Hi,
Firstly, a BIG THANK YOU for my MOST IMPORTANT addon.
I would like to make a suggestion, which I consider a SECURITY issue long overdue for implementation.
I am most concerned about a form of cross site scripting that is not being managed properly. As an example everyone will be familiar with, take Facebook. I am happy to allow facebook.com when I am on the facebook site, but I am NOT HAPPY about not being able to DISABLE Facebook when I'm browsing another site that has Facebook links in it.
I urge the developers to implement such a function. Even if it means an increase in the number of allows I need to set, I am willing to accept the overhead in favour of increased privacy.
Kind regards,
Nap
Cross Site Scripting Control per Parent Page
Cross Site Scripting Control per Parent Page
Mozilla/5.0 (Windows NT 6.0; rv:12.0) Gecko/20100101 Firefox/12.0
Re: Cross Site Scripting Control per Parent Page
http://noscript.net/faq#qa8_10
See Giorgio's suggested rule.
If you don't want to allow the Facebook "apps", or allow any FB at any other sites, then the following will forbid FB everywhere but at FB itself:
ETA:
See Giorgio's suggested rule.
If you don't want to allow the Facebook "apps", or allow any FB at any other sites, then the following will forbid FB everywhere but at FB itself:
Code: Select all
# Forbid all Facebook everywhere other than Facebook itself
Site .facebook.com .fbcdn.net .facebook.net
Accept from .facebook.com .fbcdn.net .facebook.net
DenyETA:
ABE -- inplemented 3 1/2 years ago.long overdue for implementation
Mozilla/5.0 (Windows NT 5.1; rv:18.0) Gecko/20100101 Firefox/18.0