The overall goal here is to be able to optimize NoScript's security by avoiding the need to grant extra, wide permissions because it's too difficult or time-consuming to ferret out exactly what's specifically necessary by hand. I'm using the latest version of Firefox, in case that matters.
It's becoming increasingly common that I'll be on a site where things aren't working (for example, the account registration process on this very site) and the only way I can proceed is to completely disable NoScript for the current tab...since all the highlighted permissions in the drop-down are already granted. I have a couple of ideas on how this could be solved:
1. Does NoScript keep a log anywhere of which permissions are being triggered? Something with output like this (the specific format isn't relevant, just something with these contents and reasonably machine-parseable would be ideal):
Code: Select all
Site | Remote site | Permission | Action
----------------------- | ------------------- | ---------- | ------
forums.informaction.com | www.google.com | script | allow-temp
www.example.com | | media | deny
www.example.com | content.example.com | font | allow
It'd be awesome to have a real-time log like this directly in the tab's UI, so you don't have to worry about whether you're seeing activity in a global log that's being generated by other tabs. You'd think it'd be obvious, but for example Google is in so many pages now because of its CAPTCHA stuff, not to mention sites like CloudFlare, jQuery, jsdelivr...you get the idea.
2. Does NoScript have a "learning mode", where it automatically grants any permission that's triggered, and then goes back to normal when you switch back to "enforcing" mode (the normal behaviour)? Better yet, if it had an option to make any "learned" permissions as temporary, which would be good for stuff like this forum's account registration where you have to allow third-party requests to Google for it's CAPTCHA stuff but you don't want those permissions set permanently. Also better yet if it displayed a report with a list of added permissions when you switch back to normal mode.