Limit JS by domain

Post a reply


In an effort to prevent automatic submissions, we require that you complete the following challenge.
Smilies
:D :) ;) :( :o :shock: :? 8-) :lol: :x :P :oops: :cry: :evil: :twisted: :roll: :!: :?: :idea: :arrow: :| :mrgreen: :geek: :ugeek:

BBCode is ON
[img] is ON
[flash] is OFF
[url] is ON
Smilies are ON

Topic review
   

Expand view Topic review: Limit JS by domain

Re: Limit JS by domain

by Giorgio Maone » Fri Apr 02, 2021 4:37 pm

Jason88 wrote:
Fri Apr 02, 2021 4:13 pm
It used to be that you could allow scripts from googleapis.com only on google.com, for example. Now it is no longer possible. If I allow scripts from googleapis.com on any domain they are allowed on all domains. I am curious about the reason noscript was crippled in this way. If I allow scripts from Google in my Gmail, I have to allow Google scripts from everywhere I ever go on the Internet. It almost completely defeats the purpose of noscript.
Contextual permissions have never been possible in "pure" NoScript, actually, but at a certain point there's been an ABE-based work-around.
Unfortunately ABE did not survive the Quantum rewrite (NoScript 5.x -> NoScript 10.x).
Anyway true contextual permissions (UI-based) are coming, likely before this summer.

Limit JS by domain

by Jason88 » Fri Apr 02, 2021 4:13 pm

It used to be that you could allow scripts from googleapis.com only on google.com, for example. Now it is no longer possible. If I allow scripts from googleapis.com on any domain they are allowed on all domains. I am curious about the reason noscript was crippled in this way. If I allow scripts from Google in my Gmail, I have to allow Google scripts from everywhere I ever go on the Internet. It almost completely defeats the purpose of noscript.

Top