Comments on: Cross-Site XBL Returns from the Dead http://hackademix.net/2009/03/09/cross-site-xbl-returns-from-the-dead/ Giorgio Maone's answers to the Web, the Universe, and Everything Wed, 16 May 2012 22:01:26 +0000 http://wordpress.org/?v=2.2.3 By: Pat http://hackademix.net/2009/03/09/cross-site-xbl-returns-from-the-dead/#comment-14278 Pat Mon, 17 Aug 2009 10:52:35 +0000 http://hackademix.net/2009/03/09/cross-site-xbl-returns-from-the-dead/#comment-14278 Hi I'd like to know if it's possible to read the web page html code and apply a filter of if's and elses to remove or filter certain runs of code? My problem is that participate in a web forum where I get into a lot of heated arguments with a certain two posters. I'd like to make my own filter that works to simply filter out comments by those two people and not display them in my browser. I know it sounds juvenile, but I'd like to do this for myself as well as friends who blog on the same forum and are constantly baited and cajoled, and the moderator refuses to do anything about it. Would I need to hack the chrome source code, or is it possible to add a script to usercontent.css? Is that even possible? Yes, I do need some general advice and pointed in the right direction. Thanks for your time Hi I’d like to know if it’s possible to read the web page html code and apply a filter of if’s and elses to remove or filter certain runs of code?

My problem is that participate in a web forum where I get into a lot of heated arguments with a certain two posters. I’d like to make my own filter that works to simply filter out comments by those two people and not display them in my browser. I know it sounds juvenile, but I’d like to do this for myself as well as friends who blog on the same forum and are constantly baited and cajoled, and the moderator refuses to do anything about it.

Would I need to hack the chrome source code, or is it possible to add a script to usercontent.css? Is that even possible? Yes, I do need some general advice and pointed in the right direction. Thanks for your time

]]> By: esquifit http://hackademix.net/2009/03/09/cross-site-xbl-returns-from-the-dead/#comment-11526 esquifit Fri, 20 Mar 2009 00:00:27 +0000 http://hackademix.net/2009/03/09/cross-site-xbl-returns-from-the-dead/#comment-11526 I'd noted this fact about one year ago when switching from FF2 to FF3. I was using a XBL binding from Stylish to embed scripts in web pages 'à la Greasemonkey', and this ceased to work in FF3. Boris Zbarsky at mozilla.dev.tech.xbl told me about the change in the policy. Then I noticed that a simple workaround was to have a style which would consist of an @include statement, and the @included stylesheet (hosted in my domain) would contain the XBL binds in the same domain. I blogged about that in http://esquifit.blogspot.com/2008/08/enhancing-content-with-xbl-2.html. Now know I should have reported this as a bug, but I felt comfortable with my 'solution'. I can live with the NS protection, hopefully the mozilla guys won't 'over-fix' this. I’d noted this fact about one year ago when switching from FF2 to FF3. I was using a XBL binding from Stylish to embed scripts in web pages ‘à la Greasemonkey’, and this ceased to work in FF3. Boris Zbarsky at mozilla.dev.tech.xbl told me about the change in the policy. Then I noticed that a simple workaround was to have a style which would consist of an @include statement, and the @included stylesheet (hosted in my domain) would contain the XBL binds in the same domain. I blogged about that in http://esquifit.blogspot.com/2008/08/enhancing-content-with-xbl-2.html. Now know I should have reported this as a bug, but I felt comfortable with my ’solution’. I can live with the NS protection, hopefully the mozilla guys won’t ‘over-fix’ this.

]]> By: Felipe http://hackademix.net/2009/03/09/cross-site-xbl-returns-from-the-dead/#comment-11494 Felipe Tue, 17 Mar 2009 14:49:31 +0000 http://hackademix.net/2009/03/09/cross-site-xbl-returns-from-the-dead/#comment-11494 Hey Giorgio, a bit off-topic, but you really should see that! The folks from Mozilla Brasil made a couple of videos asking people why they use Firefox, and many people cited security, web-standards, add-ons, etc. NoScript was cited many times. (The videos were made on a geek event, Campus Party) But there was definitely one *enthusiastic* fan of NoScript =) Take a look: http://vimeo.com/3292638 It's in Portuguese, so if you want just go to the very end of the movie, around 2:45. Hey Giorgio, a bit off-topic, but you really should see that! The folks from Mozilla Brasil made a couple of videos asking people why they use Firefox, and many people cited security, web-standards, add-ons, etc. NoScript was cited many times. (The videos were made on a geek event, Campus Party)
But there was definitely one *enthusiastic* fan of NoScript =) Take a look: http://vimeo.com/3292638 It’s in Portuguese, so if you want just go to the very end of the movie, around 2:45.

]]> By: Basti http://hackademix.net/2009/03/09/cross-site-xbl-returns-from-the-dead/#comment-11361 Basti Tue, 10 Mar 2009 19:14:34 +0000 http://hackademix.net/2009/03/09/cross-site-xbl-returns-from-the-dead/#comment-11361 NoScript saves the world, again. Why ever it has to... Although you can't say it's Firefoxs' fault I hope 3.1 and following 3.2 will be safer by default. FF is very good as you all can see: they are fixing it. NoScript + Brain help a lot until the internet is safe... (a little sarcasm, it will never be) NoScript saves the world, again. Why ever it has to… Although you can’t say it’s Firefoxs’ fault I hope 3.1 and following 3.2 will be safer by default. FF is very good as you all can see: they are fixing it.

NoScript + Brain help a lot until the internet is safe… (a little sarcasm, it will never be)

]]> By: Tom T. http://hackademix.net/2009/03/09/cross-site-xbl-returns-from-the-dead/#comment-11352 Tom T. Tue, 10 Mar 2009 00:49:54 +0000 http://hackademix.net/2009/03/09/cross-site-xbl-returns-from-the-dead/#comment-11352 Praise be to the Spaghetti Monster! Giorgio, *please* maintain full compatibility with Fx 2.20 for as long as you possibly can. There are many users, including myself, who refuse Fx3 as being unproven (as you've just proved!), more complex, useless and distracting graphics, etc. There are extensive threads at Mozillazine to this effect, or it would be simple to check their stats on how many F2s are still running (by the number of nag screens they pop up to tell you to upgrade). Thank you so much! @ Aerik: For the sake of us dummies, can you please list specific instructions for each change, and what the effect will be? For example, I see NSForbidChromeScripts and ForbidData, but don't immediately find "file" or "resource". And XBL seems to default to 4. I don't know what the levels mean, but if 5 is safer, I'll do it, but what will change in the browser's appearance and behavior? You seem to have a very good handle on maximum lock-down; please share your complete setup and results with the codely-challenged. As far as being "paranoid", one of my favorite quotes from the movie "Conspiracy Theory" is "I'm only paranoid because they want me dead." In other words, you're not paranoid if you're right, which you are. Thanks! Praise be to the Spaghetti Monster! Giorgio, *please* maintain full compatibility with Fx 2.20 for as long as you possibly can. There are many users, including myself, who refuse Fx3 as being unproven (as you’ve just proved!), more complex, useless and distracting graphics, etc. There are extensive threads at Mozillazine to this effect, or it would be simple to check their stats on how many F2s are still running (by the number of nag screens they pop up to tell you to upgrade). Thank you so much!

@ Aerik:
For the sake of us dummies, can you please list specific instructions for each change, and what the effect will be? For example, I see NSForbidChromeScripts and ForbidData, but don’t immediately find "file" or "resource". And XBL seems to default to 4. I don’t know what the levels mean, but if 5 is safer, I’ll do it, but what will change in the browser’s appearance and behavior? You seem to have a very good handle on maximum lock-down; please share your complete setup and results with the codely-challenged.

As far as being "paranoid", one of my favorite quotes from the movie "Conspiracy Theory" is "I’m only paranoid because they want me dead." In other words, you’re not paranoid if you’re right, which you are. Thanks!

]]> By: Aerik http://hackademix.net/2009/03/09/cross-site-xbl-returns-from-the-dead/#comment-11347 Aerik Mon, 09 Mar 2009 23:14:08 +0000 http://hackademix.net/2009/03/09/cross-site-xbl-returns-from-the-dead/#comment-11347 I knew I always kept noscript.forbidXBL to 5 for a reason. And I allow my AdBlock Plus to apply to chrome: URL's, and I block all XBL except for a few chrome XBL addresses. In fact I find no real problems with turning adblock's about:config preference extensions.adblockplus.whitelistschemes completely blank, and only whitelisting exact things I need, applied only to the specific websites I need them to work on. I also forbid chrome:, data:, file:, and resource: in NoScript. I'm paranoid that way, but it doesn't hurt anything at all to do it. I knew I always kept noscript.forbidXBL to 5 for a reason. And I allow my AdBlock Plus to apply to chrome: URL’s, and I block all XBL except for a few chrome XBL addresses.

In fact I find no real problems with turning adblock’s about:config preference extensions.adblockplus.whitelistschemes completely blank, and only whitelisting exact things I need, applied only to the specific websites I need them to work on. I also forbid chrome:, data:, file:, and resource: in NoScript. I’m paranoid that way, but it doesn’t hurt anything at all to do it.

]]>