ssjkakaroto wrote:..... a rule that would allow java objects but deny flash objects from site.com.
IIUC, you want to deny Flash even at whitelisted sites, but allow Java at *only certain* w/l sites, not all, correct?
To block Flash by default at whitelisted sites, on the NS Options > Embeddings tab, check "
Forbid Flash" and "
Apply these restrictions to whitelisted sites too.". You will have to uncheck "
Forbid Java" so that ABE gets to see the Java objects.
One way to allow Java, if it's only one site, which offers only one Java applet (real-world example):
Code: Select all
Site java-vm@*.*
Accept from https://www.hushmail.com
Deny
The site has only one Java applet (the local encryption engine), so it's safe to wildcard it, while also wildcarding the blocking of all java-vm everywhere else.
At other sites, or for multiple sites, it's probably better to make individual rules:
Code: Select all
Site java-vm@http://site1.com/java/somecoolfunction/*
Accept from .site1.com
Deny
Site java-vm@http://site2.com/java/somethingelse/*
Accept from .site2.com
Deny
Site java-vm@*.*
Deny #(blocking all other java-vm, as in the first example)
If there is no chance of the object names colliding (overlapping), these could be combined:
Code: Select all
Site java-vm@http://site1.com/java/somecoolfunction/* java-vm@http://site2.com/java/somethingelse/* java-vm@http://site3.com/java/watchthis/*
Accept from .site1.com .site2.com .site3.com
Deny
Site java-vm@*.*
Deny
We have site-specific permissions for specific Java applets, and a general Deny rule for all other java-vm.
If your example is more complex, and following that pattern doesn't work for you, then go ahead and post the actual situations and name of objects to be allowed. If they're privacy-sensitive, you can PM to me, and put generic names in the post. I would just want to make sure that I'm seeing the actual site, getting the right permissions and restrictions, and testing that it works -- in strict confidence, of course.