Wednesday, December 24, 2008

Making Google's 'Note in Reader' work with Firefox's 'NoScript'

Update Jan 31, 2009: As of NoScript 1.8.9.7 this is fixed. Per Giorgio's comment looks like it was fixed back in 1.8.8. Thanks Giorgio!

This is a specific post for FireFox NoScript users.

I use the FireFox Noscript extension for extra security. I also like to use Google's Note in Reader. The problem is that the cross-site scripting (XSS) protection of the former blocks the latter.

But I found that I could configure an exception to NoScript for 'Note in Reader'.
  1. First, bring up the NoScript preferences (in FireFox, under Tools select Add-ons, then find NoScript and select its Preferences).
  2. Then, in NoScripts preferences, select the Advanced tab, and then the XSS tab.
  3. Add the following to Anti-XSS Protection Exceptions and click 'OK'
^http://www.google.com/reader/link-frame
That should do it. Not even a restart required.

Update Jan 31, 2009: Fixed broken link to Note in Reader.

2 comments:

  1. Could you tell me if it happens with latest NoScript 1.8.8 and, if it does, email me the [NoScript XSS] lines you get in Tools|Error Console?
    Thanks

    ReplyDelete
  2. more inclusive is:
    ^https?://www.google.com/reader/link-frame

    now it'll work with https if you use it.

    ReplyDelete