tlu wrote:...The ability to remember plugin-activation settings on a per-site basis is planned by Mozilla, possibly even plugins control on a per-plugin basis for a given site. Once this comes true, a combination of this solution with toggling "NoScript Options/Embeddings/Apply these restrictions to whitelisted sites too" would reduce the attack surface considerably as plugins are no longer allowed for each and every whitelisted site while it would be easy to define permanent exceptions for specific trusted sites.
Now, I understand your point better, and I agree. I have several places where I run a Flash object at whitelisted sites -- my ISP's bandwidth speed test, e. g., -- but prefer to keep everything checked on Embeddings, including Apply > Whitelisted.
As Giorgio told me in regard to that issue, ABE can only tighten NS settings; it can't loosen them. So I need NSA to get rid of the click-to-play-that every time.
If it could be done on NS 2.x without the major rewrite, definitely, but I kind of got from Giorgio's reply that it would be a major change, needing much testing, which would merely delay NSA even more.
Note that Giorgio was replying to "at least in its initial iterations as they're planned." Your later link of "plugins control on a per-plugin basis for a given site" is a horse of a different color.
If MZ could *reliably* give control to enable default-allow Flash (or whatever) *only* at sites I designate, then I could remove the NS restriction.
But MZ's product seems to be a ways off, and untested, vs. the years of testing NS's protections.
With any luck, we'll have NS 3.x by the time MZ releases that, anyway.