Search found 2845 matches
- Fri Apr 06, 2012 11:00 am
- Forum: NoScript Development
- Topic: <noscript> elements on trusted sites bypassing RequestPolicy
- Replies: 8
- Views: 5060
Re: <noscript> elements on trusted sites bypassing RequestPo
I added your ABE rule. If we allow the script, there's no bug, but of course the script does the evil. If we block the script, then even with your ABE rule, the image shows in View Page Info > Media. Based on a quick test on Google, it appears that images blocked by ABE will be listed in Page Info ...
- Fri Apr 06, 2012 6:01 am
- Forum: NoScript Development
- Topic: <noscript> elements on trusted sites bypassing RequestPolicy
- Replies: 8
- Views: 5060
Re: <noscript> elements on trusted sites bypassing RequestPo
I can confirm (using Tamper Data addon) that ABE can block the web bug: Site .webtrendslive.com Deny I guess that's extra encouragement to push ahead with my pet project of making an addon that would use an adapted version of RequestPolicy's interface to write ABE rules :). Is there an about:config ...
- Wed Apr 04, 2012 10:51 pm
- Forum: NoScript Development
- Topic: <noscript> elements on trusted sites bypassing RequestPolicy
- Replies: 8
- Views: 5060
<noscript> elements on trusted sites bypassing RequestPolicy
I just recently came across a situation (on addons.mozilla.org, no less), where the 'Show the NOSCRIPT element which follows a blocked script' option for trusted sites came into play. It seems that the clever ppl at AMO use this to insert a web bug for statse.webtrendslive.com if you block the full ...
- Tue Apr 03, 2012 3:04 am
- Forum: Security
- Topic: Integrating ABE with RequestPolicy
- Replies: 33
- Views: 36454
Re: Integrating ABE with RequestPolicy
Does anyone have suggestions about whether to pull in RequestPolicy's other features, like blocking redirects and prefetches? Or should this be strictly about managing ABE rules? The reason I ask is that there would obviously be a conflict between this and RequestPolicy, so those who want those othe...
- Tue Jan 24, 2012 1:39 am
- Forum: ABE
- Topic: Is RequestPolicy of any value if using NoScript?
- Replies: 9
- Views: 8855
Re: Is RequestPolicy of any value if using NoScript?
Moved to Forum Extras > Security: http://forums.informaction.com/viewtopi ... =19&t=8059
- Tue Jan 24, 2012 12:29 am
- Forum: Security
- Topic: Integrating ABE with RequestPolicy
- Replies: 33
- Views: 36454
Re: Integrating ABE with RequestPolicy
Basic ideas thus far: Create a comment-bounded segment within the ABE rules. This would allow manual editing of regions outside the GUI's control if desired. Implementation would create one rule block for each specific Site, incorporating all rules that use that Site. Including multiple Sites in the...
- Mon Jan 23, 2012 10:53 pm
- Forum: Security
- Topic: Integrating ABE with RequestPolicy
- Replies: 33
- Views: 36454
Integrating ABE with RequestPolicy
As discussed in the ABE forum, I'm interested in making an addon that takes RequestPolicy's interface and uses it to manage ABE rules. ABE provides great power & flexibility in controlling cross-site requests, but requires writing rules. RequestPolicy provides an interface that is quick & ea...
- Mon Jan 16, 2012 12:55 pm
- Forum: ABE
- Topic: Is RequestPolicy of any value if using NoScript?
- Replies: 9
- Views: 8855
Re: Is RequestPolicy of any value if using NoScript?
Thanks for the reply, Tom! I'm certainly looking forward to NoScript 3, so that I can selectively block plugins :). However, I really like the idea of RequestPolicy as a way of blocking as-yet-unknown cross-site exploitation (just as NS blocks as-yet-unknown JavaScript/Java/Flash/PDF exploits). Note...
- Mon Jan 16, 2012 2:32 am
- Forum: ABE
- Topic: Is RequestPolicy of any value if using NoScript?
- Replies: 9
- Views: 8855
Re: Is RequestPolicy of any value if using NoScript?
Hadn't seen any replies to this, but I've been seriously thinking about it lately: Surely it would be feasible to take RequestPolicy's interface and turn it into a front-end for ABE? Two advantages over writing ABE rules by hand: - You get feedback about what requests are being blocked/allowed on th...
- Mon Jan 24, 2011 4:12 am
- Forum: ABE
- Topic: Is RequestPolicy of any value if using NoScript?
- Replies: 9
- Views: 8855
Re: Is RequestPolicy of any value if using NoScript?
I'm using RequestPolicy, and it doesn't appear to block cross-site hyperlinks, presumably because it knows that the action was user-triggered? Yes, it can break sites, but actually, in its default configuration of allowing all subdomains, I've found it to have less impact than NoScript. That's certa...