Page 1 of 4

Why must I "Temporarily allow all this page" REPEATEDLY?

Posted: Thu Mar 08, 2012 7:47 am
by Tom T.
Many users have asked, "Why do I have to 'temporarily allow all this page' several times in a row?" -- in one case, as many as 15 times.
"Why doesn't 'Temp-allow all' do just that?"

This is not a NoScript problem; it's a vital protection against a rather distasteful trend on the Web. Example:

You visit goodsite.com and allow it. You find that it needs to temp-allow siteA.com, siteB, and siteC. You "temp-allow all".
The page reloads, and once the scripts from siteA.com are allowed to run, they call scripts from siteX.com, siteY.com, and siteZ.com.
This is what I call "cascading scripts" - probably not official terminology. (Hey, it should be. ;) )

The reason NoScript doesn't automatically allow that third tier of scripts to run is that you presumably made a decision that A, B, and C were trustworthy. But you didn't know that X, Y, and Z would follow. Maybe you don't trust them. At least, you should have a chance to decide for yourself, look them up in mywot, check here, check other sources, etc.

Unfortunately, there's nothing to stop X or Y or Z from calling additional scripts, maybe from evil.com. (It's happened, and a user got infected.) You would have to vet them or TA them, too. It's annoying, but NoScript is giving you full control, protecting your safety at the price of a bit of inconvenience. Blame the annoyance on sites that use this type of garbage, rather than on the tool that protects you from it. In other words, don't shoot the messenger. :)

If you truly want all scripts coming to that site to be enabled, you can go to NS menu > General and check "Scripts Globally Allowed (dangerous)". Then don't forget to uncheck it before going elsewhere. Personally, I'd rather run as few scripts as possible, so rather than temp-allow every generation of these cascading scripts, I'd just TA one at a time until I find what the page really *needs* to run. Then you'll know for the future.

Most of the later scripts are data-miners, ad agencies, marketers, connections to Facebook and other social sites that you might not want running at the moment, etc. I share your dismay at the inconvenience, but this is the way the Web is going, and it's vital to have NoScript to prevent these resource-hogging, privacy-invasive, and possibly malicious scripts from running.

A list of more than 100 script sources that are essentially advertising and/or data mining, and therefore rarely necessary, is here.

Note that when you don't allow these data-miners and some other scripts, there may be a Surrogate Script set to run by default, to keep the page happy while protecting your privacy. So you should be able to mark them Untrusted, which means they'll never show up in the menu again. This makes for a much shorter menu list. If you ever actually need the real script (rare), you can still point to Untrusted in NS menu and temp-allow.

To see the list of script sources that have NoScript surrogates, open about:config, and in the Filter bar, type
surr
(that's enough to bring up the list).

For a plain-English list of said sources, a bit easier to read than the about:config listings, see this sticky post, which may or may not be up-to-date after a new surrogate is added, depending on time constraints of the Support Team.

I hope that this is helpful. This post is intended to be made sticky, but as always, feedback, questions, and suggestions are welcome.

-- Tom T.

Re: Why must I "Temporarily allow all this page" REPEATEDLY?

Posted: Sat Mar 17, 2012 7:00 am
by pgw78
The question I came here to ask is actually related to this very topic.

The thing is that NoScript effectively acts as an adblocker; many ads will not load unless I allow certain scripts to run. And that does bring up exactly the sort of cascade effect you describe. (The first time I went through it, allowing one scripting site at a time and watching new scripts appear, it was fascinating. And the ads didn't appear until I'd allowed everything.)

The problem with this is that I do want the ads to load on certain sites. Webcomics, for example. Those comics are small businesses which depend on the ad revenue as their primary, perhaps even sole, source of income. If allowing a few ads (which I'll probably ignore anyway) to load on the page is the only price I have to pay for the entertainment I get, I consider that a bargain. I don't want to be a free rider, taking what they offer without paying my fair share. They don't run malicious code, and I can use TACO to ward off any tracking cookies.

AdBlock is set up for this sort of thing. I can tell it not to block ads on certain sites, and it will allow those ads - whatever they are, wherever they're from - to load on those specific pages. I'm effectively turning AdBlock off when I visit the sites on my whitelist. But if NoScript has an option like that, I haven't found it. I can tell it to "allow all on this page," but it's far from ideal. That allows those same scripts to run on other sites, where I may not want them. It reloads all the tabs running any one of those scripts. And I'll probably have to do it multiple times on each webcomic, and possibly repeat the process on return visits, when they have different ads running.

What I want, in short, is to be able to say "allow all on this page," and have NoScript do just that: allow every script on that page - even the cascading ones - on every visit, without giving those same scripts permission to run elsewhere. Basically the inverse of the current NoScript whitelist (which certainly also has its uses). Is that possible?

Paul

Re: Why must I "Temporarily allow all this page" REPEATEDLY?

Posted: Sat Mar 17, 2012 7:10 am
by Tom T.
pgw78 wrote:AdBlock is set up for this sort of thing. I can tell it not to block ads on certain sites, and it will allow those ads - whatever they are, wherever they're from - to load on those specific pages. I'm effectively turning AdBlock off when I visit the sites on my whitelist. But if NoScript has an option like that, I haven't found it.
The second sticky topic down from this one: Site-Specific-Permission Questions? PLEASE READ THIS FIRST!.
What I want, in short, is to be able to say "allow all on this page," and have NoScript do just that: allow every script on that page - even the cascading ones - on every visit, without giving those same scripts permission to run elsewhere. Basically the inverse of the current NoScript whitelist (which certainly also has its uses). Is that possible?
Yes.

(Please read that sticky, and the FAQ linked from there. Then, if you cannot create the proper rule, post back, and we'll help you do it.)

Re: Why must I "Temporarily allow all this page" REPEATEDLY?

Posted: Sat Mar 17, 2012 8:01 am
by pgw78
Thanks for the help and the quick response.

The thread you linked redirects me to the main NoScript FAQ, which I looked through before coming to the forums. (FWIW, I did also look through the forums a bit before posting, but I guess I missed that one.) From what I can see, I would need to individually allow each and every script involved in loading ads (going through the entire cascade at every site), keep a running list of which scripts those are, go to ABE and individually add them all, create exception rules at each one saying that it should only be allowed to run on the full list of sites I want to whitelist... and then go through it again every time a new ad script comes up. Is that correct, or am I missing something? Because that... seems less than ideal.

Re: Why must I "Temporarily allow all this page" REPEATEDLY?

Posted: Sat Mar 17, 2012 8:17 pm
by Alan Baxter
pgw78 wrote:The problem with this is that I do want the ads to load on certain sites. Webcomics, for example. Those comics are small businesses which depend on the ad revenue as their primary, perhaps even sole, source of income. If allowing a few ads (which I'll probably ignore anyway) to load on the page is the only price I have to pay for the entertainment I get, I consider that a bargain. I don't want to be a free rider, taking what they offer without paying my fair share. They don't run malicious code, and I can use TACO to ward off any tracking cookies.
[...]
What I want, in short, is to be able to say "allow all on this page," and have NoScript do just that: allow every script on that page - even the cascading ones - on every visit, without giving those same scripts permission to run elsewhere. Basically the inverse of the current NoScript whitelist (which certainly also has its uses). Is that possible?
I appreciate your frustration, Paul, but this is like trying to use a hammer to do the job of a screwdriver. What you want to do isn't possible with NoScript alone but is fairly straightforward if you use Adblock Plus too. That's why I use them both. As Giorgio says in the FAQ:
Even if NoScript does block many advertisements as a side effect, its main focus is on security, hence it misses some fine-grained controls over ads delivery which you can find in proper adblocking products. Fortunately, Adblock Plus is compatible with NoScript: you can use them together for a secure and quiet browsing.
Here's what I would do in your position:
1) Permanently whitelist all of the advertising scripts you want to use. If you trust their security when viewing web comics, then apparently you trust them period. You may find the Allow all this page or Make page permissions permanent selections useful when doing this.
2) Block all those sites in Adblock Plus with the following command for each one. I expect this step would be unnecessary if you install the EasyList and EasyPrivacy subscriptions in Adblock Plus.

Code: Select all

||example.com^$script
3) Whitelist each of the sites where you want to see ads in Adblock Plus by right-clicking the ABP icon and selecting Disable on thissite.com

Hope this helps.

Re: Why must I "Temporarily allow all this page" REPEATEDLY?

Posted: Sat Mar 17, 2012 11:31 pm
by Tom T.
I was thinking more like:

Code: Select all

Site ALL
Accept from .webcomic1.com .webcomic2.com (etc.)
Deny
.. but that stops all scripts at all other sites.

I had some other thoughts, but need to give this some time.

You could just check "Scripts Globally Allowed (dangerous) on Noscript Options > General tab before visiting such sites, then uncheck it *before* you leave those and go to the other sites that you don't want to support.

However, that opens you up to every potentially-malicious script on the planet (hence the word, "dangerous"). Kind of defeats the purpose of NoScript, though you still have protection of XSS and ClearClick.
From what I can see, I would need to individually allow each and every script involved in loading ads (going through the entire cascade at every site), keep a running list of which scripts those are, go to ABE and individually add them all, create exception rules at each one saying that it should only be allowed to run on the full list of sites I want to whitelist... and then go through it again every time a new ad script comes up. Is that correct, or am I missing something?
Not all of those ads are advertising, and NoScript runs Surrogate Script for some of the data-miners. The site is still happy. I asked the owner of a web site if he minded that I blocked google-analytics.com at his site. He said he uses that only for some statistical analysis of site usage, but the actual money comes from Google Adsense (google-syndication.com)

So if you do collate a list, we can make *one* rule that covers all desired scripts at all desired sites.

When a new script shows up, and you decide you wish to allow it, editing that one rule is a few clicks and a few keystrokes. I'll give samples if you're interested in the idea.

ETA: I don't want to make this a habit, but if the number of sites isn't too large, post them here, and I'll write the rule for you.
I'd do it this once, because it would be a template for others who might want to accomplish the same goal. I would add it to my own bookmarks, to refer them to it.

If you'd rather not post them publicly, PM them to me, and when I post them, I'll change the URLs of your sites to generic: Site1.com Site2.com (etc.)

Re: Why must I "Temporarily allow all this page" REPEATEDLY?

Posted: Sun Mar 18, 2012 8:57 am
by pgw78
Alan, I wasn't trying to use NoScript as an ad blocker. I do use AdBlock Plus, with filter subscriptions. Also FlashBlock and Beef TACO. You make a good point, though, that with that kind of protection I should be able to allow ad scripts without having everything load on sites I haven't whitelisted with ABP.

Tom, I appreciate the offer. That would improve the situation. I'll collect the list tomorrow, when I go on my full rounds (just about everything updates on Mondays). If you can make something of it, great. If not, as Alan points out, I should still be protected.

Thank you both for the help. :)

Paul

Re: Why must I "Temporarily allow all this page" REPEATEDLY?

Posted: Sun Mar 18, 2012 11:20 pm
by Tom T.
pgw78 wrote:Tom, I appreciate the offer. That would improve the situation. I'll collect the list tomorrow, when I go on my full rounds (just about everything updates on Mondays). If you can make something of it, great.
I can make something of it. :ugeek: ... including eliminating the ones that don't need to be allowed and/or shouldn't be allowed, because they don't add revenue to your desired sites and/or are privacy-invasive. Your sites are entitled to get paid for ad displays and click-throughs - period. Not your entire browsing and search history, etc.

Looking forward to it. :)

ETA: Don't forget that this job will be much easier using the feature introduced in NS 2.2.9, as described in Default Whitelist FAQ:
Also, if you seek for assistance in the NoScript forum and you want to report the sites listed in your menu, you can easily do it, with no need for typing them, by just right-clicking one item or the menu itself: this will copy the information in the system clipboard for you to paste anywhere.

Re: Why must I "Temporarily allow all this page" REPEATEDLY?

Posted: Mon Mar 19, 2012 10:43 am
by pgw78
Thanks, Tom! :)

That right-click trick helped. Made it easier, and ensured no typos. I went through my regular webcomics rounds and temporarily allowed everything (except for google analytics, stumbleupon, and other things obviously not ad-related). It's quite a list.

adition.com
doubleclick.net
contextweb.com
twimg.com
displaymarketplace.com
scorecardresearch.com
betrad.com
invitemedia.com
2mdn.net
projectwonderful.com
piclens.com
quantserve.com
wibiya.com
compete.com
wildwildwebcomics.com
sitemeter.com
addtoany.com
lockerz.com
openx.org
tribalfusion.com
adadvisor.net
scribol.com
mediaplex.com
bluekai.com
turn.com
admeld.com
doubleverify.com
mathtag.com
atdmt.com
1and1.com
burstnet.com
statcounter.com
technoratimedia.com
agkn.com
adnxs.com
topsy.com
exponential.com
adsafeprotected.com
lijit.com
amung.us
giantrealm.com
ytimg.com
doomies.com
spiderforest.com
inkoutbreak.com
ohnorobot.com
addthis.com
realmedia.com
amazon-adsystem.com
glam.com
advertising.com
endless.com

And these are the comics domains (where I want to allow ad scripts to run):

unshelved.com
doonesbury.com
sinfest.net
shortpacked.com
girlgeniusonline.com
breakpointcity.com
goblinscomic.com
ozfoxes.com
planetkaren.co.uk
askdreldritch.com
heroes-comic.com
giantitp.com
evil-comic.com
the-gutters.com
drmcninja.com
spacetrawler.com
keenspot.com
www .metro.co.uk
thedreamlandchronicles.com
notinventedhe.re
marrymemovie.com
axecop.com
nonadventures.com
atomiclaundromat.com
rlfcomic.com
jackie-rose.net
grrlpowercomic.com
diggercomic.com

I think that does it. Let me know if there's anything more you need.

Paul

Re: Why must I "Temporarily allow all this page" REPEATEDLY?

Posted: Tue Mar 20, 2012 1:09 am
by Tom T.
pgw78 wrote:That right-click trick helped. Made it easier, and ensured no typos.
Agree. Good thing that someone suggested that idea (cough), and that Giorgio implemented it. Quite useful in general, but this is the most extreme example. :)
I went through my regular webcomics rounds and temporarily allowed everything (except for google analytics, stumbleupon, and other things obviously not ad-related).
Once you implement the ABE rule, you'll need to add these to your whitelist. (NS Options > Whitelist). Else, you'll still have to TA them. You might want to do the TA thing first, to make sure the rule works. Then we know it's safe to whitelist them, because ABE will block them everywhere except at your permitted sites.
adition.com
doubleclick.net Now owned by Google; notorious for privacy invasion; subject of lawsuits. I'll include it, but you may wish to consider deleting it.
contextweb.com
twimg.com
displaymarketplace.com
scorecardresearch.com Data-miner
betrad.com
invitemedia.com
2mdn.net
projectwonderful.com
piclens.com
quantserve.com Data-miner with a Surrogate Script built-in
wibiya.com
compete.com
wildwildwebcomics.com
sitemeter.com Haven't researched, but the name pretty much sounds like a data-miner, no?
addtoany.com
lockerz.com
openx.org
tribalfusion.com
adadvisor.net
scribol.com
mediaplex.com
bluekai.com
turn.com
admeld.com
doubleverify.com
mathtag.com
atdmt.com
1and1.com
burstnet.com
statcounter.com Is that a stat counter, or what? ;)
technoratimedia.com
agkn.com
adnxs.com
topsy.com
exponential.com
adsafeprotected.com
lijit.com
amung.us
giantrealm.com

ytimg.com In the Default Whitelist, and needed at other sites, esp. YouTube (name derives from "YouTube images" -- see the Updated section of NoScript Quick Start Guide for sites' growing use of secondary servers for static content -- that which doesn't change often, like the logos and other elements standard to all pages in that domain.

If you want to apply restrictions to ytimg, I'd suggest a separate rule, since you may want to allow it at some sites other than the below list, but perhaps not everywhere.


doomies.com
spiderforest.com
inkoutbreak.com
ohnorobot.com
addthis.com
realmedia.com
amazon-adsystem.com
glam.com
advertising.com
endless.com

And these are the comics domains (where I want to allow ad scripts to run):

unshelved.com
doonesbury.com
sinfest.net
shortpacked.com
girlgeniusonline.com
breakpointcity.com
goblinscomic.com
ozfoxes.com
planetkaren.co.uk
askdreldritch.com
heroes-comic.com
giantitp.com
evil-comic.com
the-gutters.com
drmcninja.com
spacetrawler.com
keenspot.com
www .metro.co.uk Sanitized link under our general anti-spam policies; no offense intended.
thedreamlandchronicles.com
notinventedhe.re LOL @ domain name combo
marrymemovie.com
axecop.com
nonadventures.com
atomiclaundromat.com
rlfcomic.com
jackie-rose.net
grrlpowercomic.com
diggercomic.com
Don't have any of those sites open when you do the ABE rule.
Open NoScript menu > Options > Advanced > ABE.
Ensure that "Enable ABE" is checked.
In the left-hand pane, click USER.
The right-hand pane now displays
# User-defined rules. Feel free to experiment here.
Note that you may add comments on a separate line, or at the end of any line, using # before the comment. The hash tag tells NoScxript "This is just a comment. Don't parse it as a rule." So you may want to use this in various places to remind yourself why you did this or that, etc.

I provided a suggested comment/title for the rule, but you can eliminate it or change it as you please. It may help other users who view this topic to understand what such a rule does.

Directly under that first (default) line, copy and paste this:

Code: Select all

# Allow ads at desired sites and nowhere else
Site .adition.com .doubleclick.net .contextweb.com .twimg.com .displaymarketplace.com .betrad.com .invitemedia.com .2mdn.net .projectwonderful.com .piclens.com .wibiya.com .compete.com .wildwildwebcomics.com .addtoany.com .lockerz.com .openx.org .tribalfusion.com .adadvisor.net .scribol.com .mediaplex.com .bluekai.com .turn.com .admeld.com .doubleverify.com .mathtag.com .atdmt.com .1and1.com .burstnet.com .technoratimedia.com .agkn.com .adnxs.com .topsy.com .exponential.com .adsafeprotected.com .lijit.com .amung.us .giantrealm.com .doomies.com .spiderforest.com .inkoutbreak.com .ohnorobot.com .addthis.com .realmedia.com .amazon-adsystem.com .glam.com .advertising.com .endless.com
Accept from .unshelved.com .doonesbury.com .sinfest.net .shortpacked.com .girlgeniusonline.com .breakpointcity.com .goblinscomic.com .ozfoxes.com .planetkaren.co.uk .askdreldritch.com .heroes-comic.com .giantitp.com .evil-comic.com .the-gutters.com .drmcninja.com .spacetrawler.com .keenspot.com
www.metro.co.uk .thedreamlandchronicles.com .notinventedhe.re .marrymemovie.com .axecop.com .nonadventures.com .atomiclaundromat.com .rlfcomic.com .jackie-rose.net .grrlpowercomic.com .diggercomic.com
Deny
There will be a long scrollbar due to the length of the list, but that's better than writing dozens or hundreds of rules. ;)

Click "Refresh", to activate the syntax-checker. If nothing turns red, and/or no error message pops up, we're good.
Click OK and you're done.

To Paul and anyone else who would like to try using ABE for this or similar purposes:


If you want to delete any entry, whether in the list of script sources ("Site"), or the sites from which you will allow such requests ("Accept from"), just delete as in any text document, *being sure that there is exactly one blank space between the entries remaining after your deletion*.

If you want to add to either, follow the above pattern. One blank space between entries.

The leading dot allows that domain, and all sub-domains within it.
For example, .yahoo.com allows www .yahoo.com, mail.yahoo.com, finance.yahoo.com, etc.
If that isn't your goal, specify the sub-domain, or a literal URL:

Code: Select all

http://www.somesite.com
Remember to click "Refresh", to check for syntax errors (a missing space; typo on http; etc.), and to click OK when done.

Remember that these sites *must* be in your Whitelist, or you'll have to temp-allow them -- which defeats the purpose.

This was a useful one-time exercise, to provide a complex, real-world example for others to use, but for all other users: Please don't ask me or any other team member to do this for you. Try it yourself, reading ABE FAQ as necessary. *Then*, if you still can't get it to work, post your issue in the NoScript > ABE forum, and we'll be happy to help.
pgw78 wrote:Thanks, Tom! :)
You're very welcome. I hope it helps many, many other users besides yourself.

Please confirm that it works for you.
- Tom

Re: Why must I "Temporarily allow all this page" REPEATEDLY?

Posted: Tue Mar 20, 2012 10:50 am
by pgw78
Turns out twimg is like ytimg, but for Twitter. I removed that from the list. And thank you for not just marking the suspect ones on the list but leaving them out of the code.

No offense taken at all for sanitizing the link. I almost did it myself, but wanted to be sure the URL was right for you.

If you like the notinventedhe.re domain name, you might want to check out the comic. It's all about programmers working at a software development company. It's been around since Sept '09, so there's a good amount of material but not so much that you can't catch up. :)
Please confirm that it works for you.
Short version: Confirmed.

Long version:

I tried allowing some of the scripts and visiting the comics sites. The scripts were indeed allowed, as far as I can see. Then I wanted to make sure they'd be blocked elsewhere, but I wasn't sure which sites would be running those specific scripts.

I tried visiting the homepage of one of the blocked scripts (invitedmedia.com, I think) directly. An alert box popped up to inform me that the rule had blocked the GET request. The tab stayed on the page I'd been looking at, without even trying to load the invitedmedia page.

I went to The Onion. Their site has ads but isn't on the comics list. Their ads weren't on the approved list, so I copied the URLs of their scripts, closed the tab, added the ad domains to the allow list, left theonion.com off the "accept from" list, and reopened the tab. NoScript looked as if the scripts were allowed. There was no notification that they weren't. But the ads didn't load. I tried removing the ABE rule and reopening the tab, and bingo - the ads loaded. (I should perhaps mention that The Onion appeared to load more slowly than usual, but I'm not sure if that has anything to do with the ABE rule.)

So, yes, it appears to be working! And if I ever want to tweak things, it's really simple to add or remove sites on either list. This is very useful. I really appreciate the help. To better express my gratitude, I've just donated to NoScript's PayPal account. :)

Re: Why must I "Temporarily allow all this page" REPEATEDLY?

Posted: Wed Mar 21, 2012 12:05 am
by Tom T.
pgw78 wrote:Turns out twimg is like ytimg, but for Twitter.
Did you happen to read the part of NoScript Quick Start Guide, about halfway down the page, in bold: Updated 25 Jan 2012, about how common this is, and how you can usually deduce the source of a secondary domain/server that provides static-type content for the main site? One gets very good at this, as soon as one starts to think along these lines.
And thank you for not just marking the suspect ones on the list but leaving them out of the code.
Note that I left doubleclick *in* the code. They're ads, but they have a slimy record (look them up on Wikipedia). If you want to allow them, fine, but just to clarify that this was one "suspect" one that was INCLUDED in the code. Your call.
No offense taken at all for sanitizing the link. I almost did it myself, but wanted to be sure the URL was right for you.
Simply breaking syntax, like http//somesite.com (missing the colon), or www .somesite.com (blank space after www) breaks the links, but we still get it.

it's been brought to my attention that search bots are now counting textual references as well as actual links. My reply, which was agreed to, was that one or two free plugs for your comic sites, aside from being a small drop in the Big Bucket, was a small "price" to pay for giving all future users a reproducible process for collating multiple script sources and multiple sites to allow them, in *one* single ABE rule.
If you like the notinventedhe.re domain name, you might want to check out the comic. It's all about programmers working at a software development company. It's been around since Sept '09, so there's a good amount of material but not so much that you can't catch up. :)
I liked the use of the .re domain to complete it, as in del.icio.us. There's a name for that practice (making the top-level domain part of a site name, as in "tele.com" or "call.us"), and WP has it, but I can't remember it ATM.

The strip sounds like Dilbert, which was funny at times.
I tried allowing some of the scripts and visiting the comics sites. The scripts were indeed allowed, as far as I can see.
The JSView add-on lets you see which have actually loaded. You can 2-click the name of a script, and it will display the code. Even if you can't read the code, if it comes up blank, you know with certainty that it didn't run. (Also, you'd be surprised at how many may come from a single domain name. I've seen Yahoo Mail running as many as 122 scripts at one time.)
I tried visiting the homepage of one of the blocked scripts (invitedmedia.com, I think) directly.
Just for the record, the scripts that may run *at the website of an advertising agency* aren't necessarily (unlikely to be) the same as the ad script itself. After all, the purpose of their site is to attract new customers (advertisers; businesses), whereas the purpose of the scripts in question is to -- run advertising. ;)
I went to The Onion. Their site has ads but isn't on the comics list. Their ads weren't on the approved list, so I copied the URLs of their scripts, closed the tab, added the ad domains to the allow list, left theonion.com off the "accept from" list, and reopened the tab. NoScript looked as if the scripts were allowed. There was no notification that they weren't.
Of course. You allowed them *in NS's own permissions list*, which you *must* do, as we discussed above... didn't you?
But the ads didn't load. I tried removing the ABE rule and reopening the tab, and bingo - the ads loaded.
Perfect confirmation! :)
So, yes, it appears to be working! And if I ever want to tweak things, it's really simple to add or remove sites on either list.
That was the point, thanks. And now others have an explicit process to follow.
pgw78 wrote: This is very useful. I really appreciate the help. To better express my gratitude, I've just donated to NoScript's PayPal account. :)
On behalf of Giorgio, thank you very much.

The Support Team is all unpaid volunteers, but the more donations, the less time Giorgio has to spend at his Real Job, which means: the sooner we'll get NoScript 3.x for the desktop, which will have site-specific permission capability built in, with no need for writing ABE rules.

And thank you for the kind words. :)

Re: Why must I "Temporarily allow all this page" REPEATEDLY?

Posted: Wed Mar 21, 2012 12:41 pm
by pgw78
Tom T. wrote:Did you happen to read the part of NoScript Quick Start Guide, about halfway down the page, in bold: Updated 25 Jan 2012, about how common this is, and how you can usually deduce the source of a secondary domain/server that provides static-type content for the main site? One gets very good at this, as soon as one starts to think along these lines.
No, I hadn't. But you're right. Definitely something good to learn.
And thank you for not just marking the suspect ones on the list but leaving them out of the code.
Note that I left doubleclick *in* the code. They're ads, but they have a slimy record (look them up on Wikipedia). If you want to allow them, fine, but just to clarify that this was one "suspect" one that was INCLUDED in the code. Your call.
I did remove it. I've always felt a little squeamish about doubleclick. It's a shame that several of the comics on the list (including some of my personal favorites) use it, but my distaste for doubleclick outweighs the small revenue increase for the comics. If they want my ad views, they can switch to a less sketchy source.
No offense taken at all for sanitizing the link. I almost did it myself, but wanted to be sure the URL was right for you.
Simply breaking syntax, like http//somesite.com (missing the colon), or www .somesite.com (blank space after www) breaks the links, but we still get it.
Noted. As it turns out, I couldn't have fixed it. I didn't realize that one would linkify on these boards, and since I haven't registered here I don't have the ability to edit my posts (even though the thought crossed my mind to do so).
it's been brought to my attention that search bots are now counting textual references as well as actual links. My reply, which was agreed to, was that one or two free plugs for your comic sites, aside from being a small drop in the Big Bucket, was a small "price" to pay for giving all future users a reproducible process for collating multiple script sources and multiple sites to allow them, in *one* single ABE rule.
Huh. That's good to know. It makes sense, now that you mention it. Thanks for letting me post despite the objection. (It wasn't my intention to advertise, though I am happy to see new readers introduced to good comics. They get something to enjoy and the author gets rewarded for doing good work - good karma all around.)
I tried allowing some of the scripts and visiting the comics sites. The scripts were indeed allowed, as far as I can see.
The JSView add-on lets you see which have actually loaded. You can 2-click the name of a script, and it will display the code. Even if you can't read the code, if it comes up blank, you know with certainty that it didn't run. (Also, you'd be surprised at how many may come from a single domain name. I've seen Yahoo Mail running as many as 122 scripts at one time.)
I'll look into that, thanks.
I tried visiting the homepage of one of the blocked scripts (invitedmedia.com, I think) directly.
Just for the record, the scripts that may run *at the website of an advertising agency* aren't necessarily (unlikely to be) the same as the ad script itself. After all, the purpose of their site is to attract new customers (advertisers; businesses), whereas the purpose of the scripts in question is to -- run advertising. ;)
Yes. I wasn't expecting them to run ads there. I was surprised that the page wouldn't load at all, and thought the side effect worth noting.
I went to The Onion. Their site has ads but isn't on the comics list. Their ads weren't on the approved list, so I copied the URLs of their scripts, closed the tab, added the ad domains to the allow list, left theonion.com off the "accept from" list, and reopened the tab. NoScript looked as if the scripts were allowed. There was no notification that they weren't.
Of course. You allowed them *in NS's own permissions list*, which you *must* do, as we discussed above... didn't you?
Yes. I thought maybe denying through ABE would show some indicator. I've had the bar pop up to let me know the rule had blocked a script a few times. Once or twice, thanks to the giant URLs involved, it was so big it messed with the page scaling, to the point that even with the browser in full screen mode I couldn't get to the right edge of the box or see the rightmost tabs in the tab bar. But those have been times when I was on one of the approved sites and an ad failed to load because nested under one of the approved scripts was a blocked one (usually doubleclick). But when I'm on another site, like The Onion, NoScript just acts like the script is allowed. The menu gives me the option to forbid it without indicating that it's being filtered. Which is fine, now that I know that's what's happening. At first, though, I thought it meant the ABE rule wasn't working.
The Support Team is all unpaid volunteers, but the more donations, the less time Giorgio has to spend at his Real Job, which means: the sooner we'll get NoScript 3.x for the desktop, which will have site-specific permission capability built in, with no need for writing ABE rules.
Neat! And a very good point.

Paul

Re: Why must I "Temporarily allow all this page" REPEATEDLY?

Posted: Thu Mar 22, 2012 6:21 am
by Tom T.
pgw78 wrote:I did remove it. I've always felt a little squeamish about doubleclick. It's a shame that several of the comics on the list (including some of my personal favorites) use it, but my distaste for doubleclick outweighs the small revenue increase for the comics. If they want my ad views, they can switch to a less sketchy source.
E-mail the webmaster and let them know that you're blocking DC, and *why* -- and that you *are* allowing the less-slimy ad companies to run, thus supporting the site. If enough people did this, we could drive DC out of business. "Vote with your dollars" (or their ad-payment dollars).
since I haven't registered here I don't have the ability to edit my posts (even though the thought crossed my mind to do so).
If you stick around or have occasion to post again, it takes only a minute to register; no personal info required, just a verifiable e-mail address (which can be disposable, etc.), and we're the last people on Earth who would ever misuse e-mail addresses. ;) In the meantime, if you really foobar a post, just ask to have it edited, and the next moderator who happens to read it will do that. (assuming a reasonable request, not a flame, etc.) ... but yeah, another advantage of registering.
I tried visiting the homepage of one of the blocked scripts (invitedmedia.com, I think) directly. ... Yes. I wasn't expecting them to run ads there. I was surprised that the page wouldn't load at all, and thought the side effect worth noting.
Indeed. Blocked third-party scripts are par for the course, but ABE figures that an ABE rule means that you *really* don't trust those people, and wouldn't want to visit their own (first-party) site, either. I went there *without* your ABE rule, but of course no scripting from them, and the page displayed completely (apparently). ... including the news that they are now a part of Google. Sheesh, does Google want to own *everything*? I thought that was Microsoft's goal ... :mrgreen:
I went to The Onion. ....Yes. I thought maybe denying through ABE would show some indicator. I've had the bar pop up to let me know the rule had blocked a script a few times.
User-configurable: NS Options > Notifications > check or uncheck ABE.
Blocked third-party scripts won't trigger the ABE notification, but a blocked page request (GET request, etc.) will.

Another example; There's a thread in this forum about adlog dot com dot com, an evil place. The ABE rule (try this) is

Code: Select all

Site .com.com
Deny
Then try typing www dot i dot com dot com (no free SEO publicity!) in the address bar. If you have ABE Notifications enabled, the bar pops up with the blocked GET request.
If you don't have them enabled, the page just stays blank.

*BUT* you will always have an explanation in the Error Console. (Ctrl+Shift+J, or Firefox Tools > Web Developer > Error Console)
This is what actually appeared in mine:

Code: Select all

[ABE] <.com.com> Deny on {GET http://www.i.com.com/ <<< chrome://browser/content/browser.xul - 6}
USER rule:
Site .com.com
Deny
Telling you that ABE blocked the GET request to that URL, and citing the particular rule (which you created) that caused the block.
Useful if you accidentally block a site that you didn't mean to, because now you know which rule to modify.
Once or twice, thanks to the giant URLs involved, it was so big it messed with the page scaling, to the point that even with the browser in full screen mode I couldn't get to the right edge of the box or see the rightmost tabs in the tab bar....
Easy solution above: disable the notification, even if temporarily, and use the Error Console if you need the info.

Thanks again for your dialog and kind words. :)

Re: Why must I "Temporarily allow all this page" REPEATEDLY?

Posted: Thu Mar 22, 2012 11:14 am
by pgw78
Tom T. wrote:E-mail the webmaster and let them know that you're blocking DC, and *why* -- and that you *are* allowing the less-slimy ad companies to run, thus supporting the site. If enough people did this, we could drive DC out of business. "Vote with your dollars" (or their ad-payment dollars).
The thought had occurred. Thanks for encouraging it. I think I'll do just that.
If you stick around or have occasion to post again, it takes only a minute to register; no personal info required, just a verifiable e-mail address (which can be disposable, etc.), and we're the last people on Earth who would ever misuse e-mail addresses. ;) In the meantime, if you really foobar a post, just ask to have it edited, and the next moderator who happens to read it will do that. (assuming a reasonable request, not a flame, etc.) ... but yeah, another advantage of registering.
Also wouldn't have to deal with these CAPTCHAs every time I post. But I keep thinking each message is about the last one I have reason to post, so why bother setting up yet another login?
I tried visiting the homepage of one of the blocked scripts (invitedmedia.com, I think) directly. ... Yes. I wasn't expecting them to run ads there. I was surprised that the page wouldn't load at all, and thought the side effect worth noting.
Indeed. Blocked third-party scripts are par for the course, but ABE figures that an ABE rule means that you *really* don't trust those people, and wouldn't want to visit their own (first-party) site, either.
Ah, that makes sense.
I went there *without* your ABE rule, but of course no scripting from them, and the page displayed completely (apparently). ... including the news that they are now a part of Google. Sheesh, does Google want to own *everything*? I thought that was Microsoft's goal ... :mrgreen:
I've been afraid of the giant Google monster for years. Held out using them for as long as I could. Still won't use Gmail. But of course they've swallowed up other things I use, like YouTube. And thoroughly crushed most of their competitors.
I went to The Onion. ....Yes. I thought maybe denying through ABE would show some indicator. I've had the bar pop up to let me know the rule had blocked a script a few times.
User-configurable: NS Options > Notifications > check or uncheck ABE.
Blocked third-party scripts won't trigger the ABE notification, but a blocked page request (GET request, etc.) will.
I see. That's good to know. And the rest, which I'll snip to save space.
Once or twice, thanks to the giant URLs involved, it was so big it messed with the page scaling, to the point that even with the browser in full screen mode I couldn't get to the right edge of the box or see the rightmost tabs in the tab bar....
Easy solution above: disable the notification, even if temporarily, and use the Error Console if you need the info.
I just hit the back button or loaded another page in that tab. Notification disappeared, and everything went back to normal. If it does become a persistent problem, I will disable the notification. So far, though, it's only happened a couple of times and I'd rather have the notifications in general.
Thanks again for your dialog and kind words. :)
Alright, alright. Enough with the thanking. This will become an endless cycle, you know. ;)

... Okay, fine. One last one. Can't leave it at that. You have been very kind, helpful, and pleasant, and you've made sure to explain things simply and clearly for laymen like myself. It's refreshing, and much appreciated. :)

Now, that's enough of that. Don't thank me for saying that. Or else. Or else... uhm... oh, right! Or else I shall have to thank you again!

Paul