Reader Mode doesn't work, by default, with NoScript installed

RESOLVED DUPLICATE of bug 1158071

Status

Firefox Graveyard
Reading List
RESOLVED DUPLICATE of bug 1158071
2 years ago
a year ago

People

(Reporter: dholbert, Unassigned)

Tracking

Trunk

Details

(Reporter)

Description

2 years ago
STR:
 1. Create a new Firefox profile. Disable e10s, for simplicity.
  (NoScript works differently with e10s, IIRC)

 2. Install NoScript (e.g. by visiting about:addons and searching for NoScript)

 3. Visit some page that we can render with reader mode, e.g.:
https://blog.mozilla.org/blog/2015/05/18/open-web-device-compliance-review-board-certifies-first-handsets-2/

 4. Click the reader-mode button in URL bar.

ACTUAL RESULTS:
Blank page with just a button with a "caution-sign" icon.

EXPECTED RESULTS:
Reader mode version of the page, or an error message about scripts being disabled.


The problem is that NoScript is blocking scripts from "about:reader" by default, and reader-mode doesn't expect to have its scripts blocked & has no fallback rendering.


Giorgio, IIRC NoScript has a built-in whitelist for some "about:" pages -- perhaps about:reader should be added?
(Reporter)

Comment 1

2 years ago
(In reply to Daniel Holbert [:dholbert] from comment #0)
> Giorgio, IIRC NoScript has a built-in whitelist for some "about:" pages --
> perhaps about:reader should be added?

(Independently of this, it'd perhaps be nice for about:reader to have a <noscript> tag that displays an error message when its scripts are disabled. Though if this is a slam-dunk for adding to the NoScript default whitelist, maybe that's not worth it.)
Flags: needinfo?(g.maone)

Comment 2

2 years ago
I don't feel very comfortable with the idea of adding about:reader to the default whitelist, because as far as I  know this feature relies on sanitization to neutralize scripting in markup from the original page which gets otherwise inserted into the DOM rendered as "about:reader".
May I suggest this to use event handlers wired by privileged code (a frame script or a sandbox script?), rather than scripts living in the same context as the user-provided (and potentially hostile) HTML to be rendered?
Flags: needinfo?(g.maone)
(Reporter)

Comment 3

2 years ago
(In reply to Giorgio Maone from comment #2)
> I don't feel very comfortable with the idea of adding about:reader to the
> default whitelist, because as far as I  know this feature relies on
> sanitization to neutralize scripting in markup from the original page

Yeah, I was worried about that too :-/

Also, I left out version info -- I'm hitting this with latest Nightly 41.0a1 (2015-05-19), with NoScript 2.6.9.22, on Ubuntu Linux 15.04.
This looks like Bug 1158071.
(Assignee)

Updated

2 years ago
Product: Firefox → Firefox Graveyard

Updated

a year ago
Status: NEW → RESOLVED
Last Resolved: a year ago
status-firefox41: affected → ---
Resolution: --- → DUPLICATE
Duplicate of bug: 1158071
You need to log in before you can comment on or make changes to this bug.