NFN Smith wrote:
stan pierce wrote:
Found the problem by disabling No Script. Then it works. Any way to set
No Script so I don't have to turn it off every time I want to use my
bank program?
That's a pretty common thing to see, if you're running NoScript. There's
lots of sites that are script-heavy, especially ones that are there to
facilitate consumer-grade commerce. It's remarkable how many sites seem
to find it necessary to entertain you with animation and other
eye-candy, when it's not relevant to the site content. And of course,
there's lots of scripting that happens to facilitate ad delivery,
tracking and that kind of stuff. And there's legitimate uses for
scripts as well. In particular, for sites that require you to
authenticate yourself (especially banks and sites that handle credit
cards), it's common that the scripting is there to facilitate
authenticate processes. From that perspective, there's a similarity to
cookies -- you may need to allow cookies to authenticate yourself, but
at the same time, you don't need to allow third-party tracking cookies.
And at a lot of sites, even if you need to allow cookies for
www.example.com, it's safe to block cookies for metrics.example.com.
If you have NoScript installed, then there should be an icon for that at
the toolbar at the bottom of your Seamonkey window. Clicking there
shows a list of all the scripts at the page that you're looking at, and
their status, whether enabled or disabled. Options there include
temporary whitelisting, permanent whitelisting, or revoking temporary
whitelisting, both globally and for individual script engines.
Depending on the situation, I may temporarily whitelist everything, or I
may whitelist only individual sources. I find it remarkable the number
of sites that use ajax.googleapis.com, and sometimes, I can get what I
need by temporarily whitelisting just that one. And for a lot of sites,
I may permanently whitelist scripts that are delivered by the site
itself. Thus, for your particular example, if your bank is
hostiletakeoverbank.com, you might want to permanently whitelist them,
even if you don't whitelist some of the other other scripts, or
temporarily whitelist them, one at a time.
One other thing that I've found with script blocking is that sometimes
essential scripts are dependent on other scripts. Thus, at some sites,
I have to temporarily enable scripts two or three times, as some of the
scripts don't show up (and be blocked by NoScript) until other scripts run.
The other thing that you can do with tuning NoScript, is that you can
customize the navigation toolbar, by dragging NoScript-specific icons
there. That's often easier than using the NoScript icon at the bottom of
the screen. On my own installation, I have both "Temporarily Allow all
this Page" and "Revoke Temporary Permissions" next to the address bar,
and I use both frequently.
Smith
I used Options/Advanced/XSS and set it to Sanitize cross-site suspicious
requests. With this setting, the bank login works. Is this a reasonable
way to handle the problem?
Stan
_______________________________________________
support-seamonkey mailing list
[email protected]
https://lists.mozilla.org/listinfo/support-seamonkey
