Discussion: Site Specific Permissions Policy
Discussion: Site Specific Permissions Policy
Is there a possibility to allow scripts from a certain domain but only on some web-site? For example, I would like allow scripts from xyz.com on sites in that domain, but to block them by default on sites from other domains.
If there's no such feature yet, is it possible that it'll be implemented?
If there's no such feature yet, is it possible that it'll be implemented?
Mozilla/5.0 (X11; U; Linux x86_64; pl-PL; rv:1.9.0.6) Gecko/2009020407 Firefox/3.0.7 (Debian-3.0.7-1)
Re: blocking scripts from a domain on per web-site basis
This has been on Giorgio's to-do list for a long time, per many discussions at the old thread. Please be patient!
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.20) Gecko/20081217 Firefox/2.0.0.20
Re: blocking scripts from a domain on per web-site basis
Thank you for sharing a very useful product with us. You are awesome! =]
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.7) Gecko/2009021910 Firefox/3.0.7 (.NET CLR 2.0.50727)
- Giorgio Maone
- Site Admin
- Posts: 9454
- Joined: Wed Mar 18, 2009 11:22 pm
- Location: Palermo - Italy
- Contact:
Re: blocking scripts from a domain on per web-site basis
Notice also that if the top-level domain (the one displayed in your location bar) is untrusted, none of the 3rd party scripts included by it gets executed anyway.
Also, you may want to add AdBlock Plus to the mix in order to selectively block some 3rd party scripts depending on the top-level one.
Also, you may want to add AdBlock Plus to the mix in order to selectively block some 3rd party scripts depending on the top-level one.
Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.9.0.7) Gecko/2009021910 Firefox/3.0.7 (.NET CLR 3.5.30729)
Feature Request: Aggressive Domain Boundary Enforcement
When visiting a domain I would expect to interact with only that destination unless there is a compelling reason to interact with another domain via the same destination. Noscript's frame and script controls go a long way toward mitigating the risks. But even seemingly harmless things like style sheets, images, and links (anchor tags) cross the domain boundaries with little or no indication who the client is --or will be-- communicating with. Combined with the years of cross-domain slop that passes for 'dynamic' websites and the situation is that users expect everything to work and site developers treat domain boundaries like a legacy limitation that must be worked around or bridged without regard to security, privacy, or user experience.
It seems to me that domains (in combination with cryptographic certificates) are the last, best hope for ensuring healthy boundaries between Internet destinations. And the more sites carelessly knit domains together the more users will become accustomed to it. A tool which highlights *every* domain boundary very clearly would really help. For example, why does one have to look to the status bar to see where a link truly leads? I'd prefer an unobtrusive tool-tip-style pop-up appearing only when hovering over the link. Perhaps there could even be a tool-bar or more status icons for the various boundary cross resources. It could indicate what has been blocked or allowed. It could also be grouped by resource type (style, image, script, object, etc.) or domain of origin. Another visual indicator could be to outline or overlay/shade objects from, or referring to, external domains.
Perhaps this falls outside the scope of Noscript, but Ns and Request Policy are certainly the closest to it.
It seems to me that domains (in combination with cryptographic certificates) are the last, best hope for ensuring healthy boundaries between Internet destinations. And the more sites carelessly knit domains together the more users will become accustomed to it. A tool which highlights *every* domain boundary very clearly would really help. For example, why does one have to look to the status bar to see where a link truly leads? I'd prefer an unobtrusive tool-tip-style pop-up appearing only when hovering over the link. Perhaps there could even be a tool-bar or more status icons for the various boundary cross resources. It could indicate what has been blocked or allowed. It could also be grouped by resource type (style, image, script, object, etc.) or domain of origin. Another visual indicator could be to outline or overlay/shade objects from, or referring to, external domains.
Perhaps this falls outside the scope of Noscript, but Ns and Request Policy are certainly the closest to it.
Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.7) Gecko/2009030422 Ubuntu/8.10 (intrepid) Firefox/3.0.7
- GµårÐïåñ
- Lieutenant Colonel
- Posts: 3365
- Joined: Fri Mar 20, 2009 5:19 am
- Location: PST - USA
- Contact:
Re: Feature Request: Aggressive Domain Boundary Enforcement
I think that would be a bit outside of the current scope of NS which actually handles this issue very effectively by eliminating harmful XSS. If you want further protection, as you stated yourself RequestPolicy is a good place to start as an amendment to NS, I use them both along with strict blocking in exceptions (which admittedly is slow) and Adblock for whatever else is left and I run a very tight ship. But who knows, Giorgio being the man, he might take this on and that would be awesome if he feels its worthwhile
~.:[ Lï£ê ï§ å Lêmðñ åñÐ Ì Wåñ† M¥ Mðñê¥ ßå¢k ]:.~
________________ .: [ Major Mike's ] :. ________________
________________ .: [ Major Mike's ] :. ________________
Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.0.7) Gecko/2009021910 Firefox/3.0.7
Re: Feature Request: Aggressive Domain Boundary Enforcement
Umm, it's a little over my head, but is *this* what you're talking about?
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.20) Gecko/20081217 Firefox/2.0.0.20
- GµårÐïåñ
- Lieutenant Colonel
- Posts: 3365
- Joined: Fri Mar 20, 2009 5:19 am
- Location: PST - USA
- Contact:
Re: Feature Request: Aggressive Domain Boundary Enforcement
That for the most part would address this further, yes. My understanding can be narrowed to simply - It provides more customization and configuration to be performed to more extensively fine tune or play with what happens, not just client side - I know that Giorgio has been very hard at work on that and its taking up alot of his time right now.Tom T. wrote:Umm, it's a little over my head, but is *this* what you're talking about?
~.:[ Lï£ê ï§ å Lêmðñ åñÐ Ì Wåñ† M¥ Mðñê¥ ßå¢k ]:.~
________________ .: [ Major Mike's ] :. ________________
________________ .: [ Major Mike's ] :. ________________
Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.0.7) Gecko/2009021910 Firefox/3.0.7
Allow Domain For This Domain / Allow All For This Domain
Hi, thank you for NoScript. The most excellent tool in this day and age.
I have a feature suggestion.
When you are browsing xyz.com, sometimes you might like to enable a domain, like googleanalytics.com, but you only want that domain enabled when xyz.com, but not on any other site. This might occur, for example, when you are developing xyz.com and want to use an outside domain tool. Then you need googleanalytics.com to work for xyz.com but you might not need it for any other site.
So my suggestion is to extend the database so that you can enable those domains not just globally, but per domain...
In the same vein, you'd be able to say "Allow All for this Domain" when there are five or more domains on a site you are visiting, yet you dont want to keep those domains allowed later on, just for this visit to the page. And, finally, it could combine to have more options with "Temporarily". That is alot but, I've secretly wanted this feature for over a year now.
Hope that makes sense and sounds useful!
thanks for noscript
cheers
dave
I have a feature suggestion.
When you are browsing xyz.com, sometimes you might like to enable a domain, like googleanalytics.com, but you only want that domain enabled when xyz.com, but not on any other site. This might occur, for example, when you are developing xyz.com and want to use an outside domain tool. Then you need googleanalytics.com to work for xyz.com but you might not need it for any other site.
So my suggestion is to extend the database so that you can enable those domains not just globally, but per domain...
In the same vein, you'd be able to say "Allow All for this Domain" when there are five or more domains on a site you are visiting, yet you dont want to keep those domains allowed later on, just for this visit to the page. And, finally, it could combine to have more options with "Temporarily". That is alot but, I've secretly wanted this feature for over a year now.
Hope that makes sense and sounds useful!
thanks for noscript
cheers
dave
Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.0.7) Gecko/2009030516 Ubuntu/9.04 (jaunty) Firefox/3.0.7
Re: Allow Domain For This Domain / Allow All For This Domain
Hi aidave, and welcome!
Very good idea, which has been suggested many times here and at the old Mozillazine NoScript thread. Giorgio has intended for a long time to add this type of fine-grained control, but the Web keeps lighting fires that he has to put out, plus he has a couple of other major projects underway. We all look forward to the day when this type of individual control will be enabled. Cheers!
Very good idea, which has been suggested many times here and at the old Mozillazine NoScript thread. Giorgio has intended for a long time to add this type of fine-grained control, but the Web keeps lighting fires that he has to put out, plus he has a couple of other major projects underway. We all look forward to the day when this type of individual control will be enabled. Cheers!
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.20) Gecko/20081217 Firefox/2.0.0.20
-
- Posts: 3
- Joined: Mon Mar 30, 2009 6:21 pm
How to choose what to block?
I'm new to NoScript, and was wondering how to select which scripts to block.
Mainly, this is for Facebook, which is deathly slow.
It seems that I can block by web address (eg. Facebook.com), and this will block ALL SCRIPTS from this address.
I can also block TYPES of scripts (EG Java).
But - how do you selectively block some scripts from a site and not others (So that the stuff you don't care about anyway is blocked, but, the rest of the page still works).
If, for example, there are 8 scripts running, I may want to block 5 and allow 3...
Mainly, this is for Facebook, which is deathly slow.
It seems that I can block by web address (eg. Facebook.com), and this will block ALL SCRIPTS from this address.
I can also block TYPES of scripts (EG Java).
But - how do you selectively block some scripts from a site and not others (So that the stuff you don't care about anyway is blocked, but, the rest of the page still works).
If, for example, there are 8 scripts running, I may want to block 5 and allow 3...
Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.8.1.20) Gecko/20081217 Firefox/2.0.0.20
Re: How to choose what to block?
Look at it from the opposite direction.
By default, all are blocked.
So now you only need to decide which to Allow.
If facebook.com needs to be allowed for at least minimal functionality (& I have no clue?) then I guess you're relegated to do so.
After that, if you're still restricted in some manner, look to see what may be the next domain to Allow to get to where you're functional.
(Again, no knowledge of facebook here.)
By default, all are blocked.
So now you only need to decide which to Allow.
If facebook.com needs to be allowed for at least minimal functionality (& I have no clue?) then I guess you're relegated to do so.
After that, if you're still restricted in some manner, look to see what may be the next domain to Allow to get to where you're functional.
(Again, no knowledge of facebook here.)
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball NoScript FlashGot AdblockPlus
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.22pre) Gecko/20090327 SeaMonkey/1.1.16pre
-
- Posts: 3
- Joined: Mon Mar 30, 2009 6:21 pm
Re: How to choose what to block?
Yeah...I can allow Facebook.com and make the site functional.
But, is there a way to allow some of the scripts under Facebook.com to run, and block others - on a script by script basis, rather than an url or domain name basis?
That's what I was trying to get at.
Facebook runs god knows how many scripts all from the same address.
I want to keep some of them blocked, yet, enable others, but, they're all from the same domain (facebook.com).
Is there a way of getting a list of the individual scripts up and choosing which to allow and which not?
But, is there a way to allow some of the scripts under Facebook.com to run, and block others - on a script by script basis, rather than an url or domain name basis?
That's what I was trying to get at.
Facebook runs god knows how many scripts all from the same address.
I want to keep some of them blocked, yet, enable others, but, they're all from the same domain (facebook.com).
Is there a way of getting a list of the individual scripts up and choosing which to allow and which not?
Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.8.1.20) Gecko/20081217 Firefox/2.0.0.20
- GµårÐïåñ
- Lieutenant Colonel
- Posts: 3365
- Joined: Fri Mar 20, 2009 5:19 am
- Location: PST - USA
- Contact:
Re: How to choose what to block?
I think I know what you are trying to achieve and you can try to pull a trick by using Adblock Plus to block specific scripts that you don't want allowed by virtue of allowing the main site. Now since I don't use Facebook, I can give you theory only not specifics but if you get Adblock Plus, there is a filter subscription designed to block crap from MySpace, Facebook and so on where someone sat down and did the hard work of isolating them for you and you can further tweak their stuff if you wanted even. Hope that helps.
~.:[ Lï£ê ï§ å Lêmðñ åñÐ Ì Wåñ† M¥ Mðñê¥ ßå¢k ]:.~
________________ .: [ Major Mike's ] :. ________________
________________ .: [ Major Mike's ] :. ________________
Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.0.8) Gecko/2009032609 Firefox/3.0.8
Re: blocking scripts from a domain on per web-site basis
Hello-
I'd also like to see this feature (and real quick!)
I'm on a site (let's call it.... GAMEKNOT.... and let's say that, for example, it's an online chess playing website.)
So I get an email from them saying that they can tell I'm blocking ads because the server never receives a request to load the ad. And it's a free site, they rely on ad revenue to keep it free, unless I join a premium, etc. etc.
Long story short- they're going to suspend my account unless I allow ads.
I have allowed gameknot.com
doubleclick.net is blocked (I assume that's where the ads are coming from)
So how can I allow doubleclick on gameknot ONLY, without allowing ads from doubleclick everywhere???
HELP!
Thanks
RacerX
I'd also like to see this feature (and real quick!)
I'm on a site (let's call it.... GAMEKNOT.... and let's say that, for example, it's an online chess playing website.)
So I get an email from them saying that they can tell I'm blocking ads because the server never receives a request to load the ad. And it's a free site, they rely on ad revenue to keep it free, unless I join a premium, etc. etc.
Long story short- they're going to suspend my account unless I allow ads.
I have allowed gameknot.com
doubleclick.net is blocked (I assume that's where the ads are coming from)
So how can I allow doubleclick on gameknot ONLY, without allowing ads from doubleclick everywhere???
HELP!
Thanks
RacerX
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.8) Gecko/2009032609 Firefox/3.0.8