script - JavaScript, e.g. <script> tags
object - plugin objects (usually Flash, Java applets, Silverlight, etc)
media - HTML5 audio/video
frame - subdocuments, e.g. <frame> and <iframe>
font - remote fonts
webgl - WebGL
fetch - whether other sites can make XMLHttpRequest (sometimes abbreviated as "XHR") and Fetch request to this site
ping - destination of navigator.sendBeacon and hyperlink ping attribute
noscript - whether to show the contents of <noscript> elements where NoScript blocks scripts (which can happen either by disabling "script" permission for the site, or having "Any capability blocked in the top document must be blocked in its subdocuments too" enabled - see viewtopic.php?p=103640#p103640 )
"lazy load" - when disabled for a site, NoScript will prevent webpages served by that site from using scriptless lazy loading for any subresources (loading="lazy" attribute will be changed to loading="eager")
"unrestricted CSS" - when disabled for a site, NoScript mitigates pure-CSS exploits (e.g. CSS PP0) on pages served by that site
LAN - whether this site is allowed to make requests to resources on your local network, e.g. localhost or private IP addresses, when this site is not itself hosted on your local network
other - requests where Firefox cannot identify the request type (ref https://hackademix.net/2017/12/04/noscr ... ment-39964)
_________________________
(Last updated for NoScript 11.4.35rc3. Originally posted in reply to viewtopic.php?f=7&t=24046 , which also hosts the related discussion.)
What do the individual checkboxes for Default/Trusted/Untrusted/Custom mean?
What do the individual checkboxes for Default/Trusted/Untrusted/Custom mean?
*Always* check the changelogs BEFORE updating that important software!
-