InformAction Forums

Posted: **Tue Jul 19, 2011 6:01 pm**

Giorgio, I installed the latest version, it showed up, I was able to use the interface that comes through the URL bar to make choices and it was seemingly fine but suddenly it has stopped showing up and will not invoke. Pages load, no sign of NSA.

Additionally, when you go to addons, its there, but when you click on the option button, nothing happens. I would expect to see the one text box with the JSON code in it so it can be manually edited until there is an actual interface for it, but nothing shows up. What I mean by nothing shows up is that literary nothing shows up, not even the textbox with the statement in it, no nothing, it just grays out and nothing happens.

Any idea what is going on? Basically NSA is installed, updated, but not there and doing anything. Let me know if I can send you anything further to help you figure it out. Thanks.

Posted: **Tue Jul 19, 2011 8:19 pm**

Quick update. Removing the addon and re-installing it (since the reset button wouldn't work) has placed it into function. However, once the browser is restarted and opened the next time, again it goes back into being dormant and not showing up or asserting itself.

While we are at it, I also have a question on the structure of the JSON statement to make sure that I (perhaps others) have a true understanding of what the options set there actually mean.

Code: Select all

{"UNTRUSTED":{},"TRUSTED":{"js":true,"java":true,"flash":true,"media":true,"frame":true,"font":true,"DEFAULT":{"frame":true},"mozilla.org":1,"mozilla.com":1 [...ETC...]}

My understanding of looking at this code is that sites listed after DEFAULT are allowed by default, no duh. I am assuming, although not sure, that the :1 after them means they are allowed, but not sure and what are all the available options there (possible values)? The items under TRUSTED with :true after them, I am assuming are the types of content that are allowed on trusted/allowed sites and can also have :false if you want to disable any part of it. I am assuming that anything in the UNTRUSTED section will have all the content types under TRUSTED checked and automatically set to :false, correct?

So if I put xyz.com in the UNTRUSTED section, it will have all the items js/java/flash/media/frame/font set to :false correct? The items under TRUSTED that are set to :true will be available to trusted sites but if I set any of those to :false, it should block them on allowed sites too, correct? Will removing the DEFAULT section break functionality or will it be fine, like it is now on NS full version?

Posted: **Wed Jul 20, 2011 4:08 pm**

FWIW, NSA has it's own forum:

NoScript Mobile

Posted: **Wed Jul 20, 2011 6:07 pm**

dhouwn wrote:FWIW, NSA has it's own forum: NoScript Mobile

Yeah and that's where its posted, your point?

Posted: **Wed Jul 20, 2011 10:08 pm**

GµårÐïåñ wrote:Quick update. Removing the addon and re-installing it (since the reset button wouldn't work) has placed it into function. However, once the browser is restarted and opened the next time, again it goes back into being dormant and not showing up or asserting itself.

Could you check whether the error console show any error message (current NSA alphas are quite verbose anyway)?
Regarding the JSON, it was put in a more readable and commented format on the NSA site:

Code: Select all

{
  "UNTRUSTED":{}, // empty permission set
  "TRUSTED":{
    "js": true,
    "java": true,
    "flash": true,
    "silverlight": true,
    "plugin": true,
    "frame": true,
    "font": true},
  "DEFAULT":{"frames": true}, // default deny, except for frames
  "mozilla.org":1, // reference to TRUSTED 
  "mozilla.com":1,
  "mozilla.net":1,
  "noscript.net":1,
  "flashgot.net":1,
  "mail.google.com":{ // custom
    "js":true,
    "flash":true,
    "frame":true}, 
  "doubleclick.net":0 // ref. to UNTRUSTED
}

As you can see, we fully define 3 "groups", i.e. TRUSTED (like the currently whitelisted sites), UNTRUSTED (like our implicit blacklist) and DEFAULT (any website which is not explicitly listed in the policy).

"1" and "0" are used during JSON serialization as references to UNTRUSTED (0) and TRUSTED (1), but they just mean that the website which references them "inherits" its permissions from one of these two groups.
Of course, any site can declare its own custom permissions (in this sample mail.google.com does), even though there's no UI yet to handle them (as you can see, you can just rotate a site from DEFAULT to TRUSTED to UNTRUSTED), but it will come later.

Posted: **Wed Jul 20, 2011 10:55 pm**

Giorgio Maone wrote:Could you check whether the error console show any error message (current NSA alphas are quite verbose anyway)?

I checked and there is nothing there relating to NSA. Just some messages about addonRepository.js and that's all.

Giorgio Maone wrote:Regarding the JSON, it was put in a more readable and commented format on the NSA site:

Yeah I hadn't looked recently but I had a copy of the JSON and working through it, figured most of it straight forward but wanted to validate with you.

Giorgio Maone wrote:As you can see, we fully define 3 "groups", i.e. TRUSTED (like the currently whitelisted sites), UNTRUSTED (like our implicit blacklist) and DEFAULT (any website which is not explicitly listed in the policy).

Understood, with you there so far, I got that much already.

Giorgio Maone wrote:"1" and "0" are used during JSON serialization as references to UNTRUSTED (0) and TRUSTED (1), but they just mean that the website which references them "inherits" its permissions from one of these two groups.

Suspected as much, so far so good. But a followup question, if you have an item under say DEFAULT and/or TRUSTED but you put :0 intending to mark it as UNTRUSTED, will the inherited permission from TRUSTED group override that? or DEFAULT for that matter? I hope you know where I am going with this.

Giorgio Maone wrote:Of course, any site can declare its own custom permissions (in this sample mail.google.com does), even though there's no UI yet to handle them (as you can see, you can just rotate a site from DEFAULT to TRUSTED to UNTRUSTED), but it will come later.

So at the moment, NSA will allow the option of servers pushing their own rules and we can't stop it like we can in the regular NS version by unchecking it, is that what you are saying? Just want to make sure, or you are saying that is feature that will come later but not there yet? Of if you have something like mail.google.com explicitly marked as say UNTRUSTED, they push it, will it override what you have explicitly disallowed? Or will it honor as final word the user's input?

Also, a common problem with modifying the JSON in the options section is that it is ALL displayed on a single line, and as you know editing text on a mobile device in this manner is VERY tedious and difficult, until the UI comes into play, which is a must for such difficult input devices, is there anyway to have the JSON field be a textarea rather than textbox, so it can be viewed in a more flowing manner, like how have it here on the screen? Just wondering. At the moment, I have to copy all and paste into a text editor, make my changes, and then select all and drop back into the box and its a bit, an understatement, of a pain in the neck to do.

Also, I notice that you have silverlight on your provided code but the code I got directly from the NSA installation on my phone, did not have that in the JSON, is that a recent implementation? I would have expected if it was released to update onto the device settings, no? Or if you have a customization of the JSON, it can't integrate anything new without risk of breaking existing configuration? And you didn't respond on the specifics of setting true/false in each section and their respective implications, can you please read that part and give me some feedback, thanks.

Posted: **Thu Jul 21, 2011 6:30 am**

GµårÐïåñ wrote:
Giorgio Maone wrote:Could you check whether the error console show any error message (current NSA alphas are quite verbose anyway)?
I checked and there is nothing there relating to NSA. Just some messages about addonRepository.js and that's all.

That's strange. I use NSA on my HTC Desire on a daily base since its first "public" alpha, and never had your "automatic disablement" problem.
Could you check on a clean profile?

GµårÐïåñ wrote: f you have an item under say DEFAULT and/or TRUSTED but you put :0 intending to mark it as UNTRUSTED, will the inherited permission from TRUSTED group override that? or DEFAULT for that matter? I hope you know where I am going with this.

First, the JSON is not meant to be modified manually (and is likely to change / be improved, e.g. with site-dependent permissions for embeddable objects).
However yes, if you put :0 to mark a site as UNTRUSTED, the restrictions for the UNTRUSTED group override the (usually milder) DEFAULT ones.

GµårÐïåñ wrote:
Giorgio Maone wrote:Of course, any site can declare its own custom permissions (in this sample mail.google.com does), even though there's no UI yet to handle them (as you can see, you can just rotate a site from DEFAULT to TRUSTED to UNTRUSTED), but it will come later.
So at the moment, NSA will allow the option of servers pushing their own rules and we can't stop it like we can in the regular NS version by unchecking it, is that what you are saying?

Nope, I probably choose my word poorly. "Any site can declare its own custom permissions" should be read "user can set custom fine-grained permission for any site, independent from the built-in TRUSTED/UNTRUSTED/DEFAULT group".

GµårÐïåñ wrote: Also, a common problem with modifying the JSON in the options section is that it is ALL displayed on a single line

As I said, the JSON is not meant to be edited manually (it's just exposed as a reference for the curious hacker).
[/quote]

GµårÐïåñ wrote: Also, I notice that you have silverlight on your provided code but the code I got directly from the NSA installation on my phone, did not have that in the JSON, is that a recent implementation? I would have expected if it was released to update onto the device settings, no?

Not in this phase, when the format is still a moving target.

GµårÐïåñ wrote:Or if you have a customization of the JSON, it can't integrate anything new without risk of breaking existing configuration?

Measures are being taken on updates not to break the "meaning" of the existing user-set permissions, even if the underlying format radically changes.

GµårÐïåñ wrote:And you didn't respond on the specifics of setting true/false in each section and their respective implications, can you please read that part and give me some feedback, thanks.

Quite intuitively, for each permission "true" means allowed, "false" (or missing) means forbidden.

Posted: **Thu Jul 21, 2011 9:25 pm**

Giorgio Maone wrote:That's strange. I use NSA on my HTC Desire on a daily base since its first "public" alpha, and never had your "automatic disablement" problem.
Could you check on a clean profile?

Just reporting what I see. This is a clean profile actually with just NSA on it, but I will scrap the profile and try again, will keep you posted. I use mine on an HTC EVO and the expected behavior should be identical to your Desire as the device and configuration are nearly identical.

Giorgio Maone wrote:First, the JSON is not meant to be modified manually (and is likely to change / be improved, e.g. with site-dependent permissions for embeddable objects).
However yes, if you put :0 to mark a site as UNTRUSTED, the restrictions for the UNTRUSTED group override the (usually milder) DEFAULT ones.

Ok, I figured since there is no GUI to set the options like the current NS that it was meant to be edited by hand to achieve the desired effect. But thank you for clarifying that changes can still be made and enforced, thank you.

Giorgio Maone wrote:Nope, I probably choose my word poorly. "Any site can declare its own custom permissions" should be read "user can set custom fine-grained permission for any site, independent from the built-in TRUSTED/UNTRUSTED/DEFAULT group".

No, you did fine. I just wanted to make sure that I understood it correctly, it was not an impeachment of what you said. Thank you for the explanation.

Giorgio Maone wrote:Not in this phase, when the format is still a moving target.

Gotcha, that's good to know, thank you.

Giorgio Maone wrote:Measures are being taken on updates not to break the "meaning" of the existing user-set permissions, even if the underlying format radically changes.

Good to know, thank you. I just wanted to ensure that whatever changes are made for testing are retained to see the differences, that's all. Thank you.

Giorgio Maone wrote:Quite intuitively, for each permission "true" means allowed, "false" (or missing) means forbidden.

Yes as I stated in my original post, I gathered intuitively for them to mean that but I wanted to make sure that it wasn't just a redundancy that would be ignored/overridden by inherited permissions and if in actually changing those would result in the expected behavior. That's all, thank you. I will create a sample JSON that would demonstrate what I meant visually so you know what I meant beyond the obvious. Thank you.

Posted: **Fri Mar 23, 2012 2:46 am**

Very sorry to jump in on such an old thread, but I was having the exact same problem described by the OP. (NSA would stop working after firefox was closed; reinstalling NSA fixed it until firefox closed again.) After several weeks of reinstalling NSA, I eventually tried setting FF's browser.sessionstore.resume_from_crash to false, I reinstalled NSA one more time, and now NSA seems to work all the time. I don't know why changing that setting helped or if it well help anyone else, but there you go.

Posted: **Fri Mar 23, 2012 8:07 am**

Thank you for sharing, will look into it.

Posted: **Fri Sep 14, 2012 8:58 pm**

At the moment NSA is being overhauled due to unexpected and abrupt code change by Mozilla, so you need to be patient until its done and all the kinks are worked out.

Posted: **Sat Sep 15, 2012 1:17 am**

Spammer got you.

Posted: **Tue Oct 09, 2012 9:50 pm**

Thrawn wrote: Spammer got you.

Good for them, once every decade they are due.

Posted: **Tue Oct 09, 2012 9:52 pm**

Thrawn wrote: Spammer got you.

Try NSA++ on the nigthly yet? Since you are using your FROYO to post. I have been trying to go back and forth with Giorgio and debugging mostly GUI issues a the moment. If you have root screenshot capability, you can help.

Posted: **Wed Oct 10, 2012 1:16 am**

GµårÐïåñ wrote:
Thrawn wrote: Spammer got you.
Try NSA++ on the nigthly yet? Since you are using your FROYO to post. I have been trying to go back and forth with Giorgio and debugging mostly GUI issues a the moment. If you have root screenshot capability, you can help.

Sadly, I can't. It's an ARMv6 device, so it can't use regular Fx. There are some unstable nightlies for ARM6, but being nightlies, they use the Android-native interface.

We may be getting a tablet soon that could help, though. Remind me in a few weeks if I don't get back to you.

InformAction Forums

NSA 3.0a3 Does Not Invoke on Fx 5.0 Mobile

NSA 3.0a3 Does Not Invoke on Fx 5.0 Mobile

Re: NSA 3.0a3 Does Not Invoke on Fx 5.0 Mobile

Re: NSA 3.0a3 Does Not Invoke on Fx 5.0 Mobile

Re: NSA 3.0a3 Does Not Invoke on Fx 5.0 Mobile

Re: NSA 3.0a3 Does Not Invoke on Fx 5.0 Mobile

Re: NSA 3.0a3 Does Not Invoke on Fx 5.0 Mobile

Re: NSA 3.0a3 Does Not Invoke on Fx 5.0 Mobile

Re: NSA 3.0a3 Does Not Invoke on Fx 5.0 Mobile

Re: NSA 3.0a3 Does Not Invoke on Fx 5.0 Mobile

Re: NSA 3.0a3 Does Not Invoke on Fx 5.0 Mobile

Re: NSA 3.0a3 Does Not Invoke on Fx 5.0 Mobile

Re: NSA 3.0a3 Does Not Invoke on Fx 5.0 Mobile

Re: NSA 3.0a3 Does Not Invoke on Fx 5.0 Mobile

Re: NSA 3.0a3 Does Not Invoke on Fx 5.0 Mobile

Re: NSA 3.0a3 Does Not Invoke on Fx 5.0 Mobile