search

hackademix / noscript

The popular NoScript Security Suite browser extension.
https://noscript.net/
GNU General Public License v3.0
852 stars 91 forks source link

Broken noscript popup when clicking some links on Firefox beta #259

Closed foenyx closed 2 years ago

foenyx commented 2 years ago

( Linux / Firefox beta 105.0b6, private mode / NoScript 11.4.10)

I'm encountering a weird and unpleasant behaviour lately. All worked fine for years, but symptoms started some weeks ago, dunno if it's from a recent update or a miss-click somewhere in noscript configuration. Sadly did not find an exact repro yet, but here are the symptoms :

  1. Often when I click on a link (maybe leading to another domain, not sure as it's haphazard ) :
    • the tab is stuck on the loading phase (the tab icon keep playing the loading animation) probably suspended by noscript
    • a broken noscript popup opens (noscript logo, some unresponsive radio/ok/cancel buttons, no text) 2022-09-03_noscript
  2. I have to copy-paste the url and click consult or press enter, to have the tab to successfully load.

Using the firefox inspector on the broken popup I spoted this in the console :

Uncaught (in promise) TypeError: bg is null

moz-extension://ec9dccb2-44c2-425c-b175-2f526a3999f5/ui/prompt.js:25 moz-extension://ec9dccb2-44c2-425c-b175-2f526a3999f5/ui/prompt.js:25 prompt.js:25:19

I hope this report is somehow helpful.

nmlt commented 2 years ago

This seems to be the "potential identity leak" protection which you can disable in settings under the "advanced" tab.

On MacOS, the window has text, but plays terribly with the full screen mode: The window spawns on the wrong desktop, forcing you to change to that desktop and then back to your current window. Even worse if you have multiple Firefox windows open.

I really think this feature should be disabled per default for now.

hackademix commented 2 years ago

The dialog being broken this way is obviously not intended, and after some investigation I guess the reporter is using browser.privatebrowsing.autostart set to true, which triggers https://bugzilla.mozilla.org/show_bug.cgi?id=1329304 and breaks all NoScript's dialogs (the embedding object activation and the XSS warning as well). I'm gonna implement a work-around in 11.4.11, stay tuned.

hackademix commented 2 years ago

Fixed in 11.4.11rc2, thank you.