ABE support in 10.1.x
Posted: Sun Dec 31, 2017 7:48 pm
Does NoScript 10.1.x support ABE? I see a note about ABE in the release notes for 10.1.1 but that is all I see. Is the ABE implementation different in the new addon?
NoScripters and WebSec nerds of all lands, unite!
https://forums.informaction.com/
Not yet.ericrobe wrote:Does NoScript 10.1.x support ABE?
Anything (extension) related in about:config is a relic to when times were good.I've seen ABE in the noscript about:config
I have no idea. Giorgio is the only dev of NoScript and I haven't heard any further news on this.Mad_Man_Moon wrote: ↑Fri Mar 01, 2019 3:33 pm Heyyyyyyy, @barbaz [...] Thought I'd lightly ask to see how ABE (or ABE 2.0 / similar site by site ruling for external domains) is moving along.
You are welcome to start such a thread, but please note that it is not a workaround for missing ABE, nor even related to ABE at all. NoScript 10 is currently not capable of preventing CSRF - "bypassing" this would only require making the malicious request as an image. I'm not aware of any content blocker that has the needed functionality to act as an ABE replacement.Mad_Man_Moon wrote: ↑Fri Mar 01, 2019 3:33 pm Relatedly: I had a thought of something I could do that might help ... Would it be OK for me to maybe start a (temporary, until abe comes home) sub forum (or thread, if that's more workable) for a temporary workaround called:Each post (or reply) would list:
- Site Temporary Allows (or maybe swap "Allows" for "Rules" or "Allow Rules")
This could allow people to search noscript [site] temporary rules in google or here,
- Site Name
- Site URL
- The domains required to get the site working at the most basic level (imagery, and basic navigation). ²
- Notes (why the user posted)
Apologies, it wasn't an assumption that you're a dev, it was an assumption that you knew what was going on since you've been very vocal about what's happening with ABE in this thread. I'll ensure that I don't pester you in the future, apologies, I'm sure that you'll also do similarly. Apologies again!
Once again, many apologies. I've not been clear enough in what I'm discussing here.barbaz wrote: ↑Fri Mar 01, 2019 6:42 pmYou are welcome to start such a thread, but please note that it is not a workaround for missing ABE, nor even related to ABE at all. NoScript 10 is currently not capable of preventing CSRF - "bypassing" this would only require making the malicious request as an image. I'm not aware of any content blocker that has the needed functionality to act as an ABE replacement.
You mean like FAQ 8.10, right? For this use case you could use µMatrix or uBlock Origin.Mad_Man_Moon wrote: ↑Sun Apr 21, 2019 8:18 am there were also, in ABE's menus, scripting sections that allowed one *considerable* control over their browsing experience. So one could whitelist YouTube, but YouTube's whitelist functionality *only* worked in the sites that you defined in the scripting.
I'll edit this comment soon (hopefully) with an example of this scripting.
Yep, that's the baby!barbaz wrote: ↑Sun Apr 21, 2019 11:50 amYou mean like FAQ 8.10, right? For this use case you could use µMatrix or uBlock Origin.Mad_Man_Moon wrote: ↑Sun Apr 21, 2019 8:18 am there were also, in ABE's menus, scripting sections that allowed one *considerable* control over their browsing experience.
Giorgio Maone wrote: ↑Tue Jun 02, 2020 7:25 am Most users didn't use ABE, but power users (and myself) did, and I've got some plans for that too, but unfortunately I first need to ensure it's not all lost work with Manifest V3.
Contextual permissions are likely to come earlier, probably as a a further CUSTOM option (e.g. an "on this site only" checkbox).