I'm currently struggling with the issue of remembered trusted/untrusted sites ( over here viewtopic.php?f=7&t=25927&p=102272#p102165 ), and as a part of that I've bodged together a noscript_data.txt file from different sources. However there is a lot of stuff in there that I'm wondering either what it is or what it does.
The following questions I'm listing because I performed a few searches here on the site, and couldn't find anything concrete on managing the data file, or what any of this means in the FAQ. If there's a documentation page, I couldn't find that, unfortunately.
- What does this symbol mean when presented before a site with a colon after it?
This is only in my ns data file's trusted' and 'custom' sections.
Code: Select all
§
Possible Answer: Through trying to get a valid import, this seems like it's the locking signifier for NS Quantum to allow the (sub-)domain "only if their protocol is HTTPS":
.What about the "Match HTTPS only" green/red lock toggle? If green (locked), the toggle makes base domain entries (e.g. "..google.com") match themselves and all their subdomains, but only if their protocol is HTTPS (and therefore the traffic encrypted and not easily tampered with). Otherwise, if red and unlocked, both HTTP and HTTPS match: this has bad security implications especially on "hostile" networks where injecting malicious scripts directly in the unencrypted traffic is relatively easy, but is unfortunately needed for some sites to work. NoScript tries to gives you the "smartest" default for each site, i.e. green if the page is already served on HTTPS, red otherwise. - I've noted that https green mark is done by ensuring that the domain has that before it, and that you can double up and add the insecure to the untrusted list (I assume that's redundant, though). So, to ensure https, one requires:
... to become:
Code: Select all
"arsenal.com",
Is there anything else regarding the http/https we should know? I'd imagine that one can't repeat a domain more than the twice (secure and non) with that.Code: Select all
"https://arsenal.com",
. - Could I capably assume that (to continue the above example) that the previous https site would trust all subdomains, but if I wanted to distrust one subdomain I would add the following to the untrusted section?:
Code: Select all
"https://players.arsenal.com",
- If a domain (with no secure/insecure signifier) is in the untrusted list does that indicate that either are untrusted or only the insecure version?
. - Are there any requirements for wildcards in here, and if so, what would they be? (couldn't see an obvious one)
. - Is the "xssUserChoices" section able to take custom additions (if I magically knew some)? It currently has this entry:
Would it perhaps take the old style stuff, like this from the old XSS section, or am I gloriously misunderstanding NS quantum's style?
Code: Select all
"https://www.lindy.co.uk>https://5404841.fls.doubleclick.net": "block"
Code: Select all
^https?://([a-z]+)\.google\.(?:[a-z]{1,3}\.)?[a-z]+/(?:search|custom|\1)\? ^https?://([a-z]*)\.?search\.yahoo\.com/search(?:\?|/\1\b) ^https?://[a-z]+\.wikipedia\.org/wiki/[^"<>?%]+$ ^https?://translate\.google\.com/translate_t[^"'<>?%]+$ ^https://secure\.wikimedia\.org/wikipedia/[a-z]+/wiki/[^"<>\?%]+$
- Is there a list of what the various 'system URLs' (like the following) in there are for?
Code: Select all
[System+Principal]
Best
EDIT
Sorry, forgot about that last question, just edited it in.