Frames GUI issue: subdomain/other domain is not suggested in GUI

hackademix / noscript

The popular NoScript Security Suite browser extension.

https://noscript.net/

GNU General Public License v3.0

852 stars 91 forks source link

Frames GUI issue: subdomain/other domain is not suggested in GUI #274

Open KOLANICH opened 1 year ago

KOLANICH commented 1 year ago

there is a page like

<-- 1.domain.com -->
<noscript><iframe src="https://1.domain.com/frame.html"></iframe></noscript>

NoScript suggests to adjust settings for domain.com. I enable frames:

"§:domain.com": {
    "capabilities": [
        "fetch",
        "noscript",
        "frame"
    ],
    "temp": true
}

The frame doesn't work, Blocked by NoScript in Network tab.
I copy the config item, but add 1. in front. Everything starts working.

hackademix commented 1 year ago

That looks like a bug.

Is NoScript Options > Appearance > [ ] List full addresses in the permissions popup (https://www.noscript.net) checked or not (the latter being the default).

KOLANICH commented 1 year ago

It was unchecked. I has changed that, and it has solved the issue.

2BH IDK why that "feature" (hiding subdomains) has been introduced in the tool for power users.

KOLANICH commented 1 year ago

Thank you.

hackademix commented 1 year ago

It was unchecked. I has changed that, and it has solved the issue.

I consider it as a bug nonetheless. In the default "show top domains only" you shouldn't be stuck because of a subdomain, it should just work by tweaking permissions on ...domain.com.

2BH IDK why that "feature" (hiding subdomains) has been introduced in the tool for power users.

It's always been the default (also in NoScript "Classic") because it makes day to day operation much easier and faster and reduces users' cognitive load, without significantly lessening security in most cases.