What do the individual checkboxes for Default/Trusted/Untrusted/Custom mean?
Posted: Mon Mar 29, 2021 6:19 pm
script - JavaScript, e.g. <script> tags
object - plugin objects (usually Flash, Java applets, Silverlight, etc)
media - HTML5 audio/video
frame - subdocuments, e.g. <frame> and <iframe>
font - remote fonts
webgl - WebGL
fetch - whether other sites can make XMLHttpRequest (sometimes abbreviated as "XHR") and Fetch request to this site
ping - destination of navigator.sendBeacon and hyperlink ping attribute
noscript - whether to show the contents of <noscript> elements where NoScript blocks scripts (which can happen either by disabling "script" permission for the site, or having "Any capability blocked in the top document must be blocked in its subdocuments too" enabled - see viewtopic.php?p=103640#p103640 )
"unrestricted CSS" - when disabled for a site, NoScript mitigates pure-CSS exploits (e.g. CSS PP0) on pages served by that site
LAN - whether this site is allowed to make requests to resources on your local network, e.g. localhost or private IP addresses, when this site is not itself hosted on your local network
other - requests where Firefox cannot identify the request type (ref https://hackademix.net/2017/12/04/noscr ... ment-39964)
_________________________
(Last updated for NoScript 11.3.3. Originally posted in reply to viewtopic.php?f=7&t=24046 , which also hosts the related discussion.)
object - plugin objects (usually Flash, Java applets, Silverlight, etc)
media - HTML5 audio/video
frame - subdocuments, e.g. <frame> and <iframe>
font - remote fonts
webgl - WebGL
fetch - whether other sites can make XMLHttpRequest (sometimes abbreviated as "XHR") and Fetch request to this site
ping - destination of navigator.sendBeacon and hyperlink ping attribute
noscript - whether to show the contents of <noscript> elements where NoScript blocks scripts (which can happen either by disabling "script" permission for the site, or having "Any capability blocked in the top document must be blocked in its subdocuments too" enabled - see viewtopic.php?p=103640#p103640 )
"unrestricted CSS" - when disabled for a site, NoScript mitigates pure-CSS exploits (e.g. CSS PP0) on pages served by that site
LAN - whether this site is allowed to make requests to resources on your local network, e.g. localhost or private IP addresses, when this site is not itself hosted on your local network
other - requests where Firefox cannot identify the request type (ref https://hackademix.net/2017/12/04/noscr ... ment-39964)
_________________________
(Last updated for NoScript 11.3.3. Originally posted in reply to viewtopic.php?f=7&t=24046 , which also hosts the related discussion.)