Discussion: Site Specific Permissions Policy

[Tom T.]

hello, I would like to ask you to consider extending the whitelisting option to allow running scripts based not on the domain they're hosted but from where they're being used; the reason for this is that I want to allow scripts on some sites to support them with advertising but not all host their own ads so I'm forced to allow those domains globally and I don't want them running on sites I didn't intended to, just the ones I pick....

"Temporarily Allow" will accomplish this easily until the site-specific permissions policy comes out of development and into NS. It's just an extra click or two.

btw I also had a bit of trouble with AdBlock some may be interested on this topic: http://adblockplus.org/forum/viewtopic.php?t=4066

I find Adblock Original to be less trouble-prone (completely trouble-free, actually, as it's much less complex), but I freely admit that that's definitely a minority opinion here.

[Samus_]

hello, I would like to ask you to consider extending the whitelisting option to allow running scripts based not on the domain they're hosted but from where they're being used; the reason for this is that I want to allow scripts on some sites to support them with advertising but not all host their own ads so I'm forced to allow those domains globally and I don't want them running on sites I didn't intended to, just the ones I pick....

"Temporarily Allow" will accomplish this easily until the site-specific permissions policy comes out of development and into NS. It's just an extra click or two.

hmm I'm not sure about this, even if I temporarily allow the advertisement network it will be shown on the framed pages the same as on reddit and that's the problem, sites like reddit have no other purpouse than browsing the web, it's not like you can whitelist those ad networks while you're there and isolate yourself from the web, you wouldn't be at reddit in the first place if that were the case.

[Tom T.]

That is a *weird* site. The Page Source was *entirely on one line*, scrolling for miles across the page. I have no idea why they wrote it that way.

I tried allowing *everything", all scripting, plugins, disabled Adblock, etc. Still no ads. It seems that their only ad server listed is Doubleclick. They are listed in my Hosts file dozens of times under various names, for the reason of dropping tracking cookies, spyware, etc. I tried deleting the main entry, doubleclick.net, but it still won't get through. That *might* tell you something, that the monitoring service from http://www.mvps.org/winhelp2002/hosts.htm considers them so untrustworthy. I don't think I care to research further how enable a company so widely regarded as unscrupulous (and the subject of numerous lawsuits over the years), so I can't help you on this issue. Perhaps someone else can and will. GL.

[GµårÐïåñ]

Sometimes source of a page is written in Linux and when opened it won't honor the breaks. Simply put, its a CrLf, Cr, Lf issue; I am sure you have opened text files in Notepad that are jumbled up but when you open the file in Wordpad it looks fine, same issue. Additionally, sometimes developers will condense the code to remove unnecessary space to reduce the size of the page and facilitate faster loads.

[Tom T.]

Sometimes source of a page is written in Linux and when opened it won't honor the breaks. Simply put, its a CrLf, Cr, Lf issue; I am sure you have opened text files in Notepad that are jumbled up but when you open the file in Wordpad it looks fine, same issue. Additionally, sometimes developers will condense the code to remove unnecessary space to reduce the size of the page and facilitate faster loads.

Thanks for explaining that, Bro, and the analogy to Notepad/Wordpad line breaks was perfect. But it surely is dizzying, scrolling across to try to read the code!

Idea! Copy page source to text doc like Wordpad and insert my own line breaks for easy reading!

[Samus_]

i think this is a bit offtopic but there's no linebreaks nor whitespace on reddit's pages, I guess it's for efficiency as guardian said.

if you want a readable output use tidy or xmllint both have pretty-printers.

now going back to the topic, globally allowing ad.doubleclick.net and m1.2mdn.net works, of course you need to "really" allow them, if you block those at your /etc/hosts it won't work.

I've installed the development version as therube suggested and it works fine, these are the rules:

Code: Select all

Site ad.doubleclick.net
Accept from *.reddit.com
Deny

Site m1.2mdn.net
Accept from *.reddit.com
Deny

it's worth mentioning that the ad-sites must be whitelisted for the abe to work.

[GµårÐïåñ]

Thanks for sharing that and yes it is a slightly uncomfortable necessity at the moment to allow the offender in NS to get it to be trapped in ABE. I would have preferred a more granular system that checks NS preferences and reconciles them with ABE before enforcing one way or another but I am sure Giorgio has his reasons for doing it as it is now.

Say: If untrusted in NS but allowed in ABE for specific site, then allow it for those sites while keeping it untrusted in NS for everyone.
Or: If trusted in NS but disallowed in ABE for specific or range of sites, then allow for all but block the rest based on ABE.

I suppose the current implementation might require way too much for Giorgio to do this kind of validation but in time if they become separate extensions it will be moot but if ABE remains part of NS, we need to find a better way I think.

[Steve]

Hello,

I have a suggestion for a new feature:
To choose websites that will be forbidden by default, but when you enter them, they automatically become "allowed" and when you leave them, they automatically become forbidden again.

What's the use in it, you ask?
I will give you an example and I believe it will reason it perfectly.
Suppose I have a GMail account, so if I want my GMail account page to be fully functional, I need to allow scripts from google.com. But if I allow google.com, I'll get all those Google Sponsored Links while visiting other sites, which I don't want. So a solution might be to allow google temporarily every time, but it is annoying, so this is the reason for what I proposed.

[Alan Baxter]

Interesting request. I don't think I'd have any for use that feature. I can't think of a single site I'd give that attribute, although I admit you seem to be thinking of some.

Regarding "Google Sponsored Links while visiting other sites", removing googlesyndication.com from your whitelist should do the trick. If I recall correctly, it's what Giorgio recommends. It works for me.

[Tom T.]

Discussion: Site Specific Permissions Policy

[akwala]

Can a domain/subdomain/URL be whitelisted on a site specific basis? E.g., can I allow scripts from buysellads.com to run on the noscript.net site (and on a few other sites that I specify) but not on any other site? Google-analytics is another example of scripts that I might want to run selectively on sites of my choosing.

Same question for site specific blacklisting -- in some cases I may want to allow a script domain on all sites except a few that I select.

[therube]

http://forums.informaction.com/viewtopi ... 5907#p5907

http://forums.informaction.com/viewtopi ... 5925#p5925

[Samus_]

Hello,

I have a suggestion for a new feature:
To choose websites that will be forbidden by default, but when you enter them, they automatically become "allowed" and when you leave them, they automatically become forbidden again.

What's the use in it, you ask?
I will give you an example and I believe it will reason it perfectly.
Suppose I have a GMail account, so if I want my GMail account page to be fully functional, I need to allow scripts from google.com. But if I allow google.com, I'll get all those Google Sponsored Links while visiting other sites, which I don't want. So a solution might be to allow google temporarily every time, but it is annoying, so this is the reason for what I proposed.

not sure if this would work but give it a try:

Code: Select all

Site *
Accept from *.google.com
Deny

you have to allow google.com globally, if my reasoning is correct it should run any script from any domain only when those are requested by a google site (you might want to narrow this and use mail.google.com or so).

what I'm not sure is if this would catch SELF into the Deny rule (and if you can use globs on the Site directive).

[kyla]

I had tried NoScript before and couldn't get used to it easily. But after several tries with long time gaps, I installed it again today and have finally fallen in love with it. Now that I know more about computers and web sites, I know what a valuable extension this is.

I just registered to suggest this same feature: "Site Specific Permissions". Fortunately, it has already been suggested, stickied and put on the to-do list.

I'll be waiting for this feature eagerly.

Thank you very very much.

[GµårÐïåñ]

I had tried NoScript before and couldn't get used to it easily. But after several tries with long time gaps, I installed it again today and have finally fallen in love with it. Now that I know more about computers and web sites, I know what a valuable extension this is.

I just registered to suggest this same feature: "Site Specific Permissions". Fortunately, it has already been suggested, stickied and put on the to-do list.

I'll be waiting for this feature eagerly.

Thank you very very much.

We are glad to have you back and thank you for sharing with us. As for the this feature, it is being beta tested in the dev build and if you feel brave enough, go and get it and try the new ABE feature. Although fair warning, it might be slightly difficult to work with in its current state if you are not more familiar with the technology. However, the best way to become familiar is to work with it and learn it,take a look at ABE here. Good luck.