InformAction Forums

Currently various NS modules will silently block inclusions. The two that come to mind are ABE and type checking, perhaps there are others.

Showing alert bars for them is too distracting, but it's nevertheless useful to know that something is blocked. Here's one way. The popup blocker shows an alert bar by default, which can be disabled, then it will show a status bar info icon.

NS could also show a blocked items info icon. When clicked it would show a list of blocked items, by default, limited to those normally silently blocked. But it could be configurable to show everything, or whatever.

It seems there's been an recent increase in posts about type checking blocked inclusions, highlighting the need for this.

al_9x wrote:It seems there's been an recent increase in posts about type checking blocked inclusions, highlighting the need for this.

It's due to a Google bug about the recently introduced X-Content-Type-Options: nosniff support.
However, both XSS and redirection blocking have this double-edged notification mechanism (notification bar + status bar icon), maybe an unified method with a single icon (NoScript warning) and an optional popup showing the details would be a good idea, indeed.

Giorgio Maone wrote:

al_9x wrote:It seems there's been an recent increase in posts about type checking blocked inclusions, highlighting the need for this.

It's due to a Google bug about the recently introduced X-Content-Type-Options: nosniff support.

Please specify what NS nosniff support entails, its purpose, its interaction with existing inclusionTypeChecking (and its existing options).

http://blogs.msdn.com/b/ie/archive/2008 ... ction.aspx (scroll down to "MIME-Handling: Sniffing Opt-Out")

BTW, Fx bugzilla entry for this, would be nice if it got at least "confirmed": https://bugzilla.mozilla.org/show_bug.cgi?id=471020

Giorgio Maone wrote:However, both XSS and redirection blocking have this double-edged notification mechanism (notification bar + status bar icon), maybe an unified method with a single icon (NoScript warning) and an optional popup showing the details would be a good idea, indeed.

I am suggesting a relatively easy (not changing existing notifications) first step along the unified path: to clean up the error console alerts and show them in a dialog invoked from an info icon that appears when there are any otherwise silent blocks. Each block entry should have a link to a FAQ entry explaining why it's blocked and how it can be overridden.

The nosniff situation highlights the need for the above. People don't know that something is blocked, if they do happen to discover it through the error console( unlikely), they won't understand why or what to do about it.