Discussion: Site Specific Permissions Policy

[Giorgio Maone]

As long as Noscript 3 isn't available yet, there is a workaround using AdblockPlus. If you want to block flash by default just add this custom filter:

swf|

Hmm, no.

[tlu]

As long as Noscript 3 isn't available yet, there is a workaround using AdblockPlus. If you want to block flash by default just add this custom filter:

swf|

Hmm, no.

Oops - I didn't know that. Although I knew that Flashblock can be defeated. Thanks for that hint, Giorgio.

EDIT: It's blocked with the $object rule, though.

[Giorgio Maone]

As long as Noscript 3 isn't available yet, there is a workaround using AdblockPlus. If you want to block flash by default just add this custom filter:

swf|

Hmm, no.

Oops - I didn't know that. Although I knew that Flashblock can be defeated. Thanks for that hint, Giorgio.

EDIT: It's blocked with the $object rule, though.

Look again

[tlu]

EDIT: It's blocked with the $object rule, though.

Look again

Ha - you beat me again

Well, I hope that you're making good progress with NSA then - obviously the only suitable solution for our problem

[bur]

I wrote this post before I saw there already is a thread regarding this problem, so here's the post again:

There are some sites that won't work without allowing scripts from ad services like doubleclick.net. In that case it would be nice to be able to allow this single site to run scripts from doubleclick.net. In Adblock for example I can click "deactivate: on this site".

I know something like this is possible by using ABE. But that's a little complicated, you first have to globally allow doubleclick.net and then create an ABE rule to globally disallow doubleclick.net and spefically allow for whatever site you want to. Also there's no way to temporarily allow doubleclick.net only for this site. So if I just want to visit a site once or twice I have to grant all sites temporal access to doubleclick.net (or any other site that's needed).

It'd be easier (and feel smoother) if ABE would have precedence over basic NS rules. That way creating an ABE rule to allow dblck.net for that specific site would be enough thus making the process much shorter. That wouldn't solve the "temporal" issue though.

So it'd be even nicer if I could just choose from the NS menu and select "(temporarily) allow doubleclick.net for this 2nd level domain". That'd be a very handy feature that'd help with lots of sites.


From reading this thread I gather that users are advised to use ABE to accomplish this. But I think it's not a real solution as it won't allow temporary unblocking for a specific site. And also it's nothing a normal user will be able to do. Also it's not very straightforward with allowing/disallowing/site-specific allowing using both standard NS and ABE.

The easiest way would be if the whitelist could be set globally and also for specific sites.

[Tom T.]

There are some sites that won't work without allowing scripts from ad services like doubleclick.net.

I've never seen one. Can you point to a few? I have doubleclick -- which is a subsidiary of Google -- blocked at the HOSTS file level, as well as Untrusted in NoScript. Not everyone likes using HOSTS this way, but it proves that the browser can't reach DC. I can type the address in the bar, and get a "can't connect" message.

From reading this thread I gather that users are advised to use ABE to accomplish this. But I think it's not a real solution as it won't allow temporary unblocking for a specific site.

It would accomplish it for your frequently-visited sites that "seem" to require doubleclick. But I'll ask Giorigo to create a Surrogate Script for DC, if he feels it necessary.
Pointing to some sites that break without DC would help to support that request. Please do so, thanks.

And also it's nothing a normal user will be able to do. Also it's not very straightforward with allowing/disallowing/site-specific allowing using both standard NS and ABE.

You'll get all your wishes very soon, when NoScript 3.x for the desktop is ready!

[rschnauzer]

I hope the next release will help to use facebook by allowing facebook.com only on its own site and to prevent it from collecting informations on all other visited sites with the like buttons.

[GµårÐïåñ]

I hope the next release will help to use facebook by allowing facebook.com only on its own site and to prevent it from collecting informations on all other visited sites with the like buttons.

There is a rule for that

[tlu]

I hope the next release will help to use facebook by allowing facebook.com only on its own site and to prevent it from collecting informations on all other visited sites with the like buttons.

Already available.

[GµårÐïåñ]

Already available.

"Short answer" that was the meaning of "rule" "Long answer" the FAQ are there for a reason and why there are tons of links to them all over the forum. People should make a habit of reading F)requenty A)sked Q)uestions

[noscriptfan1]

I hope you have a [Enable for this website only] soon option in the menu, as my ABE just keeps on getting bigger and bigger

I just enable googleapis temporarily because I want it disabled as soon as possible for even the sites I use it on, I don't want it used for long,and I definitely don't want it enabled on my other tabs. I also have wolframalpha.com twice because you have to scroll the list and I thought I didn't have it added. I started using A.B.E. as per a recommendation of a senior board member a year and a half ago.
The keeps on getting bigger and bigger this is just a small snippet of it.

# User-defined rules. Feel free to experiment here.
Site googleapis.com *.googleapis.com
Accept from *.virustotal.com *.slickdeals.net *.slickdealz.net *.bexar.org *.orcacle.com *.wolframalpha.com
Accept from*.qj.net *.rankupxp.com *.sparkfun.com *.instructables.com *.mediafire.com *.custhelp.com *.kraftfoods.com
Accept from *.wolframalpha.com elderscrolls.wikia.com survey.edc.epsiloninteractive.com
Deny


I appreciate all you do and I know your doing this for free/coffee money but as the length of this thread indicates, it would get rid of a lot of problems people have, and not everybody posts or even posts here about it, about 25,000 views so far.

[GµårÐïåñ]

I can't promise when or how it will look but it has been discussed for a LONG while that a form of visual rule builder or menu driven system would be added at some point, think of it as a cross between NS now, RP, and ABP blockable elements all rolled into an elegant interface. Security and bug fixes have been the priority as well as infrastructure for the next big version. So it will be considered, just be patient please. Great products take time to make, this little beauty has been evolving like a good wine, it will be worth the wait.

[Giorgio Maone]

Fine grained permissions will eventually come, but unfortunately they needed to get postponed so far for various reasons: for instance, the NSA codebase (where they were being experimented) needs a big overhaul because of big changes in the Firefox's mobile development directions, and some experimental work is about to start on a Chrome porting, finally, while I keep fighting back new kinds of web attacks (e.g. CursorJacking, or SVN-based keylogging and so on).

Furthermore, the most popular use cases I've seen so far are a bit overestimated IMHO, because you shouldn't forget that 3rd party scripts get to run if and only if the parent page is allowed, therefore if you're going to allow googleapis.com on all or almost all the sites you've got in your whitelist which need it, you already have the same behavior by default (googleapis.com, if allowed, runs only when embedded by other whitelisted sites).

[lewisje]

I <3 the Chrome-port idea; I'm guessing that you're starting now rather than before because WebRequest finally went stable.

As soon as the alpha becomes available I'll ditch ScriptNo in favor of your solution~

[GµårÐïåñ]

Yes the ContentSettings and WebRequest API released late in 16.x branch and not really perfected until the 18.x branch (IIRC it still hasn't become 100% stable yet and is a work in progress) have provided an opportunity to try and see if it can be done without compromise.