Guest wrote:For these well-known services that use subdomain as identifiers, I think it's safer to put a subdomain into whitelist, than allowing the domain name.
Yes.
Guest wrote:aaa.blogspot.com and bbb.blogspot.com are both hosted on Google, but usually managed by two different people/groups. It's possible that aaa.blogspot.com is legitimate, but bbb.blogspot.com tries to do something nasty or is compromised. For now, NoScript can either put blogspot.com into whitelist, which is dangerous, or I have to temporarily enable it for each blogspot.com website.
Not so. Please keep reading.
Guest wrote:From Amazon's FAQ (
http://aws.amazon.com/cloudfront/):
"In Amazon CloudFront, your objects are organized into distributions. A distribution specifies the location of the original version of your objects. A distribution has a unique CloudFront.net domain name (e.g. abc123.cloudfront.net) that you can use to reference your objects through the network of edge locations."
The
Akamai FAQ addresses this same issue, of fine-tuning subdomain permissions on third-party CDNs.
Guest wrote:PS: Yesterday when I was browsing a website, I saw "Allow xxx.appspot.com" in settings. That's why I used appspot.com as an example, and I thought NoScript categorized certain websites by subdomain names.
That's the user's choice, and is easily configurable. Please keep reading...
Guest wrote: Maybe I remembered wrong because I didn't find that entry in my whitelist today... I guess my post is either a feature request, or I omitted some existing functionality in NoScript that can achieve what I want.
The latter. The functionality is already there.
In NoScript > Options > Appearance, you may have "Base 2nd level Domains" checked. Check "Full Domains" and/or "Full Addresses" > OK. (It's up to you whether you want Base 2nd-Level to show also.) Now, aaa.blogspot.com and bbb.blogspot.com show as two separate entries in NS Menu. You can whitelist aaa.blogspot.com, while leaving bbb.blogspot.com in the default-deny zone. (You could even mark it as Untrusted. Doesn't change the fact that it will be blocked anyway, but that takes it out of the main menu, so that you're not annoyed by seeing it frequently. Also, may shorten the menu of scripts.)
I do this myself. I use Yahoo mail. The default whitelist includes yahoo.com and yimg.com, so that new or novice users can use most Yahoo services right out of the box. But i'm mostly there for the mail. So i changed those to mail.yahoo.com and mail.yimg.com. Then, I can use the mail service fully, but will not have scripts running from finance.yahoo.com, news.yahoo.com, etc. It's not that I don't trust them; it's that they're annoying.
The feature you would like is already there. Should you have any more questions about implementing it, please let us know. Otherwise, if you understand this and have it working for you, please let us know that, so that we can mark the issue as Resolved. Thank you.