Hi there, I always use the "Apply these restrictions to whitelisted sites too" but I often have to keep enabling Java on my whitelisted sites. I want this option to be enabled mainly because of Flash.
My suggestion is to decouple the additional restrictions of untrusted and whitelisted sites. This way there would be two tabs, Embeddings (untrusted) and Embeddings (whitelisted), with the relevant options in each one.
Best regards.
[RESOLVED VIA ABE] Suggestion for the 'Embeddings' tab
-
- Posts: 19
- Joined: Thu Mar 29, 2012 11:51 pm
[RESOLVED VIA ABE] Suggestion for the 'Embeddings' tab
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:11.0) Gecko/20100101 Firefox/11.0
Re: Suggestion for the 'Embeddings' tab
Did you mean "Java", or "Javascript"?ssjkakaroto wrote:Hi there, I always use the "Apply these restrictions to whitelisted sites too" but I often have to keep enabling Java on my whitelisted sites. I want this option to be enabled mainly because of Flash.
Due to an unfortunate historical naming (long since regretted), there has been confusion between these two to the present day.
It will get even better in NoScript 3.x for the desktop, on which Giorgio is working furiously to release. There will be GUI permissions for *each site*, IIUC (design not finalized yet).ssjkakaroto wrote:My suggestion is to decouple the additional restrictions of untrusted and whitelisted sites. This way there would be two tabs, Embeddings (untrusted) and Embeddings (whitelisted), with the relevant options in each one.
In the meantime, please read the sticky post, Site-Specific-Permission Questions? PLEASE READ THIS FIRST!, and the FAQ linked from it. They will help you accomplish your goals.
If after reading it, you still need assistance in formulating the rules, by all means post back with the specifics.
Best regards,
- Tom.
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.28) Gecko/20120306 Firefox/11.0
-
- Posts: 19
- Joined: Thu Mar 29, 2012 11:51 pm
Re: Suggestion for the 'Embeddings' tab
Thanks for the response Tom. I did mean Java, not javascript.
I'm reading the FAQ, but I'm having trouble formulating a rule that would allow java objects but deny flash objects from site.com.
If I use a rule that has something like:
Deny INC(OBJ,OBJSUB)
both objects will be blocked right?
I'm reading the FAQ, but I'm having trouble formulating a rule that would allow java objects but deny flash objects from site.com.
If I use a rule that has something like:
Deny INC(OBJ,OBJSUB)
both objects will be blocked right?
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:11.0) Gecko/20100101 Firefox/11.0
Re: Suggestion for the 'Embeddings' tab
IIUC, you want to deny Flash even at whitelisted sites, but allow Java at *only certain* w/l sites, not all, correct?ssjkakaroto wrote:..... a rule that would allow java objects but deny flash objects from site.com.
To block Flash by default at whitelisted sites, on the NS Options > Embeddings tab, check "Forbid Flash" and "Apply these restrictions to whitelisted sites too.". You will have to uncheck "Forbid Java" so that ABE gets to see the Java objects.
One way to allow Java, if it's only one site, which offers only one Java applet (real-world example):
Code: Select all
Site java-vm@*.*
Accept from https://www.hushmail.com
Deny
At other sites, or for multiple sites, it's probably better to make individual rules:
Code: Select all
Site java-vm@http://site1.com/java/somecoolfunction/*
Accept from .site1.com
Deny
Site java-vm@http://site2.com/java/somethingelse/*
Accept from .site2.com
Deny
Site java-vm@*.*
Deny #(blocking all other java-vm, as in the first example)
Code: Select all
Site java-vm@http://site1.com/java/somecoolfunction/* java-vm@http://site2.com/java/somethingelse/* java-vm@http://site3.com/java/watchthis/*
Accept from .site1.com .site2.com .site3.com
Deny
Site java-vm@*.*
Deny
If your example is more complex, and following that pattern doesn't work for you, then go ahead and post the actual situations and name of objects to be allowed. If they're privacy-sensitive, you can PM to me, and put generic names in the post. I would just want to make sure that I'm seeing the actual site, getting the right permissions and restrictions, and testing that it works -- in strict confidence, of course.
Mozilla/5.0 (Windows NT 5.1; rv:12.0) Gecko/20100101 Firefox/12.0
-
- Posts: 19
- Joined: Thu Mar 29, 2012 11:51 pm
Re: Suggestion for the 'Embeddings' tab
Thanks a lot Tom, the rules you posted were more than enough for what I was trying to accomplish!
Mozilla/5.0 (Windows NT 6.1; rv:12.0) Gecko/20100101 Firefox/12.0
Re: Suggestion for the 'Embeddings' tab
Excellent! And you're quite welcome.ssjkakaroto wrote:Thanks a lot Tom, the rules you posted were more than enough for what I was trying to accomplish!
Mozilla/5.0 (Windows NT 5.1; rv:12.0) Gecko/20100101 Firefox/12.0
- Giorgio Maone
- Site Admin
- Posts: 9454
- Joined: Wed Mar 18, 2009 11:22 pm
- Location: Palermo - Italy
- Contact:
Re: [RESOLVED VIA ABE] Suggestion for the 'Embeddings' tab
I apologize for updating this topic so late, but unfortunately the information provided here was incorrect, probably based on confusion between embedded content blocking and ABE, which are separate and very different mechanisms.
More specifically, ABE knows almost nothing about content types, beside hints provided by the loader, and therefore nothing reliable and usable, because ABE blocking happens before the request is initiated, since its intended scope is preventing CSRF: in facts, once the request is sent and the content-type is ultimately known, CSRF already happened.
The syntax shown above has never been implemented, documented or even planned, sorry.
More specifically, ABE knows almost nothing about content types, beside hints provided by the loader, and therefore nothing reliable and usable, because ABE blocking happens before the request is initiated, since its intended scope is preventing CSRF: in facts, once the request is sent and the content-type is ultimately known, CSRF already happened.
The syntax shown above has never been implemented, documented or even planned, sorry.
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:26.0) Gecko/20100101 Firefox/26.0