User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:55.0) Gecko/20100101 Firefox/55.0 Build ID: 20170616223046 Steps to reproduce: 1. Disable scripts by default in either uBlock Origin or uMatrix. 2. Go to a site which contains a <noscript> tag. Actual results: Because uBlock Origin and uMatrix use CSP to block JavaScript execution, the noscript tag is not activated and the site is broken. Expected results: The website should believe that javascript is disabled and should display the noscript tag's contents.

Additionally, this can (theoretically) be solved in legacy extensions by setting user preferences (http://www-archive.mozilla.org/projects/security/components/ConfigPolicy.html), but this will not be possible in WebExtensions.

I don't think this is an add-ons issue. If websites show <noscript> content when JS is disabled via CSP, then presumably the same should happen for add-ons, and it should be fixed in Firefox. If they don't, then I don't think there's anything to fix and the bug should be closed.

> If they don't <noscript> tags do not render if javascript is forbidden a CSP set by by the site itself. Anyways, given that a CSP can forbid selectively only some specific sources of javascript, it's really not obvious what the solution would be if the issue was considered valid.

Assigning a component and perhaps there's someone with extensive knowledge on this area that might be able to help here.

This would not be correct behavior for CSP. I appreciate the cleverness exhibited by these extensions to approximate the effect they want, but it's a horrible hacky way to do this and we should instead give security-focused extensions a set of security knobs they can fiddle. Disabling javascript is only one of the many things lost when access to general preferences was taken away. Bouncing over to webextensions as a request for a security API.

We already have a bug for disabling javascript on individual sites. The bug summary refers to "other security/privacy settings". We have some existing browser.privacy apis, if more are needed please open new bugs and be specific about what is needed.