InformAction Forums

After updating to NoScript 2.9.0.10, I am seeing HTTPS occasionally forced on a site that is not in my force list. I am seeing the behavior on both FF 45.0.1 and 44.0.2. RIght now, I can reliably produce the behavior by attempting to get http://windowsitpro.com/security/emet-5 ... te-attacks (which will redirect HTTPS back to HTTP and loop). My browser console shows:

[NoScript HTTPS] Redirected Channel http://windowsitpro.com/security/emet-5 ... te-attacks

Do you see this behavior when loading that URL or some other? Is there a known issue that is being worked on? Thanks.

Well, I played around some more and did get that page to load properly. There was either some kind of corruption I eliminated while trying things, or NoScript doesn't like # comment lines in the HTTPS list. Should it treat lines beginning with # as a comment, or is that unsupported and something that could cause a problem?

Guest-2016 wrote:NoScript doesn't like # comment lines in the HTTPS list. Should it treat lines beginning with # as a comment, or is that unsupported and something that could cause a problem?

I don't think that's supported anywhere other than ABE rules.

I'd like to suggest it as a feature then. It is helpful to be able to temporarily comment something out or label a group of entries.

In the mean time, can you think of a way to fake one? Something that will visually stand out from a normal entry but not throw off the matching process or match something? Do you think something with no spaces and only valid characters would work, or is the matching code more picky than that?

---ThisIsAComment---

I have no idea there, sorry.

You could perhaps prefix the site with a double-underscore or something.