ABE rules take second place to the normal NoScript blocking, and that you therefore must first "Allow" any Site covered by an ABE rule before that ABE rule will be processed
This is not true
In which case I'm either mightily confused, or I've failed to communicate my meaning properly.
https://noscript.net/faq#qa8_10 states the following regarding a rule for "Site .google-analytics.com":
Notice that since ABE's rule work independently from NoScript's permissions, you need to "Allow google-analytics.com" in NoScript's menu for the above to work.
and a little further down the page, regarding a different rule:
Again, you will still need to allow those domains also from NoScript's permissions menu.
This matches my (brief) experience of writing ABE rules: Unless I have whitelisted the Site domain for the rule, my ABE rules for that Site are completely ignored, and NoScript simply blocks all requests to that Site as usual.
Perhaps my phrasing was not strictly accurate? ("take second place to" and "work independently from" are not the same thing). But it does seem to be the way this works
in effect: You need to Allow a Site in order for your ABE rules to do anything.
Is that not actually true?
I do certainly understand that if people write
bad ABE rules then Allowing a Site can leave them unprotected, but that just seems like information which should be provided
alongside the information that they need to Allow the site if they wish to use ABE rules for it?
Unless I'm still wrong? (in which case I would greatly appreciate any clarification you can provide, and would suggest that the documentation could use the same).
[quote][quote]ABE rules take second place to the normal NoScript blocking, and that you therefore must first "Allow" any Site covered by an ABE rule before that ABE rule will be processed[/quote]
This is not true[/quote]
In which case I'm either mightily confused, or I've failed to communicate my meaning properly.
https://noscript.net/faq#qa8_10 states the following regarding a rule for "Site .google-analytics.com": [quote]Notice that since ABE's rule work independently from NoScript's permissions, you need to "Allow google-analytics.com" in NoScript's menu for the above to work.[/quote] and a little further down the page, regarding a different rule: [quote]Again, you will still need to allow those domains also from NoScript's permissions menu.[/quote]
This matches my (brief) experience of writing ABE rules: Unless I have whitelisted the Site domain for the rule, my ABE rules for that Site are completely ignored, and NoScript simply blocks all requests to that Site as usual.
Perhaps my phrasing was not strictly accurate? ("take second place to" and "work independently from" are not the same thing). But it does seem to be the way this works [i]in effect[/i]: You need to Allow a Site in order for your ABE rules to do anything.
Is that not actually true?
I do certainly understand that if people write [b]bad[/b] ABE rules then Allowing a Site can leave them unprotected, but that just seems like information which should be provided [i]alongside[/i] the information that they need to Allow the site if they wish to use ABE rules for it?
Unless I'm still wrong? (in which case I would greatly appreciate any clarification you can provide, and would suggest that the documentation could use the same).