ABE entry: how to write?

Discussions about the Application Boundaries Enforcer (ABE) module
JLJ
Posts: 14
Joined: Wed Mar 30, 2016 7:55 pm

ABE entry: how to write?

Post by JLJ »

I'm conversant in NoScript generally but only as an end-user with zero coding experience and a brain that makes sure it won't get any more. ;-)
Was hoping somebody wouldn't mind writing a single user ABE entry for me because I'm afraid of the consequences of getting it wrong. All I want to do is:

automatically allow scripts from jquery.com only when I'm on example.com

and disallow it by default on all other sites. I've read ABE documentation and examples but sad to say it's a bit daunting. OK very daunting. Really very extremely daunting.

Thanks in advance to anyone willing to help!
Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:52.0) Gecko/20100101 Firefox/52.0
barbaz
Senior Member
Posts: 10841
Joined: Sat Aug 03, 2013 5:45 pm

Re: ABE entry: how to write?

Post by barbaz »

Code: Select all

Site .jquery.com
Accept from .jquery.com .example.com
Deny INC(SCRIPT, OBJ, FONT, XHR, MEDIA)
Sandbox
Then whitelist jquery.com in NoScript Options > Whitelist.
*Always* check the changelogs BEFORE updating that important software!
-
JLJ
Posts: 14
Joined: Wed Mar 30, 2016 7:55 pm

Re: ABE entry: how to write?

Post by JLJ »

As always, a thousand thank-you's!

Question: that final Sandbox is not something I recall from the examples I've seen -- is there a basic explanation of its function?
Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:52.0) Gecko/20100101 Firefox/52.0
User avatar
GµårÐïåñ
Lieutenant Colonel
Posts: 3365
Joined: Fri Mar 20, 2009 5:19 am
Location: PST - USA
Contact:

Re: ABE entry: how to write?

Post by GµårÐïåñ »

JLJ wrote:Question: that final Sandbox is not something I recall from the examples I've seen -- is there a basic explanation of its function?
Over simplified way of thinking about it would be "limiting the scope" or "boxing it in".
~.:[ Lï£ê ï§ å Lêmðñ åñÐ Ì Wåñ† M¥ Mðñê¥ ßå¢k ]:.~
________________ .: [ Major Mike's ] :. ________________
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0
barbaz
Senior Member
Posts: 10841
Joined: Sat Aug 03, 2013 5:45 pm

Re: ABE entry: how to write?

Post by barbaz »

Sandbox means something like "allow the request, but prevent active content from running in the context of the response". This means that Sandbox applied to a top-level document or subdocument would block all active content in that page, as if you had set NoScript's script permissions to block all sites on that page. But Sandbox applied to an image or a JS file wouldn't do anything. The latter case (JS file) is a slightly tricky one. Although the JS file is itself active content, active content in a webpage runs in the context of the webpage, not the individual JS files it calls. So blocking active content from running in the context of the JS file itself won't actually block anything, because there isn't anything to block there.

Does this explanation help?

EDIT oops, GµårÐïåñ beat me to it :)
*Always* check the changelogs BEFORE updating that important software!
-
User avatar
GµårÐïåñ
Lieutenant Colonel
Posts: 3365
Joined: Fri Mar 20, 2009 5:19 am
Location: PST - USA
Contact:

Re: ABE entry: how to write?

Post by GµårÐïåñ »

barbaz wrote:EDIT oops, GµårÐïåñ beat me to it :)
No worried, your explanation was more thorough, I was simply trying to simplify a very complex principle, that's all. :ugeek: Well done 8-)
~.:[ Lï£ê ï§ å Lêmðñ åñÐ Ì Wåñ† M¥ Mðñê¥ ßå¢k ]:.~
________________ .: [ Major Mike's ] :. ________________
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0
JLJ
Posts: 14
Joined: Wed Mar 30, 2016 7:55 pm

Re: ABE entry: how to write?

Post by JLJ »

See while I understand the concept of sandboxing (heck, I use Sandboxie from time to time) I wasn't 100% certain how it worked in the context of NoScript's ABE functions. Suffice it say I'll come back to GµårÐïåñ's detailed explanation every few years, maybe I'll get it down the line. ;-) Thanks all.
Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:52.0) Gecko/20100101 Firefox/52.0
Post Reply