InformAction Forums

Posted: **Sun Aug 08, 2010 10:43 am**

the term "untrusted" - NS has three site categories, trusted, unknown, untrusted. In both embeddings and untrusted tabs, "untrusted" is used incorrectly to refer to (unknown + untrusted).
the term "site" - when discussing permissions for addressable resources, "site" can refer to either the resource itself or its origin. In the embeddings tab, "site" is used in the former sense, but in the untrusted tab in the latter (is that correct? for all the options in it? if there are exceptions they should probably be in a different section). Neither is obvious, but could be made so. The two uses of "site" should be disambiguated. e.g. Embeddings tab could say - "additional restrictions for objects coming from sites that are not trusted." Perhaps Untrusted tab should apply only to unknown and be called that, because truly untrusted pages may warrant different restrictions (not sure, didn't think this through). Also it should say "Additional restrictions for pages (origins) that are not trusted"

Posted: **Sun Aug 08, 2010 12:20 pm**

If untrusted tab refers to origins then "hide noscript element" should have no effect on a trusted page, but it does, it appears to overrides show <noscript> following blocked <script>. Is that the intended behavior?

"Forbid web bugs" is also not origin dependent it applies to <noscript> following blocked <script> regardless of the page permission.

Do they belong on the untrusted tab? Perhaps all <noscript> settings belong in a single section, with "hide noscript element" acting as a master switch for it?

InformAction Forums

"untrusted sites" ambiguities in the options

"untrusted sites" ambiguities in the options

Re: "untrusted sites" ambiguities in the options