Code: Select all
site ^https?://.*
Accept GET from ^chrome://brief/.*
Deny from ^chrome://brief/.*
Site ^chrome://brief/.*
Deny from ^https?://.*
This shouldn't be an issue. Unless I'm very wrong, the browser won't allow external sites to make requests to chrome. chrome:// is an internal protocol used by the core browser and its addons, very much off-limits to external websites.poutnikl wrote: 1 - Preventing access of external sites through chrome:// to local resources
Again, I'm almost certain that sites can't send any kind of request to chrome://, so I can't visualise a scenario where ABE would be needed.2 - Preventing attacks from of external sites related to RSS via trusted chrome://
That's an excellent descriptionpoutnikl wrote:it looks to me rather like more user friendly interactive way to provide subset of ABE functionality.
. Guardian and I have a side project to combine the two, using an RP-style interface to write ABE rules, but haven't had time to work on it lately.You're close: cross-site requests for active content (eg JavaScript, Java, Flash) must now pass both extensions.If I understand well, cross site requests must pass now approvals of both extensions.
I haven't tried the two extensions together; if you want to do so and report the results to the RequestPolicy author, then please do.But interesting thing is, that RP is reporting in context menu1 conflicting extension - Brief.
On other context menu line it say that requests from chrome:// cannot be blocked. Is it an issue ?
Yes. ABE is similar to RequestPolicy.poutnikl wrote:Unless ABE restrictions are strong, if I understand it correctly......Thrawn wrote:NoScript doesn't care about static requests like images and stylesheets. But most cross-site requests these days do include scripts, so usually every site will appear in both lists.
