Easier solution for site-specific whitelisting?

[Tery]

Hi,

Thanks for Noscript!

First, there is a thing I don't understand about "neutral" sites:
Is there any difference if a domain is allowed temporarily (in italics, because I visit it), or if it is whitelisted permanently? In other words, is there any need/advantage to whitelist e.g. nyt.com when visiting just nyt.com (and no other sites use scripts from nyt.com)?

Second, a question to the old problem: How can I allow site-specific exceptions (like cdn-servers of video-pages or captchas) permanently only on this one specific page, without having to fiddle about in ABE-rules and without allowing all temporarily?
The current situation is that I have a huge bunch of dubious sites whitelistet, which I visit only quite seldomly, because I don't want to try out what to allow every time anew...

Is there any "Noscript-Extension", that just adds "allow XYZ just for this site" to the menu, and automatically adapts ABE-Rules?

The easiest way would probably be to add a menu entry "save temporary allowed pages just for this domain" and add a graphical item describing the sites that are only allowed site-specific ("forbid" means they will be removed just from ABE-rules, because they are not in Whitelist). Of course, this should only affect the ABE-rule for the current visited domain, because I would probably allow a certain script-site specifically on several visited domains (independently, without remembering it).

It should also be made clear that an entry can only be in ABE or in whitelist, not in both: If I have an entry in ABE, and the same site in whitelist, what counts?

Thanks!

[Thrawn]

Is there any difference if a domain is allowed temporarily (in italics, because I visit it), or if it is whitelisted permanently? In other words, is there any need/advantage to whitelist e.g. nyt.com when visiting just nyt.com (and no other sites use scripts from nyt.com)?

Are you using 'Temporarily allow top-level sites by default'? This isn't the usual (or recommended) mode.

In the default mode, the difference is that after the current session, the permissions vanish. In 'allow by default' mode, the difference is that if they're loaded as third-party scripts before you visit the first-party site (in the current session), they'll be blocked.

Second, a question to the old problem: How can I allow site-specific exceptions (like cdn-servers of video-pages or captchas) permanently only on this one specific page, without having to fiddle about in ABE-rules and without allowing all temporarily?

This is a sticky post.

Is there any "Noscript-Extension", that just adds "allow XYZ just for this site" to the menu, and automatically adapts ABE-Rules?

No, but RequestPolicy does pretty much what you want.

However, since it blocks everything by default, there will be a lot of broken sites and a lot of double-handling between RP and NS.

It should also be made clear that an entry can only be in ABE or in whitelist, not in both:

On the contrary, anything controlled by ABE *should* be on your whitelist.

If I have an entry in ABE, and the same site in whitelist, what counts?

If the regular script-blocking blocks it, it is blocked.
If ABE blocks it, it is blocked.
If both allow it, it is allowed.

They are completely independent of each other.

[Hecuba's daughter]

nvm

[Thrawn]

ABE runs completely independently of NS, even though it apparently runs inside NS for interface economy more than anything else.

Actually, if I recall correctly, Giorgio has actually removed features from NS before because ABE made them redundant. So, NS is relying on ABE's presence. The reverse is not true, however; ABE can operate independently (in theory; don't know if anyone has done this in practice).

[Hecuba's daughter]

nvm

[andyman]

Is there any "Noscript-Extension", that just adds "allow XYZ just for this site" to the menu, and automatically adapts ABE-Rules?

Currently I don't know of one, but that's a BRILLIANT idea!
Just plain and simple:

future versions of NS should really have a trivial option like "Allow XYZ specifically for this domain" (e. g. *.com) respectively "Allow XYZ specifically for this subdomain" (games.XYZ.com)

This would be way better for the non-tech-savvy users who are just feeling as if you gave them a Chinese riddle when they have to fine-tune NS the "IT techie freak" way. (firewalling syntax and all that)

[Thrawn]

A key point is that you don't get significant security benefits by allowing scripts only on selected domains. It's a false sense of security. Either example.com should be regarded as always dangerous, or never.

You get privacy benefits by controlling where scripts can run. But NoScript is not (primarily) a privacy tool. Use Adblock Plus for that.

ABE was designed for CSRF protection, which is a security issue, but is not so easy to automate.

[andyman]

Of course you have a point here, but I'd rather not use NoScript in parallel with AdBlock Plus, since NS already covers over 90 percent of what I want.
It would be a little overkill, so to speak, since both add-ons overlap in many ways when in action (by design).

[Thrawn]

It could be worse. Have you ever tried RequestPolicy? Several of the moderators here use it.

I'm actually working on a side-project to bring a graphical interface to ABE, but it will probably not achieve what you want.