Feat. req.: "From Default"/"From TRUSTED"/"From Untrusted"/"From Custom" buttons that work like site-specific rules

Bug reports and enhancement requests
Post Reply
somethingfly
Posts: 5
Joined: Sat Apr 13, 2013 6:42 pm

Feat. req.: "From Default"/"From TRUSTED"/"From Untrusted"/"From Custom" buttons that work like site-specific rules

Post by somethingfly » Sat Apr 27, 2019 1:49 am

I read the stickied post about reading the FAQ about ABE first when posting about site-specific rules. And I did. Of course, that doesn't help with version 10 which got rid of ABE because of Firefox's adoption of webextension with Quantum. But what I'm suggesting would work similar to ABE. And it should work in version 10 because of https://stackoverflow.com/questions/460 ... active-tab .

It would work similar to the use case from the FAQ https://noscript.net/faq#qa8_10 "Can I use ABE to fine-tune NoScript's permissions?":
For instance, you may want to allow scripts from google-analytics.com to be executed on www.friend.com and www.friend2.com but fail on www.foe.com and any other web site. You can do it by opening NoScript Options|Advanced|ABE, selecting your USER ruleset, and add the following rule in the text box:

Code: Select all

# google-analytics.com rule
Site .google-analytics.com
# the above is shortcut for google-analytics.com *.google-analytics.com
Accept from .friend.com .friend2.com
Deny
Now that ABE is pretty much dead, here's what I would do. First, under "General" tab you'd have a checkbox called "Use From rules to create site-specific rules". This would also relate to an icon in the top right corner of "S" icon dropdown that looks like an "F!", toggling that icon toggles the checkbox. There would also be in the "General" tab three new tabs under "Preset customization (for all the sites sharing a preset)" for "From DEFALUT" "From TRUSTED" and "From UNTRUSTED".

Image

When the "Use From rules to create site-specific rules" is checked it displays four new buttons called [From Default] [From TRUSTED] [From Untrusted] [From Custom] that would show in the "S" icon dropdown to the right of [Default] [Temp Trusted] [Trusted] [Untrusted] [Custom]. They would look exactly the same except they would have an "F" instead of an "S" and the hover text / tooltips would append " from ...friend.com". Example, the icon for [From TRUSTED] would look an "F" in a circle and the tooltip for [From TRUSTED] would read "TRUSTED from ...friend.com".

Image

When the "Use From rules to create site-specific rules" is checked, in the "Per-site Permissions" tab of "NoScript Option," there is again these four [From] buttons as well as a third column. Whenever a [From] button is selected, the third column would have an editable text box with a site listed, and a plus sign to add another line or an "X" to remove a line. If this line is added from clicking a [From] button on a tab, the third column has the base url of that tab. Otherwise, it has the base url of the script.

E.g. a line that read "[From TRUSTED] | ...google-analytics.com | ...friend.com" would be similar to the ABE rule described above, except the "Deny" action would not be "ALL" but whatever the "From DEFAULT" is on the "General" tab. You could then click the plus sign, and a new line would show that was "[From TRUSTED] | ...google-analytics.com | ...google-analytics.com". You could then edit the second "...google-analytics.com" in this second line to "...friend2.com" (note, entering blank text would be the same as clicking "X" and would remove the line). Then you would have exactly the same as the ABE rule above, except, again, for the "Deny" action would be slightly different.

Image

When a user tries to uncheck/unselect "Use From rules to create site-specific rules" / "F!", then a pop-up says "Warning! All From rules for all script urls will be deleted! OK/Cancel". If user selects OK, then everything in third column is deleted, the [From] buttons no longer display, and then option is unchecked/unselected.

When on a tab, and a [From] rule exists in "Per-site Permissions" for that script url (google-analytics.com) and that currently displayed url (either ...friend.com or page.friend.com), then the appropriate button will display. If you select a different [From] button, then it will change in "Per-site Permissions".

When on a tab, and a [From] rule exists in "Per-site Permissions" for that script url (google-analytics.com) but not that currently displayed url (you are on www.friend2.com and you have a rule for ...friend.com), then the [From Default] button will display. If you select a different [From] button, then it will add a line in "Per-site Permissions" for "...google-analytics" and "...friend2.com".

In either of the above cases, if you then click on a non-[From] button, then you will get a warning that you will be deleting "all from rules for ...google-analytics.com". If you click okay, then all rows in "Per-site Permissions" that have [From] selected and "...google-analytics.com" in the second column will be deleted and there will likely be a new row according to that non-[From] button.

Let me know if you need a mock-up to understand what I'm talking about. Thanks.

EDIT: Added mock-up screenshots.

EDIT 5/7/19: So, I updated the third picture to show a lock in the third column. Now, I used to think that "..." was actually a generic wildcard. But through some trial and error, I've realized "..." is just a graphical representation that shows only when you have https enabled for a domain and it is a domain without a subdomain--unless the domain is googleapis.com. It's pretty clear that noscript treats "anything.googleapis.com" as a single-level domain. Further, the lock/unlock symbol is a graphical symbol that can tell you if it matches https, and a button to toggle match https, but it only shows if you select a trusted option. The behavior of these two things together is less than intuitive. Regardless, what matters ultimately is whats in the preferences. If there is "§:" before the site in your preferences it means match https. You can see all these by exporting your options.

Let's say you exported this third picture, it would show:

Code: Select all

    "sites": {
      "From trusted": [
        "§:informaction.com": [
            "§:informaction.com"
        ],
      ],
    },
Here's some use cases of how to change this.

Image

USE CASE 1

Let's say you clicked the text, changed it to "forums.informaction.com," and confirmed. The export would be:

Code: Select all

    "sites": {
      "From trusted": [
        "§:informaction.com": [
            "§:forums.informaction.com"
        ],
      ],
    },
USE CASE 2

Now let's say instead you added a row. First of all, it would first show the text in this second row as "informaction.com" and have a lock, because that is what is in the second column. However, there would not be a way to confirm until you edit it (e.g. no green check button), because that second row "informaction.com" would be the same as the first row "informaction.com". Once you edited the second row to a valid entry (e.g. "forums.informaction.com"), then there would be a button to confirm. Once confirmed, the export would be:

Code: Select all

    "sites": {
      "From trusted": [
        "§:informaction.com": [
            "§:informaction.com",
            "§:forums.informaction.com"
        ],
      ],
    },
USE CASE 3

Now let's say you added a row like USE CASE 2, and then clicked the lock icon on the second row to make it an unlocked icon. Then the export would be:

Code: Select all

    "sites": {
      "From trusted": [
        "§:informaction.com": [
            "§:informaction.com",
            "forums.informaction.com"
        ],
      ],
    },
Last edited by somethingfly on Tue May 07, 2019 10:32 pm, edited 2 times in total.
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0

somethingfly
Posts: 5
Joined: Sat Apr 13, 2013 6:42 pm

Re: Feat. req.: "From Default"/"From TRUSTED"/"From Untrusted"/"From Custom" buttons that work like site-specific rules

Post by somethingfly » Mon May 06, 2019 10:33 pm

Please note mock-up screenshots in post above. Thank you.
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0

Post Reply