Discussion: Site Specific Permissions Policy

Bug reports and enhancement requests
Post Reply
User avatar
jm34harvey
Posts: 4
Joined: Tue Apr 07, 2009 1:30 pm

Re: Super Trusted Websites

Post by jm34harvey » Sat Apr 18, 2009 10:26 am

GµårÐïåñ,

OK. That works for me. Faith based, anxious, expectant waiting it is!

Thanks,

John
Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.0.8) Gecko/2009032609 Firefox/3.0.8 FirePHP/0.2.4

User avatar
GµårÐïåñ
Lieutenant Colonel
Posts: 3339
Joined: Fri Mar 20, 2009 5:19 am
Location: PST - USA
Contact:

Re: Super Trusted Websites

Post by GµårÐïåñ » Sun Apr 19, 2009 4:24 am

It seems the best we can do :)
~.:[ Lï£ê ï§ å Lêmðñ åñÐ Ì Wåñ† M¥ Mðñê¥ ßå¢k ]:.~
________________ .: [ Major Mike's ] :. ________________
Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.0.8) Gecko/2009032609 Firefox/3.0.8 AdblockPlus/1.0.1 NoScript/1.9.1.91 RequestPolicy/0.5.4 FirePHP/0.2.4

pineman

[RESOLVED] Disable javascript for one site only

Post by pineman » Tue Apr 28, 2009 9:16 am

Rather than disable javascript on every site and the allow the ones I want is it possible to just disable javascript on the one site that is causing me a problem?
Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)

User avatar
GµårÐïåñ
Lieutenant Colonel
Posts: 3339
Joined: Fri Mar 20, 2009 5:19 am
Location: PST - USA
Contact:

Re: Disable javascript for one site only

Post by GµårÐïåñ » Tue Apr 28, 2009 9:28 am

You can either just whitelist the sites you want to function or if you want them allowed by default until you mark them as untrusted, you can go into options and set it to allow all sites by default. You can also try YesScript if you want the blacklist mode rather than whitelist mode but it does NOT protect you against any exploits.
~.:[ Lï£ê ï§ å Lêmðñ åñÐ Ì Wåñ† M¥ Mðñê¥ ßå¢k ]:.~
________________ .: [ Major Mike's ] :. ________________
Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.0.9) Gecko/2009040821 Firefox/3.0.9 AdblockPlus/1.0.2 RequestPolicy/0.5.5 NoScript/1.9.2.2

pineman
Posts: 2
Joined: Tue Apr 28, 2009 9:19 am

Re: Disable javascript for one site only

Post by pineman » Tue Apr 28, 2009 9:30 am

Thanks I'll give yescript a try.
Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)

pineman
Posts: 2
Joined: Tue Apr 28, 2009 9:19 am

Re: Disable javascript for one site only

Post by pineman » Tue Apr 28, 2009 9:43 am

YesScript worked a treat - many thanks!
Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)

User avatar
GµårÐïåñ
Lieutenant Colonel
Posts: 3339
Joined: Fri Mar 20, 2009 5:19 am
Location: PST - USA
Contact:

Re: Disable javascript for one site only

Post by GµårÐïåñ » Tue Apr 28, 2009 10:09 am

You are welcome.
~.:[ Lï£ê ï§ å Lêmðñ åñÐ Ì Wåñ† M¥ Mðñê¥ ßå¢k ]:.~
________________ .: [ Major Mike's ] :. ________________
Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.0.9) Gecko/2009040821 Firefox/3.0.9 AdblockPlus/1.0.2 RequestPolicy/0.5.5 NoScript/1.9.2.2

Blather

Disable allowed scripts on a site-by-site basis

Post by Blather » Tue Apr 28, 2009 9:26 pm

Is it possible to allow scripts from a certain domain to run only on certain other domains?

For example, I use Facebook and Vimeo. I want to allow Facebook's scripts to run on Facebook.com, but block them from running on Vimeo.com. Is this possible?
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.9.0.9) Gecko/2009040821 Firefox/3.0.9

User avatar
GµårÐïåñ
Lieutenant Colonel
Posts: 3339
Joined: Fri Mar 20, 2009 5:19 am
Location: PST - USA
Contact:

Re: Discussion: Site Specific Permissions Policy

Post by GµårÐïåñ » Wed Apr 29, 2009 2:17 am

Dear users of NoScript, due to the large number of inquiries and requests for a site-specific, per-domain, per-website allowing, blocking, policy or permissions rule, we are combining all issues pertaining to this discussion into one topic.

It is our hope that by keeping all related discussions, suggestions, inputs and feedback in one place, we can better serve you with updates and keep all issues in one place for Giorgio to consider.

If your issue has not been placed here, please notify me via PM and I will merge the topic but if any issue is proposed on this matter, please keep it in this thread and review already posted comments to avoid duplicates and in the hopes that it will already provide the answer. Thank you for your understanding and cooperation.
~.:[ Lï£ê ï§ å Lêmðñ åñÐ Ì Wåñ† M¥ Mðñê¥ ßå¢k ]:.~
________________ .: [ Major Mike's ] :. ________________
Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.0.9) Gecko/2009040821 Firefox/3.0.9 AdblockPlus/1.0.2 RequestPolicy/0.5.5 NoScript/1.9.2.2

CC

Akamai and whitelisting

Post by CC » Fri May 01, 2009 12:24 am

Are there any plans to extend NoScript to allow users to whitelist only part of a site? I'm specifically thinking of Akamai. The NoScript FAQ states:

Akamai assigns to each customer an unique subdomain, e.g. a248.e.akamai.net. Therefore, you just need to allow the specific subdomain owned by the site you trust rather than the generic 2nd level akamai.net. Hint: checking NoScript Options|Appearance|Full Domains may help you in performing finer-grained whitelistings like this.


Unfortunately, that is incorrect. It may have been that way at one time, but it's not that way now. Now, many different sites share the same Akamai subdomain (such as a248.e.akamai.net), and the sites are differentiated by the path portion of the URL. This is clearly evident if you do a Google search for "site:a248.e.akamai.net". Here are some examples of sites using the a248.e.akamai.net subdomain:

  • www2.ati.com
  • secure.newegg.com (during checkout)
  • discussions.apple.com
  • www.dunkindonuts.com
  • www.austads.com
  • www.merck.com
  • www.athleticstuff.com
  • www.randmcnally.com

This is a concern for me because I want to whitelist only the URLs needed by New Egg (for example, those URLs beginning with "https://a248.e.akamai.net/f/248/9241/30d/images1.newegg.com/").

NoScript is a great product, and certainly does enhance the browser's security. Unfortunately, if users whitelist Akamai (even a single Akamai subdomain such as a248.e.akamai.net), they are whitelisting much more than they think, and are then reducing their level of security.
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10

User avatar
GµårÐïåñ
Lieutenant Colonel
Posts: 3339
Joined: Fri Mar 20, 2009 5:19 am
Location: PST - USA
Contact:

Re: Akamai and whitelisting

Post by GµårÐïåñ » Fri May 01, 2009 12:57 am

I am moving your topic to the related thread, please view it here: viewtopic.php?f=10&t=415

As you can see it has been discussed for a while now and many suggestions have been made. I currently achieve this by using RequestPolicy in conjunction. This way even if you have akamai whitelisted in NS, it will not be available to all sites unless they are using explicit site to akamai permissions in RequestPolicy, so you achieve what you need. Good luck.
~.:[ Lï£ê ï§ å Lêmðñ åñÐ Ì Wåñ† M¥ Mðñê¥ ßå¢k ]:.~
________________ .: [ Major Mike's ] :. ________________
Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10

User avatar
therube
Ambassador
Posts: 7421
Joined: Thu Mar 19, 2009 4:17 pm
Location: Maryland USA

Re: Discussion: Site Specific Permissions Policy

Post by therube » Fri May 01, 2009 4:34 pm

Thanks you two. Interesting. Now I have some inkling of what RequestPolicy can be used for :) .

For reference ...

Code: Select all

https://www.dunkindonuts.com/
https://a248.e.akamai.net/www.dunkindonuts.com/DunkinHomePage.swf
https://a248.e.akamai.net/www.dunkindonuts.com/images/icons/favicon.ico
https://a248.e.akamai.net/www.dunkindonuts.com/images/homepage/coffee_leadership.jpg
https://a248.e.akamai.net/www.dunkindonuts.com/images/global/spacer_clear.gif
https://a248.e.akamai.net/www.dunkindonuts.com/images/global/logo_main.gif
https://a248.e.akamai.net/www.dunkindonuts.com/images/global/icons_arod.gif
https://a248.e.akamai.net/www.dunkindonuts.com/images/nav/utility/home.gif
https://a248.e.akamai.net/www.dunkindonuts.com/images/global/spacer_cccccc.gif
https://a248.e.akamai.net/www.dunkindonuts.com/images/nav/utility/franchising.gif
https://a248.e.akamai.net/www.dunkindonuts.com/images/nav/utility/storefinder.gif
https://a248.e.akamai.net/www.dunkindonuts.com/images/nav/utility/help.gif
https://a248.e.akamai.net/www.dunkindonuts.com/images/nav/utility/youraccount_profile.gif
https://a248.e.akamai.net/www.dunkindonuts.com/images/nav/utility/checkout.gif
https://a248.e.akamai.net/www.dunkindonuts.com/images/nav/utility/signin.gif
https://a248.e.akamai.net/www.dunkindonuts.com/images/nav/utility/nutrition.gif
https://a248.e.akamai.net/www.dunkindonuts.com/images/header/left.gif
https://a248.e.akamai.net/www.dunkindonuts.com/images/header/shoponline_on.gif
https://a248.e.akamai.net/www.dunkindonuts.com/images/header/shoponline_off.gif
https://a248.e.akamai.net/www.dunkindonuts.com/images/header/coffeedel_on.gif
https://a248.e.akamai.net/www.dunkindonuts.com/images/header/coffeedel_off.gif
https://a248.e.akamai.net/www.dunkindonuts.com/images/header/ddcard_on.gif
https://a248.e.akamai.net/www.dunkindonuts.com/images/header/ddcard_off.gif
https://a248.e.akamai.net/www.dunkindonuts.com/images/header/forbiz_on.gif
https://a248.e.akamai.net/www.dunkindonuts.com/images/header/forbiz_off.gif
https://a248.e.akamai.net/www.dunkindonuts.com/images/header/conpromo_on.gif
https://a248.e.akamai.net/www.dunkindonuts.com/images/header/conpromo_off.gif
https://a248.e.akamai.net/www.dunkindonuts.com/images/header/aboutus_on.gif
https://a248.e.akamai.net/www.dunkindonuts.com/images/header/aboutus_off.gif
https://a248.e.akamai.net/www.dunkindonuts.com/images/header/right.gif
https://a248.e.akamai.net/www.dunkindonuts.com/images/global/franchisee_ops.gif
https://a248.e.akamai.net/www.dunkindonuts.com/images/global/spacer_ffffff.gif
https://a248.e.akamai.net/www.dunkindonuts.com/images/global/icons_arod.gif
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball NoScript FlashGot AdblockPlus
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.21) Gecko/20090403 SeaMonkey/1.1.16

User avatar
GµårÐïåñ
Lieutenant Colonel
Posts: 3339
Joined: Fri Mar 20, 2009 5:19 am
Location: PST - USA
Contact:

Re: Discussion: Site Specific Permissions Policy

Post by GµårÐïåñ » Fri May 01, 2009 9:14 pm

Glad we could be of some assistance my friend, it also prevent any domain to domain jumping as well until you allow it, so effectively blocks refreshes that are not whitelisted.
~.:[ Lï£ê ï§ å Lêmðñ åñÐ Ì Wåñ† M¥ Mðñê¥ ßå¢k ]:.~
________________ .: [ Major Mike's ] :. ________________
Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10

IHateLogins
Posts: 1
Joined: Wed May 06, 2009 1:26 am

Feature Request: enable 3rd party scripts per domain

Post by IHateLogins » Wed May 06, 2009 1:54 am

What are the chances that the functionality could be included whereby a user could selectively allow 3rd party scripts on a per domain basis. For example, I'd rather have google.com (or googleapi.com, etc.) scripts allowed for gmail.google.com and maps.google.com, but not allow google.com scripts for anything else that I don't deem necessary. I'd like to seamlessly switch between google maps and other sites, but would rather retain control rather than cede it to "do no evil".com

I realize this would potentially clutter the UI a bit, but perhaps that can be controlled with an advanced user setting of some sort.

Keep up the good work!!
Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.10) Gecko/2009042523 Ubuntu/9.04 (jaunty) Firefox/3.0.10

User avatar
therube
Ambassador
Posts: 7421
Joined: Thu Mar 19, 2009 4:17 pm
Location: Maryland USA

Re: Feature Request: enable 3rd party scripts per domain

Post by therube » Wed May 06, 2009 3:34 am

Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball NoScript FlashGot AdblockPlus
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1b5pre) Gecko/20090429 SeaMonkey/2.0b1pre

Post Reply