On Sat, 30 Sep 2023 09:18:59 -0500 (CDT) Michael Hennebry <hennebry@xxxxxxxxxxxxxxxxxxxxx> wrote: > Noscript was already installed nand active. > It did not complain. > > I'm not clear on what this means. > The url window showed .cloudfront.net . > > I already had noscript installed and it did not complain. > Then you have cloudfront.net whitelisted in noscript. The only way to block javascript is by having it turned off for a site when you first visit it. If you have it whitelisted, the javascript runs before you have a chance to intercept. I do not have any of the cloud servers whitelisted. When a site comes up, if it isn't a site I've visited before, I check the list of third party sites that are blocked. If there is a cloud server site there, I usually click to temporarily allow it, if the site seems legitimate. Is this disruptive to smooth web browsing, does it take work / effort? Yes. But that is the nature of security. If you don't want to do this, then you need to install something like ublock-origin, that you can tune to specific websites. It also blocks javascript, but requires more effort because it is more fine grained (to specific site and even subdomains). So, more work up front, but then should do the right thing from then on. I don't visit so many unknown sites that I bother doing this. > Once the site was active, The javascript has already run in order for the site to be active. > all I could click on was an always-on application that was already > running. The site seemed to have made firefox > fullscreen and turned off all its buttons. > > Javascript is client-side, correct? It is fetched from the web site and run client side if it has permission. > The problem went away after disabling networking. I wonder if it was downloading the content of your computer that firefox had access to, maybe your history or your bookmarks, etc. Or maybe, it had set up the javascript to run continuously, downloading in a loop from its website. Any application monitoring the web connection could show this if it was allowed to run. > Is there a way to tell firefox never to let a website take it > fullscreen? Failing that, is there a way to tell firefox to never go > fullscreen at all? I'm not aware of a way, but if you ask on the mozilla forums, there are some really knowledgeable people there who might know a way. There are a *lot* of settings in about:config, and without application knowledge it is really hard to tell what they actually do. As George said, this is not solving the problem though. The javascript might just ignore, or issue a warning, if it can't specify fullscreen. I can't remember, were you able to bring up a console (Ctrl-Alt-[F2-F6])? If you could get to a console, you could use ps or top to see what is running and top or kill to kill applications (like firefox), iotop to see what web traffic is doing. Look in the journal, etc. My understanding is that javascript designed for guis can't run there, so you would not be blocked from any access. _______________________________________________ users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
