InformAction Forums

[ssjkakaroto]

Hi there, I always use the "Apply these restrictions to whitelisted sites too" but I often have to keep enabling Java on my whitelisted sites. I want this option to be enabled mainly because of Flash.
My suggestion is to decouple the additional restrictions of untrusted and whitelisted sites. This way there would be two tabs, Embeddings (untrusted) and Embeddings (whitelisted), with the relevant options in each one.

Best regards.

[Tom T.]

Hi there, I always use the "Apply these restrictions to whitelisted sites too" but I often have to keep enabling Java on my whitelisted sites. I want this option to be enabled mainly because of Flash.

Did you mean "Java", or "Javascript"?
Due to an unfortunate historical naming (long since regretted), there has been confusion between these two to the present day.

My suggestion is to decouple the additional restrictions of untrusted and whitelisted sites. This way there would be two tabs, Embeddings (untrusted) and Embeddings (whitelisted), with the relevant options in each one.

It will get even better in NoScript 3.x for the desktop, on which Giorgio is working furiously to release. There will be GUI permissions for *each site*, IIUC (design not finalized yet).

In the meantime, please read the sticky post, Site-Specific-Permission Questions? PLEASE READ THIS FIRST!, and the FAQ linked from it. They will help you accomplish your goals.
If after reading it, you still need assistance in formulating the rules, by all means post back with the specifics.

Best regards,
- Tom.

[ssjkakaroto]

Thanks for the response Tom. I did mean Java, not javascript.
I'm reading the FAQ, but I'm having trouble formulating a rule that would allow java objects but deny flash objects from site.com.
If I use a rule that has something like:

Deny INC(OBJ,OBJSUB)

both objects will be blocked right?

[Tom T.]

..... a rule that would allow java objects but deny flash objects from site.com.

IIUC, you want to deny Flash even at whitelisted sites, but allow Java at *only certain* w/l sites, not all, correct?

To block Flash by default at whitelisted sites, on the NS Options > Embeddings tab, check "Forbid Flash" and "Apply these restrictions to whitelisted sites too.". You will have to uncheck "Forbid Java" so that ABE gets to see the Java objects.

One way to allow Java, if it's only one site, which offers only one Java applet (real-world example):

Code: Select all

Site java-vm@*.*
Accept from https://www.hushmail.com
Deny

The site has only one Java applet (the local encryption engine), so it's safe to wildcard it, while also wildcarding the blocking of all java-vm everywhere else.

At other sites, or for multiple sites, it's probably better to make individual rules:

Code: Select all

Site java-vm@http://site1.com/java/somecoolfunction/*
Accept from .site1.com
Deny
Site java-vm@http://site2.com/java/somethingelse/*
Accept from .site2.com
Deny
Site java-vm@*.*
Deny #(blocking all other java-vm, as in the first example)

If there is no chance of the object names colliding (overlapping), these could be combined:

Code: Select all

Site java-vm@http://site1.com/java/somecoolfunction/* java-vm@http://site2.com/java/somethingelse/* java-vm@http://site3.com/java/watchthis/*
Accept from .site1.com .site2.com .site3.com
Deny
Site java-vm@*.*
Deny

We have site-specific permissions for specific Java applets, and a general Deny rule for all other java-vm.

If your example is more complex, and following that pattern doesn't work for you, then go ahead and post the actual situations and name of objects to be allowed. If they're privacy-sensitive, you can PM to me, and put generic names in the post. I would just want to make sure that I'm seeing the actual site, getting the right permissions and restrictions, and testing that it works -- in strict confidence, of course.

[ssjkakaroto]

Thanks a lot Tom, the rules you posted were more than enough for what I was trying to accomplish!

[Tom T.]

Thanks a lot Tom, the rules you posted were more than enough for what I was trying to accomplish!

Excellent! And you're quite welcome.