NoScript Quantum 10.1.4 is out, and while it might seem a fairly minor release, it does fix some performance issues under the hood and a quite annoying bug making maximized windows "jump down" when you open the NoScript UI. Talking of which, now that these back-end cleanup is done, I can finally give some more love to all the suggestion about improving usability that you kindly provided so far.
Starting with the XSS popup, which unfortunately cannot be an "old style", interactive but out of your way, notification anymore because of limitations in the WebExtensions (I cannot even open the NoScript menu programmatically, it must be reacting to user's input); but can, for instance, include an "always block requests from a.com to b.com" to make it less noisy.
Thank you also for all the UI prototypes and wireframes you've sent, I'm gonna start trying merging some of these ideas right away :)
December 1st, 2017 at 9:17 am
Thank you for your hard work! Much appreciated.
Do you plan on bringing back separate default settings for first-party and third-party scripts? That part of functionality is impossible to recreate in v10, and I don't think I was the only user who preferred to relax NoScript settings a bit with first-party scripts temporarily allowed by default, and the rest blocked.
December 1st, 2017 at 10:01 am
Hi Giorgio. With version 10.1.4, I find many domains are missing in the NoScript Drop down menu. So, sites cant load or work properly. Domains missing fall in all categories (Trusted, Untrusted and Default). I posted pictures in the thread below. NoScript is the champ. Best regards.
https://forums.informaction.com/viewtopic.php?f=7&t=23988&p=93270#p93270
Bo
December 1st, 2017 at 10:10 am
@Giorgio: What features that were available in "classic" NoScript, are currently missing or not operational in NS-10*? Secondly, with the exception of the UI, will we get all of the old features back?
It would be really nice if you could spare just one breath and give us an answer :)
On my investigations and estimates, with FF-57+; it would appear that one would need at least [ uMatrix + HTTPS Everywhere + Privacy Badger + * ] to almost match the features what we had in the one addon with "classic NoScript.
December 1st, 2017 at 10:27 am
Hi again.
I don't know if you have already worked on it, but now, at least temporarily allowing all the page makes xhr possible from content scripts. This didn't work so far, but now does. Maybe this helps???
Keep up the good work!
December 1st, 2017 at 10:48 am
NoScript seems to be stable and well working now.
Thanks a lot!
December 1st, 2017 at 10:54 am
@Bounder:
The main (most visible, but not the only) features of NoScript, beside script blocking, which are not present in any other security product are:
Both ABE and ClearClick are scheduled for release in 10.2 end of December or beginning of January. And no, with uMatrix + HTTPS Everywhere + Privacy Badger you can barely match 3rd party active content blocking + HTTPS locking, but none of the above (XSS, Clickjacking and CSRF protection).
December 1st, 2017 at 3:00 pm
Thank your for this great add-on!
Will there ever be a option to set all domains by default to "untrusted" ? I noticed with the new Quantum extension that certain site elements are allowed by default and I have to explicitly have to set the responsible domains to untrusted to block them.
Again, thanks for all your hard work.
John
December 1st, 2017 at 4:01 pm
Giorgio, will you backport security fixes to 5.x series?
December 1st, 2017 at 4:21 pm
@Giorgio:
Thanks for your feedback, which is most appreciated.
Indeed; ClearClick & ABE are eagerly awaited.
The course of my "investigations" made me appreciate even more how much of GRANULAR "one stop shop" NoScript has been. A couple of other unique examples of would be:
* Ability to SELECTIVELY block scripts and objects within a domain (I've been lead to believe that this is not directly possible within uMatrix, and that there are no plans to implement such over there).
* Extensive collection of Script Surrogates.
I'm one of the crowd who prefer the granular ability to block everything and allow as required.
As many others say: Thank you very much for all the good work.
December 1st, 2017 at 4:32 pm
Way past my bed time here. Some minor corrections to my last post would be required it seems:
* Replace "...much of GRANULAR" with "...much of a GRANULAR".
* Replace "...(I've been lead to believe..." with "...(I've been led to believe..."
Cheers again.
December 1st, 2017 at 4:33 pm
@tor:
Of course, as long as the Tor Browser doesn't switch to Firefox 59 ESR (likely June 2018).
December 1st, 2017 at 4:44 pm
Giorgio Maone: "I think I've spotted the culprit (some scripts are not reported, but blocked anyway). I'm gonna fix it ASAP."
Thank you Giorgio Maone! Is there an ETA for this hotfix?
I know you are pretty busy juggling things and still maintaining NoScript for the torproject. I wanted to know what time of day or week, in your timezone, do you release hotfixes and major releases?
Also, how long does it take now for Mozilla to manually/automatically approve an addon update?
December 1st, 2017 at 4:47 pm
10.1.4 shows up a problem with exactly this site: I removed google.com from the trusted list. As expected, the captcha for commenting does not show up and the noscript button shows as blocking some sites with a small "2" (I assume 2 scripts blocked). If one opens the menu, only hackademix.net shows up as trusted but the google.com domain is not listed at all thereby making it impossible to allow google.com temporarily. I had to enable google.com on the settings page to make this comment.
December 1st, 2017 at 4:54 pm
To add to my previous comment (#13): Temporarily allow all on this site works neither.
December 1st, 2017 at 5:50 pm
Looking at the Options page still locks Firefox solid, so still not truly useable. Removed again.
December 1st, 2017 at 6:49 pm
Please, please, please add whitelist import so I can browse the web as I used to!
December 1st, 2017 at 7:39 pm
@Frank: I don't see that lockup with 10.1.4 on Windows 10 in Firefox 57.0.1.
December 1st, 2017 at 7:54 pm
@all, @Giorgio
I suggest to encourage people to use the corresponding thread in Support Forum for discussing issues/bugs.
https://forums.informaction.com/viewforum.php?f=7
Here all topics are mixed up, so that many people don't seem to read the related previous posts - filling the comments section up repeatedly with (long) discussions of the same already known issues.
Does anyone feel the same?
@Richard
This bug is already known:
https://forums.informaction.com/viewtopic.php?f=7&t=23988#p93274
December 1st, 2017 at 9:51 pm
@RandomNoScriptUsr:
Just released NoScript 10.1.5.
December 1st, 2017 at 11:02 pm
Hi Giorgio. Thanks for the quick fix. Version 10.1.5 fixes the problem I reported. I cant reproduce it anymore. Keep them (NoScript releases) coming.
BO
December 1st, 2017 at 11:29 pm
What about flashgot? When you start working on firefox quantum support?
December 1st, 2017 at 11:52 pm
Is there a way to reset the settings? My settings are such a mess right now that I would prefer to set my preferences on each site with a clean slate.
December 1st, 2017 at 11:54 pm
@Sosiskin:
I'll take on FlashGot as soon as NoScript has both ClearClick and ABE back (hopefully in one month or so).
Closing comments here, please continue in th 10.1.5 post (bug reports in the forum, though).
December 1st, 2017 at 11:56 pm
With the 10.1.5 version when I highlight some text, right click, and then click on "Search Google for..." I always get a XSS warning, but if I do it a 2nd time, I don't.
I don't think I should be getting a warning at all with using the "Search Google for..." feature of the context menu.