by Giorgio Maone » Mon May 26, 2014 9:28 am
These are features being added by request of the TOR project, useful for TOR Browser users but possibly also for some regular NoScript users.
At this moment they are pretty much work in progress (the UI side, for instance, is still unaffected), but in the end they should amount to:
- "Block scripting in whitelisted subdocuments of non-whitelisted pages" (noscript.restrictSubdocScripting)
- If /true/, frames and iframes whose parent document's URL is not whitelisted will be prevented from running and loading scripts, no matter whether they're themselves whitelisted.
- If /false/, current behavior which bases scripting permissions for subdocuments only on their own origin, independently from their parent's, will be kept.
- "Cascade parent document's permissions to 3rd party scripts" (noscript.cascadePermissions)
- If /true/, user will just need to allow/forbid the top-level document's origin or forbid it, to block/unblock all the scripts on the page (including those in subdocuments): also, in order to avoid confusion, when this mode is active the NoScript menu will show Forbid/Allow commands for the top-level origin only (currently in bold).
- If /false/, current behavior which allows full granularity to forbid/allow scripts by their origin will be kept.
- In either case, subdomain scripts from 'untrusted'/blacklisted sites will continue to be blocked, and if the user has selected to enable the "Untrusted" NoScript appearance option, these subdomain blacklist choices will still be displayed.
- NoScript will provide an associated configuration UI control for this preference.
[Edit]
A requirement added and implemented later, is that "[Temporarily] Allow all this page" commands affect the top-level document only when Cascade Permissions mode is enabled (i.e. no 3rd party script get actually whitelisted, they're just implicitly allowed as long as their top ancestor page's domain is whitelisted).
These are features being added by request of the TOR project, useful for TOR Browser users but possibly also for some regular NoScript users.
At this moment they are pretty much work in progress (the UI side, for instance, is still unaffected), but in the end they should amount to:
[list=1]
[*]"Block scripting in whitelisted subdocuments of non-whitelisted pages" (noscript.restrictSubdocScripting)
[list]
[*]If /true/, frames and iframes whose parent document's URL is not whitelisted will be prevented from running and loading scripts, no matter whether they're themselves whitelisted.
[*]If /false/, current behavior which bases scripting permissions for subdocuments only on their own origin, independently from their parent's, will be kept.[/list]
[*]"Cascade parent document's permissions to 3rd party scripts" (noscript.cascadePermissions)
[list]
[*]If /true/, user will just need to allow/forbid the top-level document's origin or forbid it, to block/unblock all the scripts on the page (including those in subdocuments): also, in order to avoid confusion, when this mode is active the NoScript menu will show Forbid/Allow commands for the top-level origin only (currently in bold).
[*]If /false/, current behavior which allows full granularity to forbid/allow scripts by their origin will be kept.
[*] In either case, subdomain scripts from 'untrusted'/blacklisted sites will continue to be blocked, and if the user has selected to enable the "Untrusted" NoScript appearance option, these subdomain blacklist choices will still be displayed.
[*]NoScript will provide an associated configuration UI control for this preference.[/list][/list]
[Edit]
A requirement added and implemented later, is that "[Temporarily] Allow all this page" commands affect the top-level document only when Cascade Permissions mode is enabled (i.e. no 3rd party script get actually whitelisted, they're just implicitly allowed as long as their top ancestor page's domain is whitelisted).