So let's say I want to allow .google.com only for youtube.com. I whitelist google.com per NoScript and then add to ABE user:5.4
Q: I'm worried by the fact some sites require the akamai.net domain to be whitelisted. I'd prefer not to allow it everywhere, but only on some parent sites I trust. How can I do it?
A: You can use ABE to this effect, by adding the following rule to your NoScript Options|Advanced|ABE USER ruleset:
Notice the leading dot "." before domains, which is syntactic sugar for site.com *.site.com, i.e. a domain and its subdomains.Code: Select all
Site .akamai.net Accept INCLUSION from SELF++ Accept INCLUSION from .trusted-site1.com .trusted-site2.com trusted-site3.com Deny
It should also be noted that, independently from this rule, external scripts are never loaded from pages which don't belong to a whitelisted site, hence no malicious website you didn't explicitly whitelisted could execute scripts from akamai.net anyway.
Code: Select all
Site .google.com
Accept INCLUSION from SELF++
Accept INCLUSION from .youtube.com
Deny
But it doesn't work, not even after restarting the browser. Still, when I visit google.de for example, google.com is still allowed by NoSript.
Help will be greatly appreciated, thanks!