Request: Option to integrate cookie blocking whitelist

[Maratanos]

As a web user with a fair bit of savvy, I endeavor to keep my browser as clean as possible for personal use. I periodically clean my cookies, and I make use of Adblock Plus and NoScript in order to attempt to exert more control over the things websites can do with my browser. I also have my browser configured to ask me every time a site I have not pre-approved wants to set a cookie.

Unfortunately, it continues to become increasingly apparent to me that in a number of crucial ways, NoScript's script control technology is vastly superior to Firefox's built-in support for managing cookies on a site-by-site level in several crucial ways.

First, Noscript automatically blocks all scripts that have not been explicitly removed while, crucially, still allowing the page to render. In this way it is possible to find out more about a page that you have just arrived at before being required to make a decision whether or not to trust the page. Conversely, Firefox's cookie system has a modal dialog window that appears every time a cookie is attempted to be set and does not continue rendering the page until you make a decision how to trust it. It is possible to close the modal popup window without making that decision (and thus not set the cookie either), but this is an untenable situation for two reasons. First, depending on the webpage, as many as 50 or more cookies may be attempted to be set before the webpage gives up, and occasionally not even then. Each time the browser halts rendering and brings up a modal popup window that doesn't even allow you to switch to another tab. And second, often if you refuse to tell Firefox whether or not to set the cookie, page rendering will halt completly and you will have to refresh the page.

So we are left with attempting to try to decide whether or not to trust the cookie source. But it doesn't work because even though you can tell Firefox to allow a cookie for a session, or to ignore the exception on all future requests, you cannot tell it to allow an exception for a session, and then to ignore it on all future sessions. What this means practically is that once again, depending on the website you may be forced to tell firefox to allow a cookie for a session anywhere from 20 to 50 times before the page finishes rendering and you can finally tell whether or not, as it turns out, you wanted to block the website after all.

Now don't get me wrong. I recognize that none of the things I have said before are grounds on their own for any action on your part. Certainly this is something Firefox should take the blame for and do something about, in an ideal world. But I'm posting this here first for two reasons. First of all, I'm inclined to be a little more likely to believe that NoScript will do something about this than Firefox. And second, even if Firefox did implement this functionality the situation would still not be ideal, because there's very little reason to have two block lists in the first place. Either you trust a website or you don't. If you do, there's no harm in allowing both scripts AND cookies. If you don't, there's very little reason to allow either. So I would like to be able to maintain a single list that applies to both scripts and cookies.

I am curious to know what the opinion is on this topic.

cf. http://forums.informaction.com/viewtopi ... =10&t=3486

[Alan Baxter]

there's very little reason to have two block lists in the first place. Either you trust a website or you don't. If you do, there's no harm in allowing both scripts AND cookies. If you don't, there's very little reason to allow either. So I would like to be able to maintain a single list that applies to both scripts and cookies.

Since cookies aren't active content, I rarely consider them harmful. My cookie and noscript whitelists and blacklists are not similar at all. Perhaps you may find a dedicated cookie management extension useful. I use Cookie Monster.