Specific page configuration advice

[tourtragic]

Hi,
We shall be running a special profile for the next 3 weeks, to display this page:
http://tdftourtracker.sbs.com.au/

Fx 3.6.6 settings: all defaults except home page.
NS 1.9.9.97settings: all defaults except Allow Scripts Globally unchecked and Display recently blocked sites unchecked.
Scripts allowed on page:
all google ones
sbs.com.au
amazonaws.com
engagedsports.com

no facebook, yahoo or twitter allowed.

We note that the Flash player is JW player, not Adobe,
www dot longtailvideo dot com/players/jw-flv-player
and that it appears to need to run with scripts from an iphone code (we are running the page on a desktop with zero apple stuff connected).

Can any power user advise what, if any, extra config steps we should/could take to harden this player in an Ubuntu desktop system.
As far as I can see, the page is well integrated and secure enough- for a NS user - but the need for the engagedsports.com scripts to run is a little confusing, and a little concerning.

thanks for all comments

[tourtragic]

EDIT Whitelist:
Add yahooapis.com :-/

[Tom T.]

I don't use, or know, Ubuntu, but I don't think it matters here.
You can fine-tune permissions by not allowing the second-level domain (the thing before dot com or dot whatever). E. g., I allowed
maps.google.com and maps.gstatic.com, not the entire google.com domain.
theracetracker.s3.amazonaws.com versus just allowing amazonaws.com
No yahooapis allowed. No google-analytics.com
tdftourtracker.sbs.com.au versus all sbs.com.au

I have the video up top, the description in the upper right, and the stage map at the bottom. Am I missing anything? ... In any event, you can see the approach of limiting permissions to the actual specific source instead of the entire domain.

I find "Recently blocked sites" useful in diagnosing what might be needed if something isn't working right.

It ran fine on Adobe Flash player; no need for jw player. I broke that link, as is common policy here, because we do get a lot of spam-link posts. If this is not you, please do not take offense.

Edit: No iphone scripts needed, either. Perhaps that is a function of the player that you're using. Flash player runs fine - I didn't even see any requests for iphone scripts.

Edit 2: Sorry I missed your question about engaged sports. According to their website, they are a provider of platforms for such things as this. The page source verifies that they call scripts from cache.engaged.etc. They have no results on WOT, which at least means that they've had no complaints logged there. I don't know anything about them.

[tourtragic]

Hi
Thanks for the response.
Too much information about the fine-grained domains, no offence. We reckon that a person can trust the whole domain, or not at all - - for this kind of limited special profile. And it's easier to trouble-shoot with defaults.

The non-Adobe Flash player, sorry for the lack of clarity, is run by the broadcaster.

But anyway, with Giorgio minding the cross site stuff and keeping it all in the browser, we'll be happy enough to allow extra scripting as and when engagedsports.com wants them. It looks as though the broadcast app is getting a few fine-tunes itself at each day's live broadcasting. My guess is that the full apple compatible app is getting catered for to save mess.
Mobiles are just taking over the web