Thrawn wrote:Umm...I'd only be talking about ABE rules that would allow requests from the owner's legit site to his evil site, so I'm not sure what advantage he gains by this method, rather than just serving malicious scripts from his legit site. The evil site will still have scripts blocked by default. If he can persuade the user to unblock it, he could probably do that anyway, regardless of ABE.
Under your "ownership rule", users visiting goodsite will see evilsite in the nenu (not under that name, of course
), discover that the ownership is the same, and rely on that in making the trust decision.
But I agree about the complexity. I was mostly joking when I suggested it
You could have saved me a lot of keystrokes...
Thrawn wrote: Tom T. wrote:
The part of NoScript Quick Start Guide
that discusses secondary content servers is hoped to help users know to look for "cdn", "static", or "img", and some resemblance to the original site.
If you have a moment, perhaps check it out?
Believe it or not, I hadn't read the guide before
...but I was already familiar with everything it was saying. It's well-written, though; I might point some friends/family to it.
The goal is to get NS to the non-tech majority, rather than have them think it's "too tech" for them. Glad you think it might accomplish that in your case, and of course I'd be eager to hear how the reception was from your (presumably) lesser-tech friends/family.
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:126.96.36.199) Gecko/20120306 Firefox/12.0