The default bug view has changed. See this FAQ.

Reader Mode doesn't work, by default, with NoScript installed

RESOLVED DUPLICATE of bug 1158071

Status

Firefox Graveyard
Reading List
RESOLVED DUPLICATE of bug 1158071
2 years ago
9 months ago

People

(Reporter: dholbert, Unassigned)

Tracking

Trunk

Details

(Reporter)

Description

2 years ago
STR:
 1. Create a new Firefox profile. Disable e10s, for simplicity.
  (NoScript works differently with e10s, IIRC)

 2. Install NoScript (e.g. by visiting about:addons and searching for NoScript)

 3. Visit some page that we can render with reader mode, e.g.:
https://blog.mozilla.org/blog/2015/05/18/open-web-device-compliance-review-board-certifies-first-handsets-2/

 4. Click the reader-mode button in URL bar.

ACTUAL RESULTS:
Blank page with just a button with a "caution-sign" icon.

EXPECTED RESULTS:
Reader mode version of the page, or an error message about scripts being disabled.


The problem is that NoScript is blocking scripts from "about:reader" by default, and reader-mode doesn't expect to have its scripts blocked & has no fallback rendering.


Giorgio, IIRC NoScript has a built-in whitelist for some "about:" pages -- perhaps about:reader should be added?
(Reporter)

Comment 1

2 years ago
(In reply to Daniel Holbert [:dholbert] from comment #0)
> Giorgio, IIRC NoScript has a built-in whitelist for some "about:" pages --
> perhaps about:reader should be added?

(Independently of this, it'd perhaps be nice for about:reader to have a <noscript> tag that displays an error message when its scripts are disabled. Though if this is a slam-dunk for adding to the NoScript default whitelist, maybe that's not worth it.)
Flags: needinfo?(g.maone)

Comment 2

2 years ago
I don't feel very comfortable with the idea of adding about:reader to the default whitelist, because as far as I  know this feature relies on sanitization to neutralize scripting in markup from the original page which gets otherwise inserted into the DOM rendered as "about:reader".
May I suggest this to use event handlers wired by privileged code (a frame script or a sandbox script?), rather than scripts living in the same context as the user-provided (and potentially hostile) HTML to be rendered?
Flags: needinfo?(g.maone)
(Reporter)

Comment 3

2 years ago
(In reply to Giorgio Maone from comment #2)
> I don't feel very comfortable with the idea of adding about:reader to the
> default whitelist, because as far as I  know this feature relies on
> sanitization to neutralize scripting in markup from the original page

Yeah, I was worried about that too :-/

Also, I left out version info -- I'm hitting this with latest Nightly 41.0a1 (2015-05-19), with NoScript 2.6.9.22, on Ubuntu Linux 15.04.
This looks like Bug 1158071.
(Assignee)

Updated

a year ago
Product: Firefox → Firefox Graveyard

Updated

9 months ago
Status: NEW → RESOLVED
Last Resolved: 9 months ago
status-firefox41: affected → ---
Resolution: --- → DUPLICATE
Duplicate of bug: 1158071
You need to log in before you can comment on or make changes to this bug.