Cara Install Script Di Greasemonkey For Firefox
1 - general 1.1 1.2 1.3 1.4 1.5 1.6 1.7 1.8 1.9 1.10 1.11 1.12 1.13 1.14 2 - installing / uninstalling / migrating / updates 2.1 2.2 2.3 2.4 2.5 2.6 2.7 3 - troubleshooting 3.1 3.2 3.3 3.4 3.5 3.6 3.7 3.8 3.9 3.10 3.11 3.12 3.13 3.14 3.15 3.16 3.17 3.18 3.19 3.20 3.21 3.22 3.23 3.24 3.25 3.26 4 - XSS 4.1 4.2 4.3 4.4 4.5 4.6 4.7 4.8 5 - tips and tricks 5.1 5.2 5.3 5.4 5.5 5.6 6 - HTTPS 6.1 6.2 6.3 6.4 6.5 6.6 7 - ClearClick and Clickjacking 7.1 7.2 7.3 7.4 7.5 8 - ABE 8.1 8.2 8.3 8.4 8.5 8.6 8.7 8.8 8.9 8.10 8.11 8.12 8.13. 1.4 Q:Can adblockers work with NoScript?A:Even if NoScript does block many advertisements as a side effect,its main focus is on security, hence it misses some fine-grained controls over ads deliverywhich you can find in proper adblocking products.On the other hand, NoScript provides unique protection features against Web-based attacks, such as XSS or Clickjacking, anda high level of reliability, which are not available in adblockers.Therefore NoScript and adblockers, such as Adblock Plus or uBlock, complement each other.You can use them together for a secure and quiet browsing. 1.5 Q:What websites are in the default whitelist and why?A:If you're a security-minded user, you probably want to build your own customized whitelistsuiting your needs and keep it as short as you can.Therefore, when you install NoScript for the first time, you've got a very short default whitelist of sites you can:. chrome:It can't be removed because it is the privileged pseudo-protocolused by Firefox internal scripts: disabling it would prevent the browser itself from working. about:xyz, moz-safe-about:, resource:A bunch of internal pseudo URLs. They can't be removed because they help your browser to work as expected.
blob:, mediasource:Internal pseudo URLs identifying content generated by a script. They can't be removed because if you have these on a page, you already allowed the script generating them, so no point treating them separately. about:pocket.Internal URLs of the Pocket service, distributed as part of Firefox. addons.mozilla.org and mozilla.netThe add-ons Mozilla website and the domain serving its static content for performance reasons. 1.6 Q:What is that weird sound that I hear when I open a web page?A:This is a sound that Markus kindly offered me while suggesting to provideaudio feedback notifying when pages containing. 1.7 Q:Have I got to disable JavaScript from Firefox options to browse safely with NoScript?A:You must not disable JavaScript in Firefox!
NoScript will allow/forbid scripts, but they haveto be kept enabled by default, as it almost always is.On Firefox 24 or above this is a hidden about:config preference( javascript.enabled) which must preserve its default true value.On older Firefox versions only (23 or below) you may want to check thatTools Options Content Enable JavaScript. option is still checked (JavaScript enabled),otherwise JavaScript is disabled everywhere even if allowed by NoScript. 1.9 Q:Why can I sometimes see about:blank and/or wyciwyg: entries in my NoScript menu?
1.11 Q:What is a trusted site?A: A 'trusted site' is a site whose owner is well identifiable and reachable,so I have someone to sue if he hosts malicious code which damages or steals my data.If a site qualifies as 'trusted', there's no reason why I shouldn't allow JavaScript, Java or Flash. 1.12 Q:When I enable 'JavaScript' globally, Java and Flash are enabled too. 2.4 Q:Where's my NoScript configuration stored? How can I backup or migrate it? How can I reset it?A:Your NoScript configuration, including permissions (whitelist/blacklist) and other settings, is stored together with all your Firefox preferences,inside your ( prefs.js file). Whenever you backup your browser profile, you are saving the whole NoScript configuration as well. If you want a copy of your whitelist alone as a text file, which you can transfer to other profiles or computers, you can use theExport and Import commands from NoScript Options Whitelist.
In the same options tab you can remove some or all your whitelist entries. If you want to backup your whole NoScript configuration and permissions, you can use the Export and Import buttons at the bottom of the Options dialog. 2.5 Q:I don't like NoScript redirecting the browser on its release notes page every time I upgrade it. 2.7 Q:I've just upgraded from Firefox 3.6 or Firefox 28, and NoScript icon disappeared or is not where it used to be anymore. What's going on?A:Firefox 4 has removed the so called 'Status Bar', i.e.
The panel on the bottom of the browser window where most add-ons(including NoScript) used to place their icons. 3.1 Q:Since I installed NoScript some Firefox crashes happen. What can I do?A:Upgrade to most recent stable Firefox version.
3.3 Q:I can't use hotmail (gmail, name.your.mail) / ebay / my online bank account. What's happening?A:Those services use JavaScript intensively also in subframes and dialogs which not necessarilyhave the same URL as the login page. Easiest (even if not safest) thing you can do to fixyour problem is right-clicking on the page, opening the NoScript menu and Allowing the base domain (i.e. 3.4 Q:I met a page where a movie clip is supposed to be played, but I get a popup saying thatthe Windows Media Player (WMP) plugin has performed an illegal operation. If I uninstall NoScript,this doesn't happen.
What's going on?A:This is (was?) a Windows Media Player (WMP) plugin bug, not a NoScript problem.On some pages, WMP crashes if JavaScript is not enabled.If you uninstall NoScript but disable JavaScript using the built-in Firefox interface, you getthe very same error. A work-around is keeping WMP disabled on untrusted sites, usingNoScript Options Advanced Untrusted Forbid other plugins.Good news is that this bug seems to be fixed in the, so you should just need to upgrade. 3.6 Q:I've just upgraded to or reinstalled Mozilla Suite / SeaMonkey 1.x, and NoScript has ceased working. I can still see icons and all, but when I click they do nothing!A:Due to a limitation in Mozilla Suite and SeaMonkey 1.x (both lack true extensions support, introduced with Firefox),addons delivering their own XPCOM components (such as FlashGot, NoScript, FoxyTunes, ColorZilla and many others) must be reinstalled every time you install/upgrade your browser.Just reinstall NoScript as an administrator or root if needed (see if you're wondering why) and everything should be fine again.(That answer does not apply to SeaMonkey 2.x and above. If you are running a current version of SeaMonkey, scan your system for malware; if that comes out clean, you probably have an extension conflict, so try to isolate and correct the cause.). 3.7 Q:I've got troubles with Yahoo / Yahoo! Mail, but they go away when I disable NoScript or allow scripts globally.What should I do to selectively allow Yahoo?A: You just need to allow the following entries from the NoScript contextual menu:.
yahoo.com. yimg.comAdvanced users may want to be more restrictive than this, but the above will catch all the Yahoo services.Yahoo! Mail attachments:Yahoo!
Launchesattachment downloads in an invisible frame from a different domain (usually an IP starting with '216.' ).Therefore, if the file is of a kind handled by Firefox plugins (e.g.
PDF, MP3 or WMV),it will get blocked by NoScript. After the first download fails, please check your NoScript menu and selectthe Allow 216.xxx.yyy.zzz command you'll find there. Mail attachment download will just work.Notice that if you've got NoScript Options Embeddings Apply these restrictions to trusted sites as well checked(not the default), you'll need to use Blockable Objects Temporarily allow.@instead. 3.8 Q:I am using Firefox 27 (or below) and I cannot copy and paste formatted text in a rich text field (e.g.
My webmail composer or my CMS editor).The suggested remedies (setting some capability.policy preference or using the AllowClipboard Helper extension) do not work. Is this caused by NoScript?A:Those 'suggested remedies' are not compatible with NoScript, but enabling clipboard operations on trusted sites is even simpler: just open NoScript Options Advanced and check the Allow rich text copy and paste from external clipboardpreference in the 'Additional permissions for trusted sites' section.Don't forget to uninstall the AllowClipboard Helper extension and remove the clipboard-related capability.policy entriesfrom your preferences files. 3.11 Q:One of the NoScript keyboard shortcuts overrides a shortcut used by another important extension of mine (e.g.
Web Developer). 3.14 Q:Why do recent NoScript versions prevent me from using XMLHttpRequest in the Firebug console on untrusted sites?A:Older versions of Firebug uses various hacks to allow JavaScript interactive execution for web developers in the 'apparent' context of sites whereJavaScript is otherwise disabled (e.g. By NoScript).Unfortunately one of these hacks, which allows XMLHttpRequest usage, doesn't work if the noscript.forbidDatapreference is set to true.Just toggle it to false and Firebug will fully work again.Notice that this change doesn't imply any special security weakening, as long as is kept enabled.In current versions of Firebug, its console does not work on pages where JavaScript is disabled.
You need to open the NoScript menu and (Temporarily) allow the main site for it to work. 3.16 Q:I get an 'Unresponsive Script' message from Firefox on some page or on startup. If I disable NoScript, it doesn't happen. What does it mean?A:The message you're getting is usually related to poor coded JavaScript in web pages.Under normal circumstances, you should get far less messages like that since you install NoScript (by logic).However, since Firefox extensions are written in JavaScript too and NoScript doesn't block scripts living outside web pages(i.e. The browser components, included extensions), if one of them misbehaves you get that message as well.Now the tricky part: some extensions don't like JavaScript being disabled for web pages.
Most of them simply refuse to work, buta very few enter infinite loops and cause the 'Unresponsive Script' message to pop up.One known offender is the Background Music (BGM) extension.If you've got it, you may need to choose: music or security?Otherwise, please use theprocedure to find the culprit.If you can't isolate a misbehaving extension, you may want tofollow the other advices. 3.20 Q:Some Ubiquity features are not working when NoScript is installed. What can I do?A:Most Ubiquity features work just fine with NoScript out of the box. However some Ubiquity actions depend on certain web sites to be allowed.The map command, for instance, requires you to add the following sites to your whitelist:. about:ubiquity. mozilla.com. google.com (they're Google Maps, after all.).
j.maxmind.com (Ubiquity imports a geoip script from there)In some configurations, allowing file:// may be needed too. 3.21 Q:I use a NoScript version between 1.9.2.3 and 1.9.2.5 (inclusive). 4.2 Q:Looks like the Anti-XSS feature causes problems with URLs containing some characters such as. 4.4 Q:Can I bypass Anti-XSS filters for certain web pages?A:If you're a bit of the 'geek' type, you know and you're very confident the target web page is immune to XSS vulnerabilities,you can tweak the NoScript Options Advanced XSS Anti-XSS Protection Exceptions rules, i.e.
4.6 Q:Why does NoScript block documents loaded from jar: URLs?A: Notice: NoScript 2.0.9 and above removed this feature because the same protection is now available by means ofother more transparent countermeasures, both from Firefox = 3.0 and from NoScript itselfAs part of its anti-XSS protection, since version 1.1.7.8 NoScript prevents JAR resources from being loaded as documents:loading documents from within JAR files brings a serious XSS risk on every site allowing JAR filesto be uploaded by users or, very common, allowing open redirects, e.g. See,and for further references.You can control JAR blocking from the.Notice that this feature doesn't depend on your whitelist, i.e. It works on every site, nomatter if you allowed it to run JavaScript or not.
4.7 Q:Why are Flash applets originating from trusted sites (e.g. 5.2 Q:When I change permissions, all the affected tabs/windows are reloaded, and sometimes this is annoying.I know I could turn off automatic reloading fromNoScript Options General, but can I disable it for background tabs/windows but keep it for the current tab only?A:Yes, you can: just check the 'Reload the current tab only' option in NoScript Options General, right under the automatic reload checkbox.You have even more control of when NoScript should automatically reload pages in. Here's a list of all the reload-related noscript options:. noscript.autoReloadenables/disables autoreload for any action. noscript.autoReload.globalenables/disables autoreload for Allow scripts globally.
noscript.autoReload.allTabsif set to false, only the current tab is reloaded. noscript.autoReload.allTabsOnGlobalif set to false (default), only the current tab is reloaded if you allow script globally. noscript.autoReload.allTabsOnPageActionif set to false, only the current tab is reloaded when you use bulk permission change commands (e.g. Allow all on this page). 5.4 Q:I'm worried by the fact some sites require the akamai.net domain to be whitelisted.
I'd prefer not to allow it everywhere,but only on some parent sites I trust. How can I do it?A:You can use to this effect, by adding the following rule to yourNoScript Options Advanced ABE USER ruleset:Site.akamai.netAccept INCLUSION from SELFAccept INCLUSION from.trusted-site1.com.trusted-site2.com trusted-site3.comDenyNotice the leading dot '.' Before domains, which is syntactic sugar for site.com.site.com, i.e. A domain and its subdomains.It should also be noted that, independently from this rule, external scripts are never loaded from pages which don't belong to awhitelisted site, hence no malicious website you didn't explicitly whitelisted could execute scripts from akamai.net anyway. 5.5 Q:Why doesn't the NoScript menu disappear automatically after I allow/forbid one site?A:NoScript 1.8.4 introduced a long awaited enhancement for allowing multiple script sources on the same page at once, called the 'sticky' UI.Now if you open the NoScript menu by left clicking on a NoScript icon, or using the ctrl+shift+Skeyboard shortcut, you get the new 'sticky' behavior, i.e. You can change multiple permissions withoutclosing the menu and causing a page refresh.
6.1 Q:What's HTTPS and why is that important for NoScript users?A:stands for 'Hypertext Transfer Protocol over Secure Socket Layer', and you can figure it as HTTP(the protocol you usually retrieve web pages with) over a secure encrypted connection.It is meant to protect you from eavesdroppers and.An important feature of HTTPS is that if a web site has a valid digital certificate for its identity, as verified automatically by your browser, you can be reasonably sureit is the one it says to be. 6.3 Q:Can NoScript force some sites to always use HTTPS?A:Yes, just open NoScript Options Advanced HTTPS Behavior, entering the sites you want to force in the topmost box,and those you want to always leave alone in the bottom one.You can use space-separated simple strings, which will be matched as 'starts with.'
, glob patterns like.noscript.net and full-fledged regular expressions.If, for instance, you want HTTPS to be forced on every Google application excluding Search and iGoogle, you can put.google.comin the 'Force' box andwww.google.com/search www.google.com/igin the 'Never' box (the latter can be of course rewritten as a ^https?://www.google.com/(?:search ig)b. regular expression).Notice that NoScript provides also.
6.4 Q:What can NoScript do against HTTPS cookie hijacking?A:HTTPS cookie hijacking happens when a site sets sensitive cookies (e.g. Those identifying authenticated sessions) over HTTPS connections but 'forgets'to flag them as 'Secure'. This means that subsequent unencrypted (non-HTTPS) requests for the same site will leak the session cookies away,even if you logged in securely.NoScript provides means to mitigate this issue, configurable in NoScript Options Advanced HTTPS Cookies.If Enable Automatic Secure Cookies Management is checked,NoScript will try to 'patch' insecure cookies set by HTTPS sites on the fly:.
If the site matches the ' Ignore unsafe cookies.' Pattern list, NoScript letsits cookies pass through untouched. If the site matches the ' Force encryption for all the cookies.' Pattern list, NoScript appends a';Secure' flag to every non-secure cookie set by this response. Otherwise, NoScript just logs unsafe cookies BUT if no secure cookieis set in a HTTPS transaction setting other (unsafe) cookies, NoScript patches all these cookies with ';Secure' like in #2.However, if a navigation from an encrypted to a non-encrypted part of the same site (i.e. Sharing the same cookies)happens in the same tab, NoScript removes its ';Secure' patch toensure compatibility.
When it happens, this event is logged to the Error Console, along with a recommendationto try forcing HTTPS by listing this site in the HTTPS Behavior Force section. 6.5 Q:Since I've got Automatic Secure Cookie Management enabled I cannot login on some sites. 7.1 Q:What is Clickjacking?A:The word 'Clickjacking' has been coined byand,two security researchers (and, incidentally, NoScript users) which back in September 2008 had been prompted by Adobe to withdrawa speech about this matter because it revealed a critical exploitable flaw in the Flash player.The concept itself is not new, though, even if there was no previous systematic research.In facts, with 'Clickjacking' we designate a class of attacks (also known as 'UI Redressing') which consist in hidingor disguising an user interface element from a site you trust (e.g. 7.2 Q:How can I protect myself from Clickjacking / UI Redressing attacks?A:If you're not an user of Mozilla Firefox or of another recent Gecko-based web browser,your pretty much out of luck: you would need to disable plugins and IFrames, which is always impractical and sometimes impossible,since most browsers have no mean to do it selectively.is a real pain and never 100% effective.On the other hand,if you use Firefox you can install the free and open source NoScript extension (yes, this one), which provides the only viable and safe protection available today:the technology. 7.3 Q:How does NoScript protect me from Clickjacking / UI-redressing attacks?A:Default protections that NoScript has provided for a long time, i.e. JavaScript and plugin blocking can prevent most clickjacking attacks.In older version, though, to be 100% protected against Clickjacking you needed to enable the and possiblyNoScript options.Fortunately, since, NoScript provides a new default kind of protection calledno matter if you block frames or not. Even better, ClearClick can protect you from Clickjacking / UI-redressing attack independently from JavaScript and plugins blocking:you can even Allow scripts globally (which is not recommended anyway), and your ClearClick still works.
I've written a about a script of mine which aims to enhance the read later list this page in general. Unfortunately, as I didn't have the notion or muse yet to sign up at userscripts.org, the script is only in text form there in the post.
I can see how this would raise the question on how to install it.So how would you install a Greasemonkey script that is only in text form? This little checklist applies to all such scripts (I don't think there are many, I might be the only one because I'm lazy)!
I'm also going to assume that your Browser already has the Greasemonkey addon installed. Wouldn't make much sense any other way.
I'm not sure if the following works on Chrome, as I've only tested it on Firefox.1. Copy the entire script into the clipboard. This includes the header part, it should start with '// UserScript'2. Create an empty file (A normal text file will do fine) anywhere on your PC, and paste the script from your clipboard into the file and save.3. Now we have to rename the file. As we have to change the file extension, you have to disable the Windows Explorer option to hide file extensions!
Name the file after the name of the script, which is found in the header part of the script after the '@name' identifier. Replace every space with underscores. Then add '.user.js' after the name. For example: If the script has the name 'FiMFiction Enhancer', the file should be 'FiMFictionEnhancer.user.js', not 'FiMFiction Enhancer.user.js.txt' or any variation!4. This is the script like you'd download it from userscripts.org. To finally install it, just open it in Firefox.
Right clicking and choosing Open With-Firefox or, in Firefox, clicking File-Open will do just fine. If you've made no mistakes, then Firefox will recognize this as a valid user script and present you with a dialog to install the script.5.
Click on Install. You can now delete the file that you created if you want, but the script should now be working.That wasn't to hard, was it? Once you know how to, it becomes easy If you want to, and know a little bit about JavaScript or programming in general, you can even modify the script to your liking before you install it! Neat, isn't it? (You can do that with already installed scripts, too, so this is no advantage.)I hope this cleared some questions!
In the future, I might just as well finally register on userscripts.org. Thanks^^ Well, I've never looked into the code of FimFiction enhancements 10 so I can't say for sure. My guess is that knighty changed the html-code in a way that the userscript no longer recognizes comment boxes on stories, so it won't add the emoticons. The script also broke various other things for me after the site update, so I uninstalled it. I didn't look, but maybe there is a new version on userscripts.org, and the auto-updater doesn't update, for some reason? If that's the case, make a manual update/reinstall and try again.
Cara Install Script Di Greasemonkey For Firefox Mac
If nothing changes, though, I'd say that FimFiction enhancements are just out of date and maybe even no longer updated. Would make sense, seeing as pictures are hidden automatically now, which makes these emoticons kind of useless in my eyes. They were cool while they worked, though! I just had the idea for an enhancement script that automatically opens all image boxes that contain smileys, and leaving the others untouched. It would emulate the old behavior, but would only work for those who have the script installed as well, the others would still have to open the image as it is now. Don't count on me writing this, though, I have some private stuff to take care of, first (My Bachelor Thesis, to be specific).
Tampermonkey Update Script
I might have a go at it if I'm in the mood and have enough time, but it could be a while.I just realized that this might be the longest comment I've written yet. Well, give me the right topic. Sorry, I might not be the best of help, since I haven't been using Greasemonkey for a year now (Some bug was causing my Firefox to crash.)One thing I can think of, though: If the script was opened in a new tab as plain text, then Firefox/Greasemonkey did not recognize it as a Greasemonkey script. Maybe the file extension wasn't right. If you have your file extensions hidden, you might not see that right away.
Especially Notepad likes to add a hidden '.txt' file extension. Also make sure the file not only ends with '.js', but with '.user.js'. The header inside the userscript also needs to be intact, without any empty lines in front of it. It does not hurt to check this even if the file did not open in a new tab.