[RESOLVED - ENHANCEMENT] Whitelist embeddings

[DiPassaggio]

Hi,
I've disabled embeddings for untrusted *and* trusted sites, but I'd like to permanently allow some very trusted sites, is there a way to specify in the whitelist that let's say... all flash embeddings on youtube.com should be allowed while retaining the global setting that disables for everyone else?

What I'd need would be a granular exception of what's allowed and what's not, it's already there, just only temporary under the "blocked objects" menu.

Thanks

[dhouwn]

noscript.allowedMimeRegExp

Code: Select all

application/x-shockwave-flash@https?://s\.ytimg\.com

[Thrawn]

Or the Site-Specific-Permission Questions? PLEASE READ THIS FIRST! post in the Support forum.

[DiPassaggio]

Thanks for your help,
is there a syntax reference floating around?

Actually my goal would be to allow iframes from readability.com in order to have their bookmarklet working correctly.

[DiPassaggio]

Or the Site-Specific-Permission Questions? PLEASE READ THIS FIRST! post in the Support forum.

I'm not entirely sure this applies to my question, and writing ABE rules out of thin air is definitely out of my league.

[Thrawn]

I'm not entirely sure this applies to my question, and writing ABE rules out of thin air is definitely out of my league.

Well, the part about NoScript 3.x for the desktop certainly applies...it's coming as fast as Giorgio is able!

ABE isn't really plugin-specific, as documented in this thread.

[DiPassaggio]

Well, the part about NoScript 3.x for the desktop certainly applies...it's coming as fast as Giorgio is able!

That's good to know, it looks very nice.

ABE isn't really plugin-specific, as documented in this thread.

Unfortunately ABE is not flexible.
I would have to:

• re-enable embeddings for trusted and untrusted sites (this is a big no go)
• block by default everything via ABE
• write an exception for the site I'm interested with

and still I would be out of luck with a random object on a random site, since I would not be able to temporarily enable it without disabling ABE.

Anyway thanks for the help.

[Thrawn]

You could see how you go with RequestPolicy and possibly the Tab Permissions and Host Permissions addons (although the latter addons are tab-oriented, so they're a bit quirky when you browse from one site to another within the same tab).

[Tom T.]

Thanks for your help,
is there a syntax reference floating around?

If you have a basic familiarity with Regular Expressions, just follow dhouwn's model.

If not successful, feel free to post back for help with a specific site.

[DiPassaggio]

If not successful, feel free to post back for help with a specific site.

And here I am
This is what I would like to permanently allow: <IFRAME>@https://www.readability.com/articles/queue
otherwise the Readability bookmarklet doesn't work.
Currently I click on the bookmarklet, which brings the iframe, I authorize the iframe and click on the bookmarklet again.

[Tom T.]

Fastest way is to keep all embeddings blocked, but uncheck "Apply these restrictions to whitelisted (trusted) sites too" -- then keep a *very* short, and *very* trusted, whitelist, because you're allowing all plug-ins, etc, not just IFRAME.

I don't think the noscript.allowedMimeRegExp will work here, because OP was about Flash, which is a registered MIME type.
IIRC, IFRAME is not. If I am mistaken, and someone knows how to use this setting for IFRAME, please assist, thanks.

[DiPassaggio]

I don't think the noscript.allowedMimeRegExp will work here, because OP was about Flash, which is a registered MIME type.
IIRC, IFRAME is not. If I am mistaken, and someone knows how to use this setting for IFRAME, please assist, thanks.

From NoScript 2.5.9 changelog:
+ Added new fake mimetype placeholder "FRAME" to match FRAMEs and IFRAMES
with the noscript.allowedMimeRegExp preference
+ Made mimetype whitelisting through the noscript.allowedMimeRegExp
preference work with FRAMEs and IFRAMEs as well

It works great, thanks Giorgio.

[Tom T.]

Yes, I too was very pleased to see that enhancement.