Per-Domain Whitelists
Posted: Tue Jun 05, 2012 5:41 am
Thank you for NoScript, I've been using it for many years now and love it.
I'd like to suggest a feature I thought up during my time using NoScript: basically, as the subject says, per-domain whitelists. If I browse to facebook.com on one tab, for example, I want my 'facebook.com' whitelist to allow facebook.com and fbcdn.net ...... but I do not want to allow other domains/tabs(unless they are also facebook.com) to load javascript from either of those domains.
Another Example:
There are a lot of cases where I have to grant google.com javascript access in order to make captchas work (there is javascript-less mode, but that's besides the point), but that doesn't mean I want to let every domain 'report in' to google, ya know? Even temporarily allowing access to google reloads every tab/domain with a reference to google.com.
Same with google-analytics... which I really only ever enable when viewing AdSense Administration (i think they fixed that dependency though. It was certainly there in the past).
Does this make sense? Has such a feature ever been requested before? Are there drawbacks that I'm not seeing?
I wonder if frames complicate things at all.... but I'd say just deny access for frames (or, I mean, use the global whitelist as usual)... and only allow 'per-domain whitelists' for the domain specifically in the URL bar.
It definitely adds more clutter to the already pretty full NoScript context menu, but eh nothing that can't be fixed by putting new/existing menu items in sub-menus etc.
Thanks for reading this and keep up the excellent work on NoScript,
d3fault
I'd like to suggest a feature I thought up during my time using NoScript: basically, as the subject says, per-domain whitelists. If I browse to facebook.com on one tab, for example, I want my 'facebook.com' whitelist to allow facebook.com and fbcdn.net ...... but I do not want to allow other domains/tabs(unless they are also facebook.com) to load javascript from either of those domains.
Another Example:
There are a lot of cases where I have to grant google.com javascript access in order to make captchas work (there is javascript-less mode, but that's besides the point), but that doesn't mean I want to let every domain 'report in' to google, ya know? Even temporarily allowing access to google reloads every tab/domain with a reference to google.com.
Same with google-analytics... which I really only ever enable when viewing AdSense Administration (i think they fixed that dependency though. It was certainly there in the past).
Does this make sense? Has such a feature ever been requested before? Are there drawbacks that I'm not seeing?
I wonder if frames complicate things at all.... but I'd say just deny access for frames (or, I mean, use the global whitelist as usual)... and only allow 'per-domain whitelists' for the domain specifically in the URL bar.
It definitely adds more clutter to the already pretty full NoScript context menu, but eh nothing that can't be fixed by putting new/existing menu items in sub-menus etc.
Thanks for reading this and keep up the excellent work on NoScript,
d3fault