but I'd love to see an options to set a timeout of temporary permissions if I'm not currently on this specific site.
Any timed automatic revocation of permissions would be less convenient for me. I've grown accustomed to having temporary permissions persist until I restart the browser or manually remove one or more of them. In the course of multitasking I often surf away from a domain and return to it sometime later during the same browsing session.dhouwn wrote: Another idea, how about changing the definition of temporary in the sense that a permission get revoken once you surf away from the domain where you allowed it?
Getting a permission revoked once you surf away would make even more sense! As soon as you go back, depending on your configuration, you can give that site the permission back!Alan Baxter wrote:[...] In the course of multitasking I often surf away from a domain and return to it sometime later during the same browsing session.dhouwn wrote: Another idea, how about changing the definition of temporary in the sense that a permission get revoken once you surf away from the domain where you allowed it?
It depends on what configuration we're talking about:Alan Baxter wrote:No, when I set a Temporarily Allow, I want it to persist for the rest of the browsing session or until I manually revoke it, especially if I may return to the site later. Having to reset the Temporarily Allow every time I surf back to the site would be a PITA.
No, of course not!Alan Baxter wrote:BTW, I know you didn't say it's a security issue. Good, because it isn't. You should never Allow an untrusted site, even temporarily.
Bingo! I never allow the top-level-domain automatically. When I visit a site whose server has been hijacked, I don't want scripting to be enabled for any site to which it redirects me, i.e. it's safer to Allow a site only after seeing what site you're allowing.forfrom1337 wrote: If you DO NOT allow the current top-level-domain automatically and you set up "manually" which site to allow temporary, it does makes sense to keep that permission for the rest your browsing session.
If I were you, I'd put the NoScript Revoke Temporary Permissions button on a toolbar and click it when leaving a Facebook.but: if you, as I do, DO allow the current top-level-domain automatically, I usually do not need the permissions of the other pages I visited earlier. Best example would be facebook:
I don't have set up a specific facebook-authorization, it gets allowed as long as I'm on facebook. But I don't want to allow the facebook-scripts on any other page and yet they are, because I visited facebook earlier!
Code: Select all
# facebook.com containment rule
# This rule allows Facebook scripts objects and frames to be included only
# from Facebook pages and apps
Site .facebook.com .fbcdn.net .facebook.net
Accept from .facebook.com .fbcdn.net .facebook.net .mafiawars.com .eamobile.com
Deny INCLUSIONI think you're effectively doing this by automatically TAing top-level sites. (Reference the risk of using that option I mentioned earlier.)No, of course not!Alan Baxter wrote:You should never Allow an untrusted site, even temporarily.
I'm sorry, but I've got to ask again so that i really understand this:Alan Baxter wrote:Or better yet, you can have ABE do the equivalent automatically.
http://noscript.net/faq#qa8_10Code: Select all
[see above]
Yes it is.forfrom1337 wrote: Now I surf on facebook and put facebook on my whitelist BUT i only want to allow facebook when i''m actually on facebook. Is this beeing taken care of by the mentioned ABE-Code???
I'm sorry, but I've got to ask again:Giorgio Maone wrote:Yes it is.forfrom1337 wrote: Now I surf on facebook and put facebook on my whitelist BUT i only want to allow facebook when i''m actually on facebook. Is this beeing taken care of by the mentioned ABE-Code???