Closed
Bug 1166455
Opened 9 years ago
Closed 8 years ago
Reader Mode doesn't work, by default, with NoScript installed
Categories
(Firefox Graveyard :: Reading List, defect)
Firefox Graveyard
Reading List
Tracking
(Not tracked)
RESOLVED
DUPLICATE
of bug 1158071
People
(Reporter: dholbert, Unassigned)
Details
STR: 1. Create a new Firefox profile. Disable e10s, for simplicity. (NoScript works differently with e10s, IIRC) 2. Install NoScript (e.g. by visiting about:addons and searching for NoScript) 3. Visit some page that we can render with reader mode, e.g.: https://blog.mozilla.org/blog/2015/05/18/open-web-device-compliance-review-board-certifies-first-handsets-2/ 4. Click the reader-mode button in URL bar. ACTUAL RESULTS: Blank page with just a button with a "caution-sign" icon. EXPECTED RESULTS: Reader mode version of the page, or an error message about scripts being disabled. The problem is that NoScript is blocking scripts from "about:reader" by default, and reader-mode doesn't expect to have its scripts blocked & has no fallback rendering. Giorgio, IIRC NoScript has a built-in whitelist for some "about:" pages -- perhaps about:reader should be added?
Reporter | ||
Comment 1•9 years ago
|
||
(In reply to Daniel Holbert [:dholbert] from comment #0) > Giorgio, IIRC NoScript has a built-in whitelist for some "about:" pages -- > perhaps about:reader should be added? (Independently of this, it'd perhaps be nice for about:reader to have a <noscript> tag that displays an error message when its scripts are disabled. Though if this is a slam-dunk for adding to the NoScript default whitelist, maybe that's not worth it.)
Flags: needinfo?(g.maone)
Comment 2•9 years ago
|
||
I don't feel very comfortable with the idea of adding about:reader to the default whitelist, because as far as I know this feature relies on sanitization to neutralize scripting in markup from the original page which gets otherwise inserted into the DOM rendered as "about:reader". May I suggest this to use event handlers wired by privileged code (a frame script or a sandbox script?), rather than scripts living in the same context as the user-provided (and potentially hostile) HTML to be rendered?
Flags: needinfo?(g.maone)
Reporter | ||
Comment 3•9 years ago
|
||
(In reply to Giorgio Maone from comment #2) > I don't feel very comfortable with the idea of adding about:reader to the > default whitelist, because as far as I know this feature relies on > sanitization to neutralize scripting in markup from the original page Yeah, I was worried about that too :-/ Also, I left out version info -- I'm hitting this with latest Nightly 41.0a1 (2015-05-19), with NoScript 2.6.9.22, on Ubuntu Linux 15.04.
Comment 4•9 years ago
|
||
This looks like Bug 1158071.
Assignee | ||
Updated•8 years ago
|
Product: Firefox → Firefox Graveyard
Status: NEW → RESOLVED
Closed: 8 years ago
status-firefox41:
affected → ---
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•