ABE selectively allow google.com?

[essex boy]

Will a person be able to allow google java scripts on particular google sites only?
For example, I want google to run on gmail, to help pay for the service, but not everywhere.

I found this rule in the development discussion

Code: Select all

Site *
    Accept from *.google.com
    Deny

But since I'm not geek, I can't work out how to apply it to my particular case. The discussion is way above my head.

I think I have to whitelist google.com for this kind of rule to work, but then it seems to me that it can't be that simple to exclude google from itsself except on gmail.

Hope someone's got the time to give me a start.

[Tom T.]

I'm sorry that Giorgio hasn't had time to get back to you on this yet, and even more so, that there's not yet an FAQ for ABE -- which I'm sure would include that answer. There is an ongoing sticky thread on per-site permissions, http://forums.informaction.com/viewtopic.php?f=10&t=415.

ABE is still in development and is not yet part of an official release. It's in about its 14th or 15th beta now. In the meantime, you can "temporarily allow" the google scripts on whichever sites you like, and I'll PM Giorgio and ask him to post an ungeek-friendly formula for writing exceptions such as you ask for. I'd like to have that formula too, as the question comes up often, as you can imagine. Thanks for your patience.

[GµårÐïåñ]

I am assuming by google to run on gmail to support the site you mean google ad services. Say that's the case, you would put something like this:

Code: Select all

Site mail.google.com
Accept ALL from googlesyndication.com
Deny

This is just an example that will allow all interactions between google mail (gmail) and googlesyndication (ad service) but deny it to any and all others. Is this sufficient for you to create what you need? You can also change mail.google.com to *.google.com to allow ANY google site to have interaction with google ad services.

[Tom T.]

Guardian, I figured you would have the answer, but the post hadn't been answered in a couple of days, and I would have thought you'd have jumped on it. I'll cancel the PM to GM and keep that formula for future such questions. Thanks much.

[GµårÐïåñ]

Well there are various key words, the ALL in this case is because the person WANTS to allow it for whatever personal ideology to interact with ad services for google. There are other things like POST/GET/SUB or nothing in that position. This was the easiest and most simply broad for this occasion to allow the user to achieve what he was asking, be careful with that syntax, each case needs to be evaluated for what specific need it elicits. Cheers.

[essex lad]

I played around with the suggested setting and yes I did want to display text ads but not give google other stuff. The boss where I flog myself in the kitchens just can't abide his lackeys using any other webmail, so we don't get no choice in that particular avenue of endeavour. But why should the google geezers get my data for free as a result?
ABE didn't like your proposed rule and blocked mail.google.com.
Swapping the sites around, so as to finish up with accept ALL from gmail.com I get to see ads on gmail. But then I get to see them anyway if I whitelist gmail no ABE settings needed.
Remains to be seen if they get blocked on other sites, but they don't get blocked on the noscript developer's site noscript.net.
So looks like a work in progress. I'll take the interim answer as
"not easy to do with google services" and check back in a few months.
Ah it's hard having a "personal ideology" lol
Cheers for the attention lads.

[GµårÐïåñ]

Well the suggestion was a place to start and involved some assumptions on my part. You need to tweak it a bit and I suggest if you have some time, take a look at http://noscript.net/abe/ and also the PDF document laying out the specs and see if that helps give you a bit more ideas. Good luck though and you are welcome anytime.

[Giorgio Maone]

The correct rule is

Code: Select all

# User-defined rules. Feel free to experiment here.
Site *.googlesyndication.com googlesyndication.com
Accept from mail.google.com
Deny

Notice the wildcard *, because Google Ads are always served by a subdomain (usually pagead2.googlesyndication.com) rather than the 2nd level domain (googlesyndication.com) which I included nonetheless just to be sure.

And yes, this prevents GAds from being displayed "from the developer's site" as well.

On the other hand, ABE is not meant as a generic blocker, especially for scripts: its scope is CSRF prevention.
Specifically, trying to block 3rd party scripts with ABE does works (the scripts are blocked), but you may end with the page not finishing loading because it misses the "script loaded" notification.
I'm trying to work-around this limitation, but as I said for ABE's aim (CSRF prevention) it's not technically a bug, even though it's annoying if you try to stretch ABE usage outside its scope.

[Tom T.]

...
On the other hand, ABE is not meant as a generic blocker, especially for scripts: its scope is CSRF prevention.
Specifically, trying to block 3rd party scripts with ABE does works (the scripts are blocked), but you may end with the page not finishing loading because it misses the "script loaded" notification.
I'm trying to work-around this limitation, but as I said for ABE's aim (CSRF prevention) it's not technically a bug, even though it's annoying if you try to stretch ABE usage outside its scope.

Giorgio, thanks for the solution. But based on your reply, in my *very* humble opinion, it would be better to keep the site-specific permissions policy and the CSRF-blocking separate. As you've said, "Do one thing, and do it well.' NS is constantly doing more thngs, which is great, but let each of its functions do their one thing well and only. It does seem that it will get very messy -- for users, for support, for yourself -- if ABE is used for selective scripting permission. Please bring the security-critical ABE to completion, and *then* we will look forward to the convenience enhancement of site-specific permissions. IMHO. YMMV.

[Giorgio Maone]

Specifically, trying to block 3rd party scripts with ABE does works (the scripts are blocked), but you may end with the page not finishing loading because it misses the "script loaded" notification.
I'm trying to work-around this limitation

Done in latest development build 1.9.4.91

[Bostic]

...Specifically, trying to block 3rd party scripts with ABE does works (the scripts are blocked), but you may end with the page not finishing loading because it misses the "script loaded" notification.

I've just run into this issue, and I didn't create any rules whatsoever (i.e. ABE at default) after updating to 1.9.5. Page would not finish loading and Firefox consumed 100 % CPU. It also stops pages being loaded in any other tab. Had to disable NoScript:

1. Go to http://atorg.net.ru/universal_viewer/index.htm
2. On the left-hand side, click "Free and Pro"
3. Page loading hangs with 100 % CPU.

[Giorgio Maone]

@Bostic:
is that reproducible for you?
I couldn't reproduce either on my extension-laden default profile nor on a clean one and a fresh NoScript install, no matter if I allowed atorg.net.ru or not...

[Bostic]

@Giorgio:
Sorry my mistake. It looks like Request Policy was the culprit. Not sure how I mixed that up.

Thanks

[Tom T.]

The correct rule is

Code: Select all

# User-defined rules. Feel free to experiment here.
Site *.googlesyndication.com googlesyndication.com
Accept from mail.google.com
Deny

Notice the wildcard *, because Google Ads are always served by a subdomain (usually pagead2.googlesyndication.com) rather than the 2nd level domain (googlesyndication.com) which I included nonetheless just to be sure.

And yes, this prevents GAds from being displayed "from the developer's site" as well. ...

Suppose, theoretically, for the sake of discussion, that one wished to allow "the developer's site as well". Would this be correct?

Code: Select all

Site *.googlesyndication.com googlesyndication.com
Accept from noscript.net
Accept from flashgot.net
Accept from maone.net
Accept from informaction.com
Deny

And can one put multiple sites in the same rule, as above, or would each receiving site require a separate exception?

[GµårÐïåñ]

Yes that would be valid and yes you can use multiple sites in the same rule, in fact for performance I would think it would be preferred.