plugin embeddings) in the landing page
It is my understanding that ABE rules should be overriding NoScript permssions set from the GUI, so if I have such a rule
Code: Select all
Sandbox INC (IMAGE,CSS,SCRIPT,OBJ,XHR) from SELF++
Deny INC SUB
Sandbox GET from SELF++
I would expect youtube not being able to run scripts, and therefore quite broken... yet if I allow it from the menu icon (along with ytimg.com and other youtube domains) I can indeed see videos in HTML5.
I'm not considering plugins simply because I'm not using any, but as far as scripts go, I would say that ABE isn't actually blocking them with a sandboxing rule : I think I got this wrong, because if I were right, by now other people would have noticed that sandboxing doesn't do what it's supposed to do...
Am I misunderstanding that quote from the ABE pdf manual?