General :  K-Meleon Forum
General discussion about K-Meleon. 
Pages: Previous123Next
Current Page: 2 of 3
Re: Possible update to Noscript plugin for KM 1.1.x
Posted by: desga2
Date: June 03, 2008 02:40AM

@ noel-pg2:
You must look the date of post:
Quote
desga2
*** EDITED *** Date: 2008/05/14
In this date 1.6.5 was last NoScript version.

Now, NoScript have been update to 1.6.8 (30/05/08),
Quote
noel-pg2
looks like the NoScript Plugin for KM needs to be updated again.
Look NoScript changelog:
Quote
NoScript
v 1.6.8
=====================================================================
x Fixed false positives in new Base64 decoding Injection Checker

v 1.6.7
=====================================================================
+ Base64 decoding in URI Injection Checker, thanks Zoiz for Yahoo PoC
-- see http://zoiz.web.id/xss-corner/base64-encoded-xss.html
x Extra NOSCRIPT element showing won't add SCRIPT elements on buggy
pages like evite.com (thanks zgendron and other reporters)

v 1.6.6
=====================================================================
x Fixed two bytes subnet shorthands broken if protocol is specified
x Fixed subnet shorthands not matching URLs with non-standard ports
x Firefox 3.0.* version bump
x Fixed XSS false positive on block.opendns.com

Only some bug fixed, is really needed update this extension to K-Meleon?

I'll updated it when i have some little time, now i'm busy with K-Meleon 1.5 spanish translation.

In addition, I not heard you say thank you. tongue sticking out smiley

K-Meleon in Spanish



Edited 1 time(s). Last edit at 06/03/2008 02:40AM by desga2.

Options: ReplyQuote
Re: Possible update to Noscript plugin for KM 1.1.x
Posted by: baysao
Date: June 07, 2008 01:47AM

Base on file that desga2 had uploaded, i've made Noscript ver. 1.6.8. You can download here. It's worked fine on K-mel 1.5b2.

Options: ReplyQuote
Re: Possible update to Noscript plugin for KM 1.1.x
Posted by: desga2
Date: June 07, 2008 06:32AM

Quote
baysao
Base on file that desga2 had uploaded, i've made Noscript ver. 1.6.8. You can download here. It's worked fine on K-mel 1.5b2.

This download page not work with K-Meleon user agent string, you must changed it to Firefox or Seamonkey to you can download file.

baysao's update not works in 1.1.X versions.

Plase wait to Alain's and my update.

P.S.; You only need update this files:
K-Meleon\components\noscriptService.js
K-Meleon\chrome\noscript.jar



Edited 3 time(s). Last edit at 06/07/2008 07:34AM by desga2.

Options: ReplyQuote
Re: Possible update to Noscript plugin for KM 1.1.x
Posted by: soccerfan
Date: June 09, 2008 08:50PM

Quote
desga2
P.S.; You only need update this files:
K-Meleon\components\noscriptService.js
K-Meleon\chrome\noscript.jar
Hi desga2,

After extracting noscript.xpi, I also see a noscript.js (in '/defaults/preferences' folder).
Does this file also need to be replaced (updated) or will that cause problems? Thanks.

soccerfan

Options: ReplyQuote
Re: Possible update to Noscript plugin for KM 1.1.x
Posted by: desga2
Date: June 09, 2008 09:26PM

Quote
soccerfan
After extracting noscript.xpi, I also see a noscript.js (in '/defaults/preferences' folder).
Does this file also need to be replaced (updated) or will that cause problems?

This file (/defaults/preferences/noscript.js) is the same that in 1.6.5, any changed in this file, not need updated it.

NOTE: Manual updated of this files only works in K-Meleon 1.5 and not in 1.1.X versions.

K-Meleon in Spanish



Edited 2 time(s). Last edit at 06/09/2008 09:28PM by desga2.

Options: ReplyQuote
Re: Possible update to Noscript plugin for KM 1.1.x
Posted by: soccerfan
Date: June 10, 2008 07:55PM

Quote
desga2
NOTE: Manual updated of this files only works in K-Meleon 1.5 and not in 1.1.X versions.

Thanks for the warning! I'm still on prtable k-meleon 1.1.3. Will wait until you find time to update. The current noscript is working well.

soccerfan

Options: ReplyQuote
Re: Possible update to Noscript plugin for KM 1.1.x
Posted by: BrianG
Date: June 11, 2008 12:18AM

I'm looking forward to the Noscript for 1.1.x versions. Assuming it will be available as an .exe installer I am wondering if an old version will need to be uninstalled first. If so, how?

Options: ReplyQuote
Re: Possible update to Noscript plugin for KM 1.1.x
Posted by: desga2
Date: June 11, 2008 02:00AM

Uninstall of previous NoScript Extension versions will not necessary. New installer will overwrited old files.

If you like unisntall NoScript Extension for some reason you only have to delete this files;
K-Meleon\components\noscriptService.js
K-Meleon\chrome\noscript.jar
K-Meleon\chrome\noscript.manifest
K-Meleon\defaults\pref\noscript.js
K-Meleon\macros\noscript.kmm
K-Meleon\skins\default\NoScript.bmp
K-Meleon\skins\default\NoScript_large.bmp
K-Meleon\locales\xx-YY\NoScript.kml (if exist, you are using some localization)

And delete also:
K-Meleon\components\compreg.dat
K-Meleon\components\xpti.dat

These are generated files when K-Meleon restart.

K-Meleon in Spanish



Edited 2 time(s). Last edit at 06/11/2008 02:16AM by desga2.

Options: ReplyQuote
Re: Possible update to Noscript plugin for KM 1.1.x
Posted by: BrianG
Date: June 11, 2008 08:17PM

I just installed NoScript and am seeing some difference in how pages are displayed vs. under Firefox. This page is the most recent example of differences in the page under Firefox (NoScript allowed) vs. K-Meleon (NoScript installed & set to allowed) vs. K-Meleon without NoScript installed:

http://www.llbean.com/webapp/wcs/stores/servlet/CategoryDisplay?page=tropicwear-shirt&categoryId=36453&storeId=1&catalogId=1&langId=-1&parentCategory=502684&cat4=502683&shop_method=pp&feat=502684-tn&np=Y

Under K-Meleon, with NoScript set to allowed, the changing of shirt colors does not function but works fine when NoScript is not installed. I played around with different options in NoScript to no avail. Under Firefox, this page works fine when allowed by NoScript.

Options: ReplyQuote
Re: Possible update to Noscript plugin for KM 1.1.x
Posted by: JujuLand
Date: June 11, 2008 10:27PM

For me, with the previous version of NoScript, it works with Noscript activated or not.

Haven't yet installed and tested the desga2 version.

A+


Mozilla/5.0 (x11; U; Linux x86_64; fr-FR; rv:24.0) Gecko/20140105 Ubuntu/12.04 K-Meleon/74.0

Web: http://jujuland.pagesperso-orange.fr/
Mail : alain [dot] aupeix [at] wanadoo [dot] fr





Edited 1 time(s). Last edit at 06/11/2008 10:27PM by JujuLand.

Options: ReplyQuote
Re: Possible update to Noscript plugin for KM 1.1.x
Posted by: desga2
Date: June 12, 2008 02:07AM

@ BrianG:
Yes this problem exist, but this work if you disable NoScript and reload page.
Seems that this page isn't recognized by whitelist in NoScript.

K-Meleon in Spanish

Options: ReplyQuote
Re: Possible update to Noscript plugin for KM 1.1.x
Posted by: noel-pg2
Date: June 28, 2008 06:57AM

Quote
desga2

In addition, I not heard you say thank you. tongue sticking out smiley

well thank you. happy now? LOL.

NoScript 1.7.1 now offered at their web site.
start working on an update for Kmeleon ASAP or whenever you find time.



Edited 1 time(s). Last edit at 06/28/2008 07:01AM by noel-pg2.

Options: ReplyQuote
Re: Possible update to Noscript plugin for KM 1.1.x
Posted by: desga2
Date: June 28, 2008 08:03PM

New NoScript version 1.7.1 available to download, for everyone except for noel-pg2. tongue sticking out smiley

Changelog:
- Update to NoScript 1.7.1 only.

K-Meleon NoScript Extension 1.7.1

@ noel-pg2:
mad smiley
I can't dedicate to update this extension whenever the author updates, every week.
When say you that you are starting to learn how to update it by yourself? tongue sticking out smiley

Indeed, I do not even use this extension, just the place to let a favour to popular demand. sleepy smiley

SPAIN
FOR CHAMPION
Euro2008

K-Meleon in Spanish

Options: ReplyQuote
Re: Possible update to Noscript plugin for KM 1.1.x
Posted by: JujuLand
Date: June 28, 2008 11:40PM

Who Will Win ?

desga2 or guenter ?? smiling smiley


Mozilla/5.0 (x11; U; Linux x86_64; fr-FR; rv:24.0) Gecko/20140105 Ubuntu/12.04 K-Meleon/74.0

Web: http://jujuland.pagesperso-orange.fr/
Mail : alain [dot] aupeix [at] wanadoo [dot] fr




Options: ReplyQuote
Re: Possible update to Noscript plugin for KM 1.1.x
Posted by: soccerfan
Date: June 29, 2008 07:04AM

Quote
JujuLand
Who Will Win ?

desga2 or guenter ?? smiling smiley

I'll let you know tomorrow (i.e. sunday)!!!!

soccerfan
PS: Thanks for the update desga2.

Options: ReplyQuote
Re: Possible update to Noscript plugin for KM 1.1.x
Posted by: desga2
Date: July 21, 2008 07:13PM

New NoScript Extension for K-Meleon version 1.7.7 available to download.

Changelog:
- Update to NoScript 1.7.7 only.

K-Meleon NoScript Extension 1.7.7

K-Meleon in Spanish

Options: ReplyQuote
Re: Possible update to Noscript plugin for KM 1.1.x
Posted by: soccerfan
Date: July 21, 2008 08:33PM

Quote
desga2
New NoScript Extension for K-Meleon version 1.7.7 available to download.

Thank you once more!
And congratulations to the Euro2008 football champions.

soccerfan

Options: ReplyQuote
Re: Possible update to Noscript plugin for KM 1.1.x
Posted by: ndebord
Date: July 21, 2008 08:48PM

Guenter,

I would add to your excellent synopsis, the rationale behind K-meleon not using xpi extensions was to avoid the penalty of a software emulation overhead. The macro language used by KM was the substitute and with KKO's new macro language and Alain's macro installer routines, the macro language has definitely evolved. (Caveat. It is less easy IMO for end users like myself to use it as opposed to the older macro version, but it is more full-featured. A tradeoff.)

N

Options: ReplyQuote
Re: Possible update to Noscript plugin for KM 1.1.x
Posted by: jk-
Date: July 21, 2008 08:57PM

desaga2: Does your update insclude the components/noscriptService.js that comes with NoScript 1.7.7? I had to slightly alter the code to get it to work in K-Meleon 1.1.6... or use an older version.

----------------------
- K-Meleon Macros and Extensions
- Greasify (Greasemonkey type macro for K-Meleon)
- Stylish for K-Meleon



Edited 1 time(s). Last edit at 07/21/2008 08:57PM by jk-.

Options: ReplyQuote
Re: Possible update to Noscript plugin for KM 1.1.x
Posted by: Blackcat
Date: July 22, 2008 02:01AM

Quote
desga2
New NoScript Extension for K-Meleon version 1.7.7 available to download.

Changelog:
- Update to NoScript 1.7.7 only.

K-Meleon NoScript Extension 1.7.7
The URL above only links to the older version, not 1.7.7.

Options: ReplyQuote
Re: Possible update to Noscript plugin for KM 1.1.x
Posted by: desga2
Date: July 22, 2008 05:54AM

@ Blackcat;
You are wrong, zip file to download have identical name but if you run setup this show NoScript 1.7.7 version and include all 1.7.7 updated files.

@ jk-k;
Yes it's, you need modify components/noscriptService.js file to work in 1.1.X version but not nedded to 1.5. This problem is for next line:
chromeRegistry: CC["@mozilla.org/chrome/chrome-registry;1"].getService(CI.nsIChromeRegistry),

If you commented this line your noscriptService.js file works in 1.1.X.
1.1.X version haven't "chromeRegistry" event/function/service improved.

I asked about it to Giorgio Maone (NoScript developer) and he answer me this:
Quote
Giogio Maone
Hi,
chromeRegistry is used by the checkForbiddenChrome() method immediately
following that line, which provides protection against chrome traversal
attacks.
If the chrome registry is not present in k-Meleon, please replace the
checkForbiddenChrome method with the following:

checkForbiddenChrome: function(url, origin) {
     if(origin && !/^(?:chrome|resource|about)$/.test(origin.scheme)) {
       switch(url.scheme) {
         case "chrome":
           return false;

         case "resource":
           if(/\.\./.test(unescape(url.spec))) return true;
       }
     }
     return false;
   },

And this is the changed that i do in noscriptService.js file to works in 1.1.X versions and you can look it in the file included in my Extension.(Search "K-Meleon" word to find comments indicated modifications in each modified file to run in K-Meleon)

Now all people, know how to update this Extension. If some people want i can upload my source files of this Extension. (If you like Nsis installer files)

smiling smiley
Please, don't ask me for more updates of this extension when everyone already knows how to do it. tongue sticking out smiley

P.S.; My Macro file (noscript.kmm) not works fine, i have pending fixed it yet.

K-Meleon in Spanish



Edited 3 time(s). Last edit at 07/22/2008 06:02AM by desga2.

Options: ReplyQuote
Re: Possible update to Noscript plugin for KM 1.1.x
Posted by: jk-
Date: July 22, 2008 03:34PM

Quote
desga2
@ Blackcat;

@ jk-k;
Yes it's, you need modify components/noscriptService.js file to work in 1.1.X version but not nedded to 1.5. This problem is for next line:
chromeRegistry: CC["@mozilla.org/chrome/chrome-registry;1"].getService(CI.nsIChromeRegistry),

If you commented this line your noscriptService.js file works in 1.1.X.
1.1.X version haven't "chromeRegistry" event/function/service improved.

I asked about it to Giorgio Maone (NoScript developer) and he answer me this:
Quote
Giogio Maone
Hi,
chromeRegistry is used by the checkForbiddenChrome() method immediately
following that line, which provides protection against chrome traversal
attacks.
If the chrome registry is not present in k-Meleon, please replace the
checkForbiddenChrome method with the following:

checkForbiddenChrome: function(url, origin) {
     if(origin && !/^(?:chrome|resource|about)$/.test(origin.scheme)) {
       switch(url.scheme) {
         case "chrome":
           return false;

         case "resource":
           if(/\.\./.test(unescape(url.spec))) return true;
       }
     }
     return false;
   },

And this is the changed that i do in noscriptService.js file to works in 1.1.X versions and you can look it in the file included in my Extension.(Search "K-Meleon" word to find comments indicated modifications in each modified file to run in K-Meleon)
Thanks for the info desaga, my code had looked like this:

/*
browserChromeDir: CC["@mozilla.org/file/directory_service;1"].getService(CI.nsIProperties)
                       .get("AChrom", CI.nsIFile),
  chromeRegistry: CC["@mozilla.org/chrome/chrome-registry;1"].getService(CI.nsIChromeRegistry),
  */

  checkForbiddenChrome: function(url, origin) {
    if(origin && !/^(?:chrome|resource|about)$/.test(origin.scheme)) {
      switch(url.scheme) {
        case "chrome":
          var packageName = url.host;
          if (packageName == "browser") return false; // fast path for commonest case
          exception = this.getPref("forbidChromeExceptions." + packageName, false);
          if (exception) return false;

          /*
     var chromeURL = this.chromeRegistry.convertChromeURL(url);
          if (chromeURL instanceof CI.nsIJARURI)
            chromeURL = chromeURL.JARFile;
               
          return chromeURL instanceof CI.nsIFileURL && !this.browserChromeDir.contains(chromeURL.file, true);
         */

        case "resource":
          if(/\.\./.test(unescape(url.spec))) return true;
      }
    }
    return false;
  }
But I have good news!, I posted a message the other day on the Mozilla forums and Giorgio was kind enough to update the official noscript code to work with k-meleon!

http://noscript.net/getit#devel
Quote

v 1.7.7.2
=====================================================================
x Improved KMeleon compatibility
his updated code looks liek this:
checkForbiddenChrome: function(url, origin) {
    var f, browserChromeDir, chromeRegistry;
    try {
      browserChromeDir = CC["@mozilla.org/file/directory_service;1"].getService(CI.nsIProperties)
                       .get("AChrom", CI.nsIFile);
      chromeRegistry = CC["@mozilla.org/chrome/chrome-registry;1"].getService(CI.nsIChromeRegistry);
      
      f = function(url, origin) {
        if(origin && !/^(?:chrome|resource|about)$/.test(origin.scheme)) {
          switch(url.scheme) {
            case "chrome":
              var packageName = url.host;
              if (packageName == "browser") return false; // fast path for commonest case
              exception = this.getPref("forbidChromeExceptions." + packageName, false);
              if (exception) return false;
              var chromeURL = chromeRegistry.convertChromeURL(url);
              if (chromeURL instanceof CI.nsIJARURI) 
                chromeURL = chromeURL.JARFile;
                    
              return chromeURL instanceof CI.nsIFileURL && !browserChromeDir.contains(chromeURL.file, true);
             
            case "resource":
              if(/\.\./.test(unescape(url.spec))) return true;
          }
        }
        return false;
      }
    } catch(e) {
      f = function() { return false; }
    }
    this.checkForbiddenChrome = f;
    return this.checkForbiddenChrome(url, origin);
  }
I've tested it and it works. So it will be very easy for k-meleon users to update (for those curious: by extracting the files from the xpi: noscript.jar, noscriptService.js and noscript.js)

----------------------
- K-Meleon Macros and Extensions
- Greasify (Greasemonkey type macro for K-Meleon)
- Stylish for K-Meleon

Options: ReplyQuote
Re: Possible update to Noscript plugin for KM 1.1.x
Posted by: desga2
Date: July 22, 2008 04:10PM

@jk-k;
Thanks you for the info, great news.

K-Meleon in Spanish

Options: ReplyQuote
Re: Possible update to Noscript plugin for KM 1.1.x
Posted by: soccerfan
Date: July 22, 2008 09:05PM

Quote
desga2
@jk-k;
Thanks you for the info, great news.

So, my questions to desga2 and jk-:

1. If I use desga2's noscript 1.7.7, all I have to do to update it is to overwrite noscript.jar, noscriptService.js and noscript.js from a new noscript version such as 1.7.7.3 beta to make it work for BOTH km 1.1.x and 1.5?

2. Can I use noscript 1.7.7.3 beta directly in km (1.1.x or 1.5)?

Thanks,
soccerfan

Options: ReplyQuote
Re: Possible update to Noscript plugin for KM 1.1.x
Posted by: desga2
Date: July 22, 2008 09:57PM

@ soccerfan:

1 & 2. Yes it's, you describes it exactly.

K-Meleon in Spanish

Options: ReplyQuote
Re: Possible update to Noscript plugin for KM 1.1.x
Posted by: jk-
Date: July 26, 2008 08:33PM

Quote

1. If I use desga2's noscript 1.7.7, all I have to do to update it is to overwrite noscript.jar, noscriptService.js and noscript.js from a new noscript version such as 1.7.7.3 beta to make it work for BOTH km 1.1.x and 1.5?
Just remember to delete components/xpti.dat and compreg.dat!

----------------------
- K-Meleon Macros and Extensions
- Greasify (Greasemonkey type macro for K-Meleon)
- Stylish for K-Meleon

Options: ReplyQuote
Re: Possible update to Noscript plugin for KM 1.1.x
Posted by: DasFox
Date: August 07, 2008 12:07PM

Is there a noscript plugin for K-meleon?

We're now up to 1.7.8


THANKS

Options: ReplyQuote
Re: Possible update to Noscript plugin for KM 1.1.x
Posted by: desga2
Date: August 07, 2008 07:17PM

@ DasFox:

You can instal NoScript Extension for K-Meleon 1.7.7 (download link above this post in post with NoScript logo image at right side of it)
And update NoScript K-Meleon Extension files with originals files from NoScript 1.7.8 from official site. (Remember that xpi file is really a zip file)

K-Meleon in Spanish

Options: ReplyQuote
Re: Possible update to Noscript plugin for KM 1.1.x
Posted by: DasFox
Date: August 08, 2008 07:28AM

Noscript doesn't work, if it did you'd see a blocked page looking like this:

http://img99.imageshack.us/my.php?image=41977916jr5.jpg

By the way that is Firefox using noscript, now here is K-meleon on the same page with noscript running:

http://img217.imageshack.us/my.php?image=50667825mu6.jpg

K-meleon even has everything checked to block and yet the web page loads everything and doesn't block it like it should in firefox... sad smiley

Options: ReplyQuote
Re: Possible update to Noscript plugin for KM 1.1.x
Posted by: jk-
Date: August 08, 2008 08:16AM

http://img56.imageshack.us/img56/7517/noscriptworkingay1.png

Works for me, you don't specify which noscript you are trying to use..?

----------------------
- K-Meleon Macros and Extensions
- Greasify (Greasemonkey type macro for K-Meleon)
- Stylish for K-Meleon

Options: ReplyQuote
Pages: Previous123Next
Current Page: 2 of 3


K-Meleon forum is powered by Phorum.