Page 1 of 2
noscript, boingboing.net and disqus
Posted: Sun Jul 24, 2011 7:11 pm
by orangesoda
BoingBoing just switched over to using a Disqus back-end for comments on its blog posts. Until now, I've been able to use that site with JS completely off, but no longer. So I'm going to have to allow Disqus to take part in any discussions over there.
Does anyone have any tips for only allowing JS from Disqus when it's used on that site (or any single site, more generally)? I don't really want it enabled for every random site I visit ...
Re: noscript, boingboing.net and disqus
Posted: Sun Jul 24, 2011 7:17 pm
by Giorgio Maone
Re: noscript, boingboing.net and disqus
Posted: Sun Jul 24, 2011 7:32 pm
by orangesoda
Wow. I was pessimistic when I first asked, but that looks a lot better than I expected. Maybe I shouldn't be surprised at NoScript functionality.
Thanks.
Re: noscript, boingboing.net and disqus
Posted: Mon Jul 25, 2011 2:19 am
by orangesoda
What's the difference, for items in the "Blocked Objects..." submenu, between an item, and the same item with a second site in parens next to it?
I.e., what's the difference between these two?
Temporarily allow *@
http://mediacdn.disqus.com
Temporarily allow *@
http://mediacdn.disqus.com (
http://boingboing.net)
Re: noscript, boingboing.net and disqus
Posted: Mon Jul 25, 2011 2:47 am
by orangesoda
I'm getting a ClearClick warning for the post comment "reply" box on BoingBoing's Disqus implementation. I usually don't allow things I get a ClearClick warning for .. if I allow it does the permission persist? I notice there's no UI for a ClearClick exceptions whitelist (just the checkboxes for Trusted and Untrusted, as far as I've seen) so if the permission persists, where is that stored? In noscript.clearClick.exceptions, noscript.clearClick.subexceptions?
Re: noscript, boingboing.net and disqus
Posted: Mon Jul 25, 2011 8:17 am
by Giorgio Maone
The former unconditionally allows embedding object from
http://mediacdn.disqus.com on any page, the latter on
http://boingboing.net only.
Regarding the ClearClick warning, you probably want to add some disqus URL to the
noscript.clearClick.subexceptionbs (page which can be embedded without being checked)
about:config preference.
However, since the problem with discus may be widespread, could you send me a Report ID so I can see if the exception is worth adding to the default preference?
Re: noscript, boingboing.net and disqus
Posted: Mon Jul 25, 2011 10:20 am
by orangesoda
Thanks for the answers.
Giorgio Maone wrote:.. could you send me a Report ID so I can see if the exception is worth adding to the default preference?
Sure, I just sent Report ID 1840947.
Re: noscript, boingboing.net and disqus
Posted: Thu Jan 05, 2012 12:45 am
by thomas4
Hi, I've read the FAQ and made an honest attempt on figuring this out but still can't setup ABE to allow disqus only on boingboing.net. What is missing in this code:
Code: Select all
Site *.disqus.com disqus.com
Accept from boingboing.net
Deny
Re: noscript, boingboing.net and disqus
Posted: Thu Jan 05, 2012 8:38 am
by Tom T.
thomas4 wrote:Hi, I've read the FAQ and made an honest attempt on figuring this out but still can't setup ABE to allow disqus only on boingboing.net. What is missing in this code:
Code: Select all
Site *.disqus.com disqus.com
Accept from boingboing.net
Deny
If we look at the sample rule in that FAQ,
Code: Select all
# google-analytics.com rule
Site google-analytics.com *.google-analytics.com
Accept from friend.com *.friend.com friend2.com *.friend2.com
Deny
We'll see that the permitted receiving site -- "friend.com" -- is listed twice (not counting "friend2.com", which is a separate sample site, and also listed twice):
once as only the domain name, friend.com, and once as *.friend.com. ("wildcarding" the friend.com domain)
The site name may be www dot boingboing.net, but the
JSView add-on also shows scripts from
http// boingbiong.net (no www) and mint.boingboing.net.
So add to your rule:
Code: Select all
Site *.disqus.com disqus.com
Accept from boingboing.net *.boingboing.net
Deny
Also -- not sure if this matters, but it's easier to follow the template than to test the issue
-- in the sample rule, the non-asterisked one is listed first.
I'm a big believer in following instructions, even before all else fails
, so let's do that:
Code: Select all
Site disqus.com *.disqus.com
Accept from boingboing.net *.boingboing.net
Deny
Let us know how that works for you.
(The documentation isn't clear on whether just
*.friend.com,
or just
.friend.com
will suffice as wildcards or "globs" by themselves, and there's already
a request to Giorgio to clarify that when he's able to turn his attention to it. So let's just follow the entire pattern until then.)
Re: noscript, boingboing.net and disqus
Posted: Thu Jan 05, 2012 12:44 pm
by tlu
Tom T. wrote:
(The documentation isn't clear on whether just
*.friend.com,
or just
.friend.com
will suffice as wildcards or "globs" by themselves, and there's already
a request to Giorgio to clarify that when he's able to turn his attention to it. So let's just follow the entire pattern until then.)
Tom, the
ABE rules specification says on p. 5:
*.some.site.com
glob expression; a glob expression starting with “.” will match both the subdomains having
it as a suffix and the domain stripped of the leading dot.
Thus, .boingboing.net should cover both boingboing.net and *.boingboing.net. And in my experience it does indeed.
Re: noscript, boingboing.net and disqus
Posted: Thu Jan 05, 2012 8:06 pm
by GµårÐïåñ
*.<any_domain> simply means it will include all the subdomains, such as www. xyz. abc. as in *.google.com will accept
www.google.com, mail.google.com, plus.google.com, etc. If you want JUST the domain and nothing descendent from it, then don't use the *. in the front.
Re: noscript, boingboing.net and disqus
Posted: Thu Jan 05, 2012 10:30 pm
by thomas4
Tom T. et al: Your suggested revised code doesn't fix the problem in my Firefox.
When I load an article on boingboing.net noscript in default blocks these:
disqus.com
admob.com
chartbeat.com
fmpub.net
typekit.com
Without your ABE code (modelled on the FAQ), I can display the discuss discussion posts by temporarily allowing all of the above. (Temporarily allowing only disqus.com and not the others is not enough.)
In contrast, using your ABE code doesn't show the discussion automatically. Furthermore, temporarily allowing all of the above still doesn't result in the discussion posts being shown as long as the ABE code is active. But if I then go to ABE settings and remove the code and press OK then the discussion posts are shown. So the code under examination effectively prevents the discussions posts it seems.
Re: noscript, boingboing.net and disqus
Posted: Fri Jan 06, 2012 12:57 am
by Tom T.
tlu wrote:Tom T. wrote:
(The documentation isn't clear on whether just
*.friend.com,
or just
.friend.com
will suffice as wildcards or "globs" by themselves, and there's already
a request to Giorgio to clarify that when he's able to turn his attention to it. So let's just follow the entire pattern until then.)
Tom, the
ABE rules specification says on p. 5:
*.some.site.com
glob expression; a glob expression starting with “.” will match both the subdomains having
it as a suffix and the domain stripped of the leading dot.
Those are two different statements. If you look at the thread to which I linked, the confusion is:
*.some.site.com starts with a leading asterisk.
"." doesn't include a leading asterisk.
.some.site.com is not the same syntax as *.some.site.com. Agreed?
This is the ambiguity that needs to be cleared up in the documentation.
tlu wrote:Thus, .boingboing.net should cover both boingboing.net and *.boingboing.net. And in my experience it does indeed.
That's useful to know, and thanks for the input. But again, the documentation should say exactly that.
For max simplicity, if .site.com works
identically as *.site.com, then *.site.com should be dropped from the rules altogether.
thomas4 wrote:I can display the discuss discussion posts by temporarily allowing all of the above. (Temporarily allowing only disqus.com and not the others is not enough.)
That would have been useful information in your first post.
I'll have to go to the site itself, play with the comment things, etc., see what's needed, and come back with the results. Will do so when time permits, thanks.
Re: noscript, boingboing.net and disqus
Posted: Fri Jan 06, 2012 4:21 am
by Tom T.
I was able to display comments (with no ABE rule) by temp-allowing only boingboing.net and disqus.com, plus pointing to Blocked Objects (which doesn't show until the page reloads after the allow), and temp-allowing
Code: Select all
Font@http://mediacdn.disqus.com (http://boingboing.net)
If you have boing and disqus whitelisted, this object should already show in your NS menu.
The ABE rule does seem to prevent the latter from loading. I ran out of time after eliminating, one-by-one, all of those other scripts that you said were necessary to display comments. (They aren't. Somewhere in there, probably by "Allow all this page", the above object got allowed.)
So, anyone know off the top of their head how to allow the Font@ thing in ABE? I tried a couple of ways, without success, but had to move on.
ETA: That was on 3.6.25, and once allowed, it seemed to be sticky. On Fx 9.01, comments display without that object, which doesn't show in the menu. But the ABE rule still kills the comments, which is why that object is the suspected culprit.
Re: noscript, boingboing.net and disqus
Posted: Fri Jan 06, 2012 9:25 am
by thomas4
Thanks Tom! I will test this out more later today when I get back from work. I should say that I'm new to both noscript and ABE so there is a steep learning curve on all aspects of this for me.