Discussion: Site Specific Permissions Policy

Bug reports and enhancement requests
User avatar
Giorgio Maone
Site Admin
Posts: 9454
Joined: Wed Mar 18, 2009 11:22 pm
Location: Palermo - Italy
Contact:

Re: Discussion: Site Specific Permissions Policy

Post by Giorgio Maone »

tlu wrote: As long as Noscript 3 isn't available yet, there is a workaround using AdblockPlus. If you want to block flash by default just add this custom filter:

swf|
Hmm, no.
Mozilla/5.0 (Windows NT 5.2; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
tlu
Senior Member
Posts: 129
Joined: Fri Jun 05, 2009 8:01 pm

Re: Discussion: Site Specific Permissions Policy

Post by tlu »

Giorgio Maone wrote:
tlu wrote: As long as Noscript 3 isn't available yet, there is a workaround using AdblockPlus. If you want to block flash by default just add this custom filter:

swf|
Hmm, no.
Oops - I didn't know that. Although I knew that Flashblock can be defeated. Thanks for that hint, Giorgio.

EDIT: It's blocked with the $object rule, though.
Mozilla/5.0 (X11; Linux x86_64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
User avatar
Giorgio Maone
Site Admin
Posts: 9454
Joined: Wed Mar 18, 2009 11:22 pm
Location: Palermo - Italy
Contact:

Re: Discussion: Site Specific Permissions Policy

Post by Giorgio Maone »

tlu wrote:
Giorgio Maone wrote:
tlu wrote: As long as Noscript 3 isn't available yet, there is a workaround using AdblockPlus. If you want to block flash by default just add this custom filter:

swf|
Hmm, no.
Oops - I didn't know that. Although I knew that Flashblock can be defeated. Thanks for that hint, Giorgio.

EDIT: It's blocked with the $object rule, though.
Look again ;)
Mozilla/5.0 (Windows NT 5.2; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
tlu
Senior Member
Posts: 129
Joined: Fri Jun 05, 2009 8:01 pm

Re: Discussion: Site Specific Permissions Policy

Post by tlu »

Giorgio Maone wrote:
tlu wrote: EDIT: It's blocked with the $object rule, though.
Look again ;)
Ha - you beat me again :lol:

Well, I hope that you're making good progress with NSA then - obviously the only suitable solution for our problem ;)
Mozilla/5.0 (X11; Linux x86_64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
bur
Posts: 12
Joined: Wed Oct 20, 2010 7:29 am

Re: Discussion: Site Specific Permissions Policy

Post by bur »

I wrote this post before I saw there already is a thread regarding this problem, so here's the post again:

There are some sites that won't work without allowing scripts from ad services like doubleclick.net. In that case it would be nice to be able to allow this single site to run scripts from doubleclick.net. In Adblock for example I can click "deactivate: on this site".

I know something like this is possible by using ABE. But that's a little complicated, you first have to globally allow doubleclick.net and then create an ABE rule to globally disallow doubleclick.net and spefically allow for whatever site you want to. Also there's no way to temporarily allow doubleclick.net only for this site. So if I just want to visit a site once or twice I have to grant all sites temporal access to doubleclick.net (or any other site that's needed).

It'd be easier (and feel smoother) if ABE would have precedence over basic NS rules. That way creating an ABE rule to allow dblck.net for that specific site would be enough thus making the process much shorter. That wouldn't solve the "temporal" issue though.

So it'd be even nicer if I could just choose from the NS menu and select "(temporarily) allow doubleclick.net for this 2nd level domain". That'd be a very handy feature that'd help with lots of sites.


From reading this thread I gather that users are advised to use ABE to accomplish this. But I think it's not a real solution as it won't allow temporary unblocking for a specific site. And also it's nothing a normal user will be able to do. Also it's not very straightforward with allowing/disallowing/site-specific allowing using both standard NS and ABE.

The easiest way would be if the whitelist could be set globally and also for specific sites.
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:11.0a1) Gecko/20111212 Firefox/11.0a1
Tom T.
Field Marshal
Posts: 3620
Joined: Fri Mar 20, 2009 6:58 am

Re: Discussion: Site Specific Permissions Policy

Post by Tom T. »

bur wrote:There are some sites that won't work without allowing scripts from ad services like doubleclick.net.
I've never seen one. Can you point to a few? I have doubleclick -- which is a subsidiary of Google -- blocked at the HOSTS file level, as well as Untrusted in NoScript. Not everyone likes using HOSTS this way, but it proves that the browser can't reach DC. I can type the address in the bar, and get a "can't connect" message.
From reading this thread I gather that users are advised to use ABE to accomplish this. But I think it's not a real solution as it won't allow temporary unblocking for a specific site.
It would accomplish it for your frequently-visited sites that "seem" to require doubleclick. But I'll ask Giorigo to create a Surrogate Script for DC, if he feels it necessary.
Pointing to some sites that break without DC would help to support that request. Please do so, thanks.
And also it's nothing a normal user will be able to do. Also it's not very straightforward with allowing/disallowing/site-specific allowing using both standard NS and ABE.
You'll get all your wishes very soon, when NoScript 3.x for the desktop is ready! :)
Mozilla/5.0 (Windows NT 5.1; rv:8.0.1) Gecko/20100101 Firefox/8.0.1
rschnauzer
Posts: 1
Joined: Sat Dec 17, 2011 11:31 am

Re: Discussion: Site Specific Permissions Policy

Post by rschnauzer »

I hope the next release will help to use facebook by allowing facebook.com only on its own site and to prevent it from collecting informations on all other visited sites with the like buttons.
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:8.0) Gecko/20100101 Firefox/8.0
User avatar
GµårÐïåñ
Lieutenant Colonel
Posts: 3365
Joined: Fri Mar 20, 2009 5:19 am
Location: PST - USA
Contact:

Re: Discussion: Site Specific Permissions Policy

Post by GµårÐïåñ »

rschnauzer wrote:I hope the next release will help to use facebook by allowing facebook.com only on its own site and to prevent it from collecting informations on all other visited sites with the like buttons.
There is a rule for that :mrgreen:
~.:[ Lï£ê ï§ å Lêmðñ åñÐ Ì Wåñ† M¥ Mðñê¥ ßå¢k ]:.~
________________ .: [ Major Mike's ] :. ________________
Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.7 (KHTML, like Gecko) Comodo_Dragon/16.1.1.0 Chrome/16.0.912.63 Safari/535.7
tlu
Senior Member
Posts: 129
Joined: Fri Jun 05, 2009 8:01 pm

Re: Discussion: Site Specific Permissions Policy

Post by tlu »

rschnauzer wrote:I hope the next release will help to use facebook by allowing facebook.com only on its own site and to prevent it from collecting informations on all other visited sites with the like buttons.
Already available.
Mozilla/5.0 (Ubuntu; X11; Linux x86_64; rv:9.0.1) Gecko/20100101 Firefox/9.0.1
User avatar
GµårÐïåñ
Lieutenant Colonel
Posts: 3365
Joined: Fri Mar 20, 2009 5:19 am
Location: PST - USA
Contact:

Re: Discussion: Site Specific Permissions Policy

Post by GµårÐïåñ »

"Short answer" that was the meaning of "rule" :roll: "Long answer" the FAQ are there for a reason and why there are tons of links to them all over the forum. People should make a habit of reading F)requenty A)sked Q)uestions :idea:
~.:[ Lï£ê ï§ å Lêmðñ åñÐ Ì Wåñ† M¥ Mðñê¥ ßå¢k ]:.~
________________ .: [ Major Mike's ] :. ________________
Mozilla/5.0 (Windows NT 6.1; rv:8.0) Gecko/20100101 Firefox/8.0
noscriptfan1
Posts: 1
Joined: Fri Feb 03, 2012 7:24 pm

[Request] Enable for this website only

Post by noscriptfan1 »

I hope you have a [Enable for this website only] soon option in the menu, as my ABE just keeps on getting bigger and bigger

I just enable googleapis temporarily because I want it disabled as soon as possible for even the sites I use it on, I don't want it used for long,and I definitely don't want it enabled on my other tabs. I also have wolframalpha.com twice because you have to scroll the list and I thought I didn't have it added. I started using A.B.E. as per a recommendation of a senior board member a year and a half ago.
The keeps on getting bigger and bigger this is just a small snippet of it.

# User-defined rules. Feel free to experiment here.
Site googleapis.com *.googleapis.com
Accept from *.virustotal.com *.slickdeals.net *.slickdealz.net *.bexar.org *.orcacle.com *.wolframalpha.com
Accept from*.qj.net *.rankupxp.com *.sparkfun.com *.instructables.com *.mediafire.com *.custhelp.com *.kraftfoods.com
Accept from *.wolframalpha.com elderscrolls.wikia.com survey.edc.epsiloninteractive.com
Deny


I appreciate all you do and I know your doing this for free/coffee money but as the length of this thread indicates, it would get rid of a lot of problems people have, and not everybody posts or even posts here about it, about 25,000 views so far.
Last edited by noscriptfan1 on Fri Feb 10, 2012 4:57 pm, edited 1 time in total.
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:10.0) Gecko/20100101 Firefox/10.0
User avatar
GµårÐïåñ
Lieutenant Colonel
Posts: 3365
Joined: Fri Mar 20, 2009 5:19 am
Location: PST - USA
Contact:

Re: Discussion: Site Specific Permissions Policy

Post by GµårÐïåñ »

I can't promise when or how it will look but it has been discussed for a LONG while that a form of visual rule builder or menu driven system would be added at some point, think of it as a cross between NS now, RP, and ABP blockable elements all rolled into an elegant interface. Security and bug fixes have been the priority as well as infrastructure for the next big version. So it will be considered, just be patient please. Great products take time to make, this little beauty has been evolving like a good wine, it will be worth the wait. ;)
~.:[ Lï£ê ï§ å Lêmðñ åñÐ Ì Wåñ† M¥ Mðñê¥ ßå¢k ]:.~
________________ .: [ Major Mike's ] :. ________________
Mozilla/5.0 (Windows NT 6.1; rv:10.0) Gecko/20100101 Firefox/10.0
User avatar
Giorgio Maone
Site Admin
Posts: 9454
Joined: Wed Mar 18, 2009 11:22 pm
Location: Palermo - Italy
Contact:

Re: Discussion: Site Specific Permissions Policy

Post by Giorgio Maone »

Fine grained permissions will eventually come, but unfortunately they needed to get postponed so far for various reasons: for instance, the NSA codebase (where they were being experimented) needs a big overhaul because of big changes in the Firefox's mobile development directions, and some experimental work is about to start on a Chrome porting, finally, while I keep fighting back new kinds of web attacks (e.g. CursorJacking, or SVN-based keylogging and so on).

Furthermore, the most popular use cases I've seen so far are a bit overestimated IMHO, because you shouldn't forget that 3rd party scripts get to run if and only if the parent page is allowed, therefore if you're going to allow googleapis.com on all or almost all the sites you've got in your whitelist which need it, you already have the same behavior by default (googleapis.com, if allowed, runs only when embedded by other whitelisted sites).
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:10.0) Gecko/20100101 Firefox/10.0
lewisje
Posts: 5
Joined: Thu Dec 09, 2010 5:18 pm

Re: Discussion: Site Specific Permissions Policy

Post by lewisje »

I <3 the Chrome-port idea; I'm guessing that you're starting now rather than before because WebRequest finally went stable.

As soon as the alpha becomes available I'll ditch ScriptNo in favor of your solution~
Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.11 (KHTML, like Gecko) Chrome/17.0.963.46 Safari/535.11
User avatar
GµårÐïåñ
Lieutenant Colonel
Posts: 3365
Joined: Fri Mar 20, 2009 5:19 am
Location: PST - USA
Contact:

Re: Discussion: Site Specific Permissions Policy

Post by GµårÐïåñ »

Yes the ContentSettings and WebRequest API released late in 16.x branch and not really perfected until the 18.x branch (IIRC it still hasn't become 100% stable yet and is a work in progress) have provided an opportunity to try and see if it can be done without compromise.
~.:[ Lï£ê ï§ å Lêmðñ åñÐ Ì Wåñ† M¥ Mðñê¥ ßå¢k ]:.~
________________ .: [ Major Mike's ] :. ________________
Mozilla/5.0 (Windows NT 6.1; rv:10.0.1) Gecko/20100101 Firefox/10.0.1
Post Reply