InformAction Forums

NoScripters and WebSec nerds of all lands, unite!
https://forums.informaction.com/

UI regression with popup windows

https://forums.informaction.com/viewtopic.php?t=26895

Page 1 of 1

UI regression with popup windows

Posted: Tue Jan 17, 2023 12:58 am
by ZeroUnderscoreOu
When a site opens a new page in a popup window with minimal controls, there is no easy way to check/set script permissions for that new page. In case that page requires new permissions, it will not work properly until reopened in a new tab, where NoScript controls are available.

I made a test case to illustrate this issue. NS_Parent has a button that changes color constantly to indicate that scripts are running. Page requires zerounderscoreou.github.io to be trusted. Clicking the button opens NS_Popup in a popup window. The page is empty but it will change color constantly, similarly to the opening button, when scripts are running. It also requires cdn.jsdelivr.net to be trusted for scripts to run. You will not be able to set that permission, however, because NoScript toolbar icon is hidden and clicking NoScript context menu opens settings for the parent page (stealing focus), which does not require cdn.jsdelivr.net and doesn't have it in the list of domains. The only way to see an updated list of domains is to reopen NS_Popup in a normal window (you can also Ctrl+Click on the button to load it in the same window).

In case my explanation was not clear, I can make a video showcasing this issue.

Re: UI regression with popup windows

Posted: Tue Jan 17, 2023 1:39 am
by barbaz
Your explanation is clear, I know what you're talking about and have hit the same issue. It's not a regression, it has always been this way.

What browser are you using?

If Firefox, you can work around this using userChrome.css (requires about:config > toolkit.legacyUserProfileCustomizations.stylesheets set to true). Here's mine -

Code: Select all

@namespace url("http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul");
@namespace html url("http://www.w3.org/1999/xhtml");

/* Un-hide Toolbars In Popups (DON'T apply to WebExtension-created windows!) .......*/
*|*:root:not([chromehidden=""]):not([chromehidden~="location"]) *:is(#PersonalToolbar, .chromeclass-toolbar-additional:not([hidden="true"])) {
  display: -moz-box !important;
}
A better solution, and one that in theory would work in all supported browsers, would be viewtopic.php?t=26249

Re: UI regression with popup windows

Posted: Tue Jan 17, 2023 3:39 am
by ZeroUnderscoreOu
I call this a regression because there is a UI element that is otherwise functioning but not in this particular case.

Yes, I use Firefox. Thanks for suggestion, but I'd prefer to avoid using userChrome.

I agree that logging console would be a nice addition and could help in cases of multiple redirections. But I think in this case parent window's list of domains (in NoScript menu) should be populated with domains required by popups.

Re: UI regression with popup windows

Posted: Tue Jan 17, 2023 8:12 am
by Giorgio Maone
Please check latest development build:

v 11.4.15rc1
============================================================
x Always open the windowed standalone UI when invoked from
the contextual menu (thanks ZeroUnderscoreOu for
reporting)

Re: UI regression with popup windows

Posted: Tue Jan 17, 2023 8:31 pm
by therube
Pretty neat testcase :-).

11.4.15rc1 looks to work.
(And I'll note that legacy XUL NoScript also works. Don't know if that's good or bad?)

Re: UI regression with popup windows

Posted: Fri Jan 20, 2023 12:41 am
by ZeroUnderscoreOu
therube wrote: Tue Jan 17, 2023 8:31 pm Pretty neat testcase :-).
Thanks :)

And thank you Giorgio for the fix.
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited