InformAction Forums

I'm posting this in Development because I'm fairly sure it's a bug, and because I don't really need support with it . (Hopefully I didn't miss a similar post in my search, but I looked as hard as I could.) Using NS 1.9.9.14 (stable and devel are apparently identical); same behavior since I last changed relevant settings some time ago. Settings:

• Temporarily allow top-level sites
• Full addresses only
• (under Contextual menu, which is not selected)
• Base 2nd level Domains
• Full Domains
• Full Addresses

On for example http://social.msdn.microsoft.com/Forums/, various scripts pop up, some on http://social.msdn.microsoft.com, some on http://social.microsoft.com, some on http://microsoft.com itself. I have social.microsoft.com permanently whitelisted, and http://social.msdn.microsoft.com of course is temporarily whitelisted every time I visit it. However, though http://microsoft.com is permanently whitelisted, NoScript does not appear to recognize this when I load pages: it shows the icon, and on the menu there's an entry to Allow microsoft.com. There's no entry to allow http://microsoft.com (which would limit it to strictly the scripts hosted on the root), perhaps because NS can already see a whitelist entry for that. I don't want to just allow everything hosted under microsoft.com arbitrarily, and in any case this could (in other situations) be a fairly important bug.

Is this known?

I'm unable to reproduce the behavior you describe with the options and two permanent whitelistings specified.
On http://social.msdn.microsoft.com/Forums/, I get the white S indicating that no scripts are blocked, and the menu shows:
Forbid social.microsoft.com
Forbid http://social.msdn.microsoft.com

Do I have to sign in to see what you see? I don't have an account and don't plan to create one.

Edit: I did find a different bug. http://forums.informaction.com/viewtopi ... 085#p13085

Alan Baxter wrote:I'm unable to reproduce the behavior you describe with the options and two permanent whitelistings specified.

Hmm, that's not good. Maybe I'll have to skim through the other settings to see if there are any others that jump out at me.

Alan Baxter wrote:Do I have to sign in to see what you see? I don't have an account and don't plan to create one.

I don't believe so, but unfortunately I can no longer repro; it appears that MS has changed their layout slightly, so no scripts are hosted on http://microsoft.com anymore.

Alan Baxter wrote:Edit: I did find a different bug. http://forums.informaction.com/viewtopi ... 085#p13085

I think I've seen that behavior too, actually. I don't know if it's a bug, or an annoying feature, but I've just worked around it without noticing it much.

Anyway: until some other site shows up that has this problem of root temp whitelisting, I guess I'll just have to leave it at that.... Thanks.

Do you have Adblock Plus installed by any chance? I have noticed that having ABP active on Microsoft sites will break the way they look and will often cause problems loading the page, I have not found it to be any issues with NoScript though. Just wonder if you might be able to test that and see.

Yes, actually, I do, on both profiles that I tested on. And as mentioned, I can't repro the problem any more right now, so I can't tell if ABP is responsible.

I should also mention that there is no obvious functionality loss on this particular site -- it's merely that this site is (was) a good testcase for the general problem.

Ok, well if it happens again, consider what I said and let us know and if not then at least its resolved.

tuggyne wrote:Anyway: until some other site shows up that has this problem of root temp whitelisting, I guess I'll just have to leave it at that.... Thanks.

Good ol' MySpace... I shoulda thought of them sooner . Naturally, MySpace hosts scripts on its root domain. So I can easily repro on this domain. Here's a specific repro URL. I have addthis.com, google-analytics.com, and pagead2.googlesyndication.com on my blacklist, and myspacecdn.com on my whitelist, but other than that, nothing is allowed or explictly denied on this site. (x.myspace.com and music.myspace.com show up properly, http:// prefix alternate entry and all, but myspace.com doesn't show any entry for http://.)

See my screencap:

http://accessories.us.dell.com/sna/batt ... l=en&s=bsd is another example of a page that has this problem -- http://dell.com is the source for at least one of the scripts, but can only be listed as dell.com (no http:// prefix available).

rtaylor wrote:Can You resolved this issue?

No, I haven't. I'm still just living with it. Sorry.