Want to talk about NoScript? Post here. Topic is solved

Add-ons for Pale Moon and other applications
General discussion, compatibility, contributed extensions, themes, plugins, and more.

Moderators: FranklinDM, Lootyhoof

User avatar
Isengrim
Board Warrior
Board Warrior
Posts: 1325
Joined: 2015-09-08, 22:54
Location: 127.0.0.1
Contact:

Re: Want to talk about NoScript? Post here.

Unread post by Isengrim » 2019-01-27, 15:16

Duckguy wrote:For me, I had to go all the way back to version 2.9 of NoScript for Pale Moon to accept the plug-in. I'm using Pale Moon 25.8.1 (x64)
The latest version of "classic" NoScript is only compatible with Pale Moon 27 and later.
Off-topic:
The latest version of Pale Moon is 28.3.1. Version 25 is no longer supported.
a.k.a. Ascrod
Linux Mint 19.3 Cinnamon (64-bit), Debian Bullseye (64-bit), Windows 7 (64-bit)
"As long as there is someone who will appreciate the work involved in the creation, the effort is time well spent." ~ Tetsuzou Kamadani, Cave Story

User avatar
4td8s
Moonbather
Moonbather
Posts: 67
Joined: 2018-08-18, 23:54

Re: Want to talk about NoScript? Post here.

Unread post by 4td8s » 2019-02-25, 21:21

speaking of Noscript, I recently saw this topic in the InformAction Forums Noscript section regarding NS 5.1.9 crashing PM when accessing Gmail:

https://forums.informaction.com/viewtop ... =7&t=25430

apparently that turned out to be an addon conflict between Noscript 5.1.9 and the Disconnect addon using Palemoon 28.3.1

I wonder if Palemoon supports the Disconnect addon as that addon has not been updated since early April 2017.
Edit: then I saw a few reviews of that addon that made me think twice of using it

Larvell Jones

Feedback

Unread post by Larvell Jones » 2019-04-30, 08:22

[Feedback]

Dear Palemoon / Moonchild Team,

pretty much everything has been said and there is not much to add. Yes, I have read pretty much all pages (old & new thread) related to this 'issue'.

I agree with the developers / administrators that this is merely a 'Level 1' Warning and we are allowed to safely discard it. :thumbup: The question that one now can ask is 'why do I need to be allowed to discard a Level 1 warning'.
Sure, you are just trying to be nice to those who are unconcious and have no further knowledge on how to operate their personal computer with software installed in a way that does not harm them.

The point is that even though the argument of level 1 might be valid it just seems as if you are trying to take control from us [experienced] users. I recommend Firefox or other browsers with 'automatic protection modus' to those too lazy to actually RTFM. Pardon me stating that. :problem:

I do not wish to be patronized by my software nor my computer. I am the human and I am in control of the machine. I am fully aware that the world wide web is full of dangers whether it is with or without scripts and their blockers. Frankly I could even slip whilst typing these words and break my finger and sadly the keyboard manufacturer did not issue any warning whatsoever to a level 2 risk (or at least I perceive breaking my finger as a level 2).

With this in mind: Thank you for warning me dear Moonchild crew. But please bear in mind that I am exposed to many risks on a daily basis and do not wish to be treated as a snowflake. :thumbdown:

One more thing: While I told my browser now to STFU and am now receiving those "warnings with the possibility to unhook", I do come across the browser just deactivating the entire addon without even prompting. That is just a tiny tad too much.
[Background is that I do have to setup the browser on each boot as nothing is being stored physically]

Thank you very much for your attention & reading my feedback. I am aware of the [possible] answer to this but I do still think that palemoon is a better option to my setup than "Quantum Mechanics" :lol:

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 35477
Joined: 2011-08-28, 17:27
Location: Motala, SE
Contact:

Re: Want to talk about NoScript? Post here.

Unread post by Moonchild » 2019-04-30, 10:17

Larvell Jones wrote:
2019-04-30, 08:22
The question that one now can ask is 'why do I need to be allowed to discard a Level 1 warning'.
It is to inform, not to restrict.
Larvell Jones wrote:
2019-04-30, 08:22
Sure, you are just trying to be nice to...
It's actually more than that. It is trying to find that spot that provides enough guidance for a wide variety of users, but doesn't take away choice from those who insist they want to take the risks (in the case of NoScript also the risk of being on your own when running into any issues with the browser).
Larvell Jones wrote:
2019-04-30, 08:22
I do not wish to be patronized by my software nor my computer.
Neither do I, but if you call a warning about a known-problematic extension "patronizing" then you're having a really strange view of the software.
Larvell Jones wrote:
2019-04-30, 08:22
With this in mind: Thank you for warning me dear Moonchild crew. But please bear in mind that I am exposed to many risks on a daily basis and do not wish to be treated as a snowflake. :thumbdown:
Question: Why do you take offense to software catering to more than just you in how it interacts with its users? Isn't that exactly the kind of behavior you dislike?... :silent:
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite

Larvell Jones

Re: Want to talk about NoScript? Post here.

Unread post by Larvell Jones » 2019-04-30, 11:19

Moonchild wrote:
2019-04-30, 10:17
Larvell Jones wrote:
2019-04-30, 08:22
With this in mind: Thank you for warning me dear Moonchild crew. But please bear in mind that I am exposed to many risks on a daily basis and do not wish to be treated as a snowflake. :thumbdown:
Question: Why do you take offense to software catering to more than just you in how it interacts with its users? Isn't that exactly the kind of behavior you dislike?... :silent:
Dear Moonchild,

thank you for taking the time to read, approve and answer to my feedback.

My apology if you perceived my message as too personal. I thought I added some flavour to it. I was just trying to gently summarize the pool of negative feedback adjoined with mine. Yet pointing the finger and saying what is bad and that one will leave or refrain from using Palemoon might be a bit too stretched and silly. I agree with the other administrator posting somewhere on this thread.

It would be more of a feedback if one would propose things that could be improved in possible future updates and as such I took my time to actually write down what a perhaps small amount of users perceive as 'patronize'. Do excuse my word choice please, I could have used 'support' instead. Again: I don't wish to be supported by such an exquisite software as Palemoon and I really, honestly, do appreciate its functionality. :thumbup:

Since I have - indirectly - answered your question I shall close by repeating it a bit more on a personal note:

Yes, you are absolutely correct, we all are humans and do bring our emotions into this. But please rest assured that I am not offended. I did actually appreciate the challenge that was given to me. Thank you!

I started using Palemoon years ago due to the NPAPI thing going on. You know security... Then my old version of FF started disallowing addons and told me to use something more modern. Then the same happend with Palemoon, disallowing addons on the page at least. Etc. pp. It's truly mesmerizing to see all these new things happening and all the 'magic' that takes place on smartphones. *cough blokada*

Anyways, my point was that Palemoon is a great thing and it still allows us to be free, in the sense of 'Free as in Freedom'. Please do keep up the good & hard work and perhaps, maybe, just keep some old sacks such as us in mind when coding some new version? That would be just so awesome of all of you amazing developers! :thumbup:

Thanks! Have a great day, I shall go out now and enjoy the first days of summer. [again my apology that I haven't looked up your coordinates, mea culpa]

User avatar
plushkava
Apollo supporter
Apollo supporter
Posts: 46
Joined: 2015-07-31, 04:53
Location: Clown World

Re: Want to talk about NoScript? Post here.

Unread post by plushkava » 2019-05-17, 02:31

kujaw wrote:
2019-01-06, 12:23
If I install NoScript from here (https://noscript.net/getit#classic) will it work with PM? So many topics about it and I'm confused, to be honest.
If you're going to use NoScript at all, then I would suggest getting the version distributed by the Hyperbola project. It cuts out some of the cruft, including the pre-baked whitelist, and tightens up the defaults a little. I recently experimented with it for the first time in years, on account of waiting for one or two issues with eMatrix to be resolved. It works just as well as I remember from back when I used to use Firefox. Obviously, it is still wholly unsupported by the Pale Moon authors.

New Tobin Paradigm

Re: Want to talk about NoScript? Post here.

Unread post by New Tobin Paradigm » 2019-05-17, 02:36

Except, you won't get updates by using that version. I would suggest you not use it at all. As-is that right there is the definition of a rouge edited extension.

User avatar
therube
Board Warrior
Board Warrior
Posts: 1650
Joined: 2018-06-08, 17:02

Re: Want to talk about NoScript? Post here.

Unread post by therube » 2019-05-17, 03:02

Without manually comparing, do they have list of changes they've made?

(No telling if NoScript 5 will update again. But it might :-).
I've made my own hacked version, basically removing or neutering "webex" parts [or at least that was my intent ;-)] as it interfered with browser window opening ordering [along the Windows taskbar - in SeaMonkey 2.49]. PM natively fails at that [as does SeaMonkey 2.53, I think, & current FF, definitely].)

User avatar
plushkava
Apollo supporter
Apollo supporter
Posts: 46
Joined: 2015-07-31, 04:53
Location: Clown World

Re: Want to talk about NoScript? Post here.

Unread post by plushkava » 2019-05-17, 03:49

New Tobin Paradigm wrote:
2019-05-17, 02:36
Except, you won't get updates by using that version. I would suggest you not use it at all. As-is that right there is the definition of a rouge edited extension.
As the 5.x series is pretty much in maintenance mode, I don't mind tracking updates manually but fair enough; that's a valid point. I read the patch before use and was personally satisfied with the changes made.

EDIT: Typo.

User avatar
plushkava
Apollo supporter
Apollo supporter
Posts: 46
Joined: 2015-07-31, 04:53
Location: Clown World

Re: Want to talk about NoScript? Post here.

Unread post by plushkava » 2019-05-17, 04:13

therube wrote:
2019-05-17, 03:02
Without manually comparing, do they have list of changes they've made?

(No telling if NoScript 5 will update again. But it might :-).
I've made my own hacked version, basically removing or neutering "webex" parts [or at least that was my intent ;-)] as it interfered with browser window opening ordering [along the Windows taskbar - in SeaMonkey 2.49]. PM natively fails at that [as does SeaMonkey 2.53, I think, & current FF, definitely].)
Assuming that was in response to me, not that I know of. I believe that the published patch covers the initial fork point and for anything beyond that, you'll just have to use diff.

mekineer

Re: Want to talk about NoScript? Post here.

Unread post by mekineer » 2019-05-22, 03:54

If you are tired of talking about noscript, please do not read this message.

By chance, are most noscript users familiar with Javascript? I don't know Javascript, and I'm wondering if perhaps it's easier to use NoScript if you do.

To make a site work, do you inspect each script's javascript to see what it does, or do you just enable scripts at random (or based on the domain name they come from)? Is it just a matter of trial and error, along with refreshing the site 2 to 5 times?

Do you mostly read material from your favorite sites, or do you search and wander the internet wherever a search engine takes you?

User avatar
Pallid Planetoid
Knows the dark side
Knows the dark side
Posts: 4279
Joined: 2015-10-06, 16:59
Location: Los Angeles CA USA

Re: Want to talk about NoScript? Post here.

Unread post by Pallid Planetoid » 2019-05-22, 04:21

mekineer wrote:
2019-05-22, 03:54
.... To make a site work, do you inspect each script's javascript to see what it does, or do you just enable scripts at random (or based on the domain name they come from)? Is it just a matter of trial and error, along with refreshing the site 2 to 5 times?....
On thing you can do via NoScript is take a look at the "safety" of any one specific request on a specific web page by doing the following (utilizing NoScript):

1) Mouse Middle-Click any one of the requests on a web page (example in this case "Bstart.me"):
Checking out a Script pic1.png
Checking out a Script pic1.png (41.99 KiB) Viewed 1877 times
Which takes you to this page where you can check out the "Security" of that specific web site request by using any one of the links on the page to do so:
Checking out a Script pic2.png
Hence allow the web page request based on what you find on the page above.
Off-topic:
Note: I enabled NoScript to get these screen-shots as I've recently decided to only us uBlock Origin in "Advanced Mode" so I get the following using uBO for this same page:
uBO instead of NS.png
... Which I think is adequate for me. ;)
Current Pale Moon(x86) Release | WIN10 | I5 CPU, 1.7 GHz, 6GB RAM, 500GB HD[20GB SSD]
Formerly user Pale Moon Rising - to provide context involving embedded reply threads.
Good judgment comes from experience and a lot of that comes from bad judgment. - Will Rogers
Knowing Pale Moon is indisputably #1 is defined by knowing the totality of browsers. - Pale Moon Rising

User avatar
Pallid Planetoid
Knows the dark side
Knows the dark side
Posts: 4279
Joined: 2015-10-06, 16:59
Location: Los Angeles CA USA

Re: Want to talk about NoScript? Post here.

Unread post by Pallid Planetoid » 2019-05-22, 04:39

@ mekineer -- I'd say what it really comes down to for the most part in the end (for either NS or uBO for that matter or any other extension of this type i.e. uMatrix for example) is that if you need a website to work you just allow the minimum Web Site requests you have to allow to get the site to work and leave it at that (so the goal is to minimize the requests as much as possible and still have a functional website). After all if it is absolutely necessary to have access to a website then you have to do what you have to for the site to be functional --- so you determine what is absolutely necessary to get what you want out of a site and block as many unnecessary site requests as you can basically via trial and error.
Current Pale Moon(x86) Release | WIN10 | I5 CPU, 1.7 GHz, 6GB RAM, 500GB HD[20GB SSD]
Formerly user Pale Moon Rising - to provide context involving embedded reply threads.
Good judgment comes from experience and a lot of that comes from bad judgment. - Will Rogers
Knowing Pale Moon is indisputably #1 is defined by knowing the totality of browsers. - Pale Moon Rising

mekineer

Re: Want to talk about NoScript? Post here.

Unread post by mekineer » 2019-05-22, 05:06

Pale Moon Rising wrote:
2019-05-22, 04:39
@ mekineer -- I'd say what it really comes down to for the most part in the end (for either NS or uBO for that matter or any other extension of this type i.e. uMatrix for example) is that if you need a website to work you just allow the minimum Web Site requests you have to allow to get the site to work and leave it at that (so the goal is to minimize the requests as much as possible and still have a functional website). After all if it is absolutely necessary to have access to a website then you have to do what you have to for the site to be functional --- so you determine what is absolutely necessary to get what you want out of a site and block as many unnecessary site requests as you can basically via trial and error.
Yeah, I totally agree. I do that with uBO on medium mode, although, I tend to find that I need CDN networks on many different sites, and to reduce my work load, I just whitelist them. Details here. I used NoScript for a short time many many years ago. I'll try it out again.

mekineer

Re: Want to talk about NoScript? Post here.

Unread post by mekineer » 2019-06-21, 03:05

coffeebreak wrote:
2018-10-09, 09:36
Lew Rockwell Fan wrote:anything NoScript can do that uMatrix can't?

Specific protection against cross-site scripting attacks and clickjacking.
Lew Rockwell Fan wrote:How does uMatrix compare to the other extensions with similar names, particularly uBlock Origin?
"Similar names" - same developer.

Starting with a personal view: Nothing, no amount of posted opinion, can replace just installing these extensions and spending time using them and reading the wikis.

uMatrix (uM wiki; most recent xul version, 1.1.4, or see thread on building from newer source):
It blocks or allows categories of requests (cookie | css | image | media | script | XHR | frame) on sites that you designate.

What it has that uBO lacks:
Some cookie management function; and it has some privacy settings that uBO lacks.
Also, v1.1.4 (and earlier) can spoof headers and user agents. Note: UA spoofing was removed in v1.1.14 based on the assessment that this task would be better performed by a dedicated extension.

uBlock Origin (uBO wiki; current xul version, 1.16.4.4):
It's both an adblocker and general purpose "wide-spectrum" blocker (see overview of what it blocks here).
The more general blocking function requires being in advanced mode.

Two things uBO has that uM doesn't: 1) cosmetic filtering (same as ABP-family element hiding function); 2) ability to block or allow individual requests - so eg., scripts from site.B are blocked on site.A, but you can still allow some specific script from site.B even though the others are blocked.
Off-topic:
Lew Rockwell Fan wrote:
ketmar wrote: . . . since when humanity started to loosing ability to get harmless (yet maybe somewhat edgy) jokes?
Hard to say...

This thing you quoted is from five months ago (whoever wants to see it in context, see pg 7 of this thread) -
(it concerned some users' reactions to some language in the release notes for PM 27.9.2, released 2018-05-18).
I'm kind of perplexed about what this quote has to do with anything else in your post. Just sayin'.
Coffeebreak, this is a very informative post. Thank you. I also watched some videos on youtube of people using the uMatrix and NoScript.

I actually thought that you picked out the individual scripts, like, this function yes and that function no. Ha ha. It's either all from a site or nothing, as far as I can tell, when using any of these blockers. I'm content with uBlock medium mode.

If I were to go to advanced mode, I would want to be able to have a list of scripts, and have some heuristics help me pick out which are the coin mining scripts, for example. Although I've loaded up on some coinblocking from https://filterlists.com, because apparently most coin mining scripts are not running natively. By native, I mean relative to the site you are viewing, not a different domain providing scripts to the site in view.

Heuristics is probably too much to ask for.

mekineer

Re: Want to talk about NoScript? Post here.

Unread post by mekineer » 2019-06-22, 17:28

You can block individual scripts on a single site using uBlock Origin:
https://github.com/gorhill/uBlock/wiki/The-logger
Although I don't think it's designed for casual use.

Lew Rockwell Fan

Re: Want to talk about NoScript? Post here.

Unread post by Lew Rockwell Fan » 2019-07-04, 23:42

mekineer wrote:
2019-06-22, 17:28
You can block individual scripts on a single site using uBlock Origin:
https://github.com/gorhill/uBlock/wiki/The-logger
Although I don't think it's designed for casual use.
Spot on. Just when I finally kinda/sorta figured out NoScript enough to make it practical, I added the Ad Nauseum fork of uBlock. I'm a masochist. But, not to discourage anybody, it works fine with default settings while you figure it out. And unlike NoScript, I never managed to screw it up so bad I had to reinstall it.

User avatar
Drugwash
Fanatic
Fanatic
Posts: 217
Joined: 2016-01-28, 12:08
Location: Ploieşti, Romania
Contact:

Just a cosmetic issue

Unread post by Drugwash » 2020-01-01, 20:38

After reading all these pages there is one bit of information that has never been asked and thus has no answer (that I know of):
is there any way at all to remove the warning in the extensions list once the user acknowledged it? It just wastes space and breaks the design.
Screenshot from 2020-01-01 22-18-17a.png
I've been using NoScript for years in Firefox and Pale Moon, under Win98SE, Win XP and now under Linux Mint 19.2 x64 - without any major problems, so it's safe to say I know how to deal with it. At this point, to me - and others like me - the warning has no practical use. So please, if there is any way to remove it, someone do tell. If not, maybe such (hidden?) option could be added in a future release. Not only for NoScript, but for any other similar extensions, if any.

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 35477
Joined: 2011-08-28, 17:27
Location: Motala, SE
Contact:

Re: Want to talk about NoScript? Post here.

Unread post by Moonchild » 2020-01-01, 21:02

Drugwash wrote:
2020-01-01, 20:38
So please, if there is any way to remove it, someone do tell. If not, maybe such (hidden?) option could be added in a future release. Not only for NoScript, but for any other similar extensions, if any.
Sorry, no, the warning is there and will remain there on purpose for NoScript and any other known-problematic extension that should not be silently ignored, no matter if it "works for you" because you "know how to deal with it" (and because you've been lucky that your visited sites don't crash you).
If you insist on running dangerous add-ons, then you will have to deal with getting a permanent warning about them in your list. As you say, it's merely cosmetic, and it has a solid reason to be there.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite

Nightbird
Lunatic
Lunatic
Posts: 279
Joined: 2016-07-18, 21:12

Re: Want to talk about NoScript? Post here.

Unread post by Nightbird » 2020-01-02, 00:08

@ Drugwash
You will get no warning if you disable the add-on security level.
Preferences -> security -> add-on security level -> off (default = medium).
But no add-on will be blocked even if security, stability issue ....
For experienced users only.
Diversity is key.

Those who forget the past are doomed to repeat it.

Locked