kukla wrote:I pretty much understand the explanation of objects in the linked passage. But no idea what this really means: difference between "individual objects" and "objects based on origin"
Blocked Objects above the separator(s) (on the very top of the menu) are individual objects. Blocked Objects below the separator(s) blanket-Temp-Allow any objects based on origin (and, optionally, request origin and/or MIME type).
But please don't knock yourself out trying to explain it, I probably just don't have the necessary grounding to get anywhere with it.
It's not hard to explain, and you have more than the necessary grounding to understand it.
"Individual object" = one specific swf file / webfont file / etc. Example:
Code: Select all
https://example.com/some/what/ever/thing.woff
I'm using the term "origin" to refer to the site hosting the objects. (This is what you see in Blocked Objects.)
"Request origin" is the site causing the object to be requested. (This is the site in parentheses in the Blocked Objects entries below the separator(s).)
Pretty straightforward right?
kukla wrote:never sure when allowing a FONT object is really needed or potentially malicious if allowed.
Webfont
*is* potentially malicious if allowed, that's why NoScript blocks it except when you, the user, really trust the site serving it (in this case Apple) not to be evil with webfont.
Allowing a webfont is needed if:
1) the site's icons are displaying as either weird character or box with small letters/numbers in it, and you need/want the icons;
2) the site sets & hosts its own font, and you think the fallback is a massive eyesore;
3) you decide you need it, for whatever reason.
Because fonts are largely cosmetic, unlike scripts which can make up part of site functionality, whether it's "needed" it's mainly a matter of your personal opinion.
