Websites can't know if JavaScript or cookies are disabled

[baptx]

When using uMatrix and blocking JavaScript, a website thinks JavaScript is enabled so the <noscript> HTML tag does not have any effect. A website could fail to provide informations when JavaScript is disabled. Example: https://www.w3schools.com/TAGs/tryit.asp?filename=tryhtml_noscript

The same problem happens with cookies disabled, a website thinks cookies are enabled so the navigator.cookieEnabled property will return true. Switching language on DuckDuckGo search engine should work with cookies disabled but it fails since it tries to use cookies if enabled. Example: https://www.w3schools.com/jsref/tryit.asp?filename=tryjsref_nav_cookieenabled

The browser extensions NoScript and Cookie Monster I used previously did not have this problem. I started using uMatrix so I can also prevent CSRF and protect privacy by blocking third-party requests (like RequestPolicy addon which is not compatible as WebExtension with Firefox Quantum yet). uMatrix addon is interesting but this issue can break websites behaviour so I hope it will be fixed.

[gorhill]

<noscript> tags: duplicate of #319.

Cookies are not disabled browser wide with uMatrix, so this is the expected behavior. If you want the navigator.cookieEnabled to be false, disable cookies through your browser settings.

[gorhill]

Regarding <noscript>, it's same as with your second point, uMatrix does not disable javascript browser-wide. I intend to eventually put a master switch for javascript, independant of the matrix, but the webext API does not support chrome's contentSettings API, and thus it's not possible to disable javascript with current Firefox such that the noscript tags get rendered.

[baptx]

For the cookies, it is no convenient to disable them via the browser settings (we have to do 6 clicks instead of 2 via the addon interface) and the preferences will be reset when we clear all the browser history. Cookies should be disabled on a domain basis like JavaScript through the addon interface. For the latest Firefox, NoScript addon can disable JavaScript and support <noscript> HTML tags so it is using a different API? I think it will be possible to really disable cookies when contentSettings API will be supported: https://bugzilla.mozilla.org/show_bug.cgi?id=1291841 The issue I created could be reopened and renamed to block cookies correctly in a future version. Eventually, there could be an option to have the current behaviour that websites don't know if JavaScript or cookies are disabled, which could prevent censorship in some cases if we don't want to enable them.

[gorhill]

I can't globally disable cookies from the matrix itself, it has to be a master switch: the matrix allows any sort of combinations of allow/block rules on a per domain basis, and this can only be evaluated on the fly, not in advance. This can't be reflected in a single variable such as navigator.cookieEnabled, it has to be a master switch, and I do not intend to have such feature for cookies, best is that you find an extension dedicated to this.

[Remu-rin]

For the latest Firefox, NoScript addon can disable JavaScript and support

Really? https://hackademix.net/2017/11/21/noscript-1011-quantum-powerball-finish-and-rebooting/#comment-38450

1. The difference in site rendering when scritps are disabled is due to the

[gorhill]

NoScript addon can disable JavaScript and support <noscript> HTML tags so it is using a different API?

I am guessing NoScript is doing what uMatrix/HTTPSB used to do? To replace noscript tags with div ones. I removed that workaround in uMatrix because this can also cause negative side effects.

Addendum: apparently this was caused by Google's "Instant Search Feature", which no longer exists.