Page 1 of 1
Is about:reader harmless to whitelist?
Posted: Mon Aug 24, 2015 6:19 pm
by SquirrelTwo
Since about:reader isn't on the default NoScript whitelist, and it's unclear what elements of the original page the reader is filtering, is about:reader safe to whitelist?
Are any of the original page's scripts being loaded in the about:reader view or is it purely sanitized text?
Re: Is about:reader harmless to whitelist?
Posted: Mon Aug 24, 2015 8:07 pm
by Giorgio Maone
I refused to whitelist about:reader because I don't trust any sanitizers.
Whitelisting about:reader, in the presence of a sanitizer bug, would basically mean whitelisting every origin.
Re: Is about:reader harmless to whitelist?
Posted: Mon Aug 24, 2015 8:11 pm
by SquirrelTwo
Giorgio Maone wrote:I refused to whitelist about:reader because I don't trust any sanitizers.
Whitelisting about:reader, in the presence of a sanitizer bug, would basically mean whitelisting every origin.
That's what I figured. If the base sites aren't allowed however enabling about:reader should be fine though, correct?
Or is the reader allowing part of the origin site to run through it when allowed (at least potentially)?