youtube HTML5 video all of a sudden sucks.
Takes ~10 seconds before playback starts.
Existing Profile (& so all the garbage that has accumulated, goes along with that).
And what changed?
Instead of my normal (well dated at this point) SeaMonkey 2.33.1 release, I'm now messing with SeaMonkey Aurora/Nightly, 2.38/2.39. And I click a link to some YT video & its taking forever for playback to begin. And I know that with 2.39, I'm using HTML5, where with 2.33 you're still served Flash.
2.33 Flash, fires right up.
2.39 HTML5, slow.
Simple. No other changes, just fast/slow.
So I try a different Profile I've got laying about - with 2.39 & YT fires right up - using HTML5.
Tells me its something in my original Profile.
Guessing it will turn out to be extension related.
So create a new, empty Profile, copy everything extensions related into it, so /extensions/* & extensions*.*.
Fire up 2.39, visit Youtube, pick a clip, & playback starts right away.
Tells me its something in my prefs.js.
Immediate thought (even before this point) was NoScript.
So I make all the same (NoScript) changes (particular Pref setings) I've made from my original Profile, in this new one - except I do not mess with the whitelist.
Still, YT runs fine.
I then again copy over original prefs.js & confirm that YT runs slowly. It does.
I then do a Reset of the whitelist, & with that YT runs fine.
A quick comparison between the whitelists points to googlevideo.com.
Sure enough, that's it.
HTML5 playback still works on YT, actually everything works, only it is very slow to start its playback if googlevideo.com is not allowed.
So... at some point in the past, googlevideo.com had been added to the default whitelist, probably for this very reason, but until now, its inclusion, or not, has not affected me.
So I now include it.
No big deal.
But, what should NoScripts policy be towards these whilelist changes?
Should it say, hey, not there, I'm adding such & such domain?
Should it say, hey, this existing one is wrong, so I'm removing such & such domain?
Should a user be prompted of some sort of mismatch?
Should a user know, that over time, defaults change & what worked or what was accepted yesterday, may not be today, and may yet change again tomorrow. Well that part goes without saying.
So, what should be done in this regard?
(I'm sure I have plenty of cruft in my existing Profiles & tend to start afresh every so often, but if someone has ages old Profiles, no telling what "wrong" settings are laying about, or in regard to NoScript, what may or may not be included in a defaulted whitelist, or even other specific Prefs.)