Discussion: Site Specific Permissions Policy

Bug reports and enhancement requests
Post Reply
Topics Merged by GµårÐïåñ

Discussion: Site Specific Permissions Policy

Post by Topics Merged by GµårÐïåñ » Tue Mar 24, 2009 5:07 pm

Is there a possibility to allow scripts from a certain domain but only on some web-site? For example, I would like allow scripts from xyz.com on sites in that domain, but to block them by default on sites from other domains.
If there's no such feature yet, is it possible that it'll be implemented?
Mozilla/5.0 (X11; U; Linux x86_64; pl-PL; rv:1.9.0.6) Gecko/2009020407 Firefox/3.0.7 (Debian-3.0.7-1)

Tom T.
Field Marshal
Posts: 3620
Joined: Fri Mar 20, 2009 6:58 am

Re: blocking scripts from a domain on per web-site basis

Post by Tom T. » Tue Mar 24, 2009 11:09 pm

This has been on Giorgio's to-do list for a long time, per many discussions at the old thread. Please be patient!
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.20) Gecko/20081217 Firefox/2.0.0.20

tatbrat

Re: blocking scripts from a domain on per web-site basis

Post by tatbrat » Wed Mar 25, 2009 8:02 am

Thank you for sharing a very useful product with us. You are awesome! =] :D
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.7) Gecko/2009021910 Firefox/3.0.7 (.NET CLR 2.0.50727)

User avatar
Giorgio Maone
Site Admin
Posts: 8700
Joined: Wed Mar 18, 2009 11:22 pm
Location: Palermo - Italy
Contact:

Re: blocking scripts from a domain on per web-site basis

Post by Giorgio Maone » Wed Mar 25, 2009 11:20 am

Notice also that if the top-level domain (the one displayed in your location bar) is untrusted, none of the 3rd party scripts included by it gets executed anyway.
Also, you may want to add AdBlock Plus to the mix in order to selectively block some 3rd party scripts depending on the top-level one.
Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.9.0.7) Gecko/2009021910 Firefox/3.0.7 (.NET CLR 3.5.30729)

user2037
Posts: 2
Joined: Thu Mar 26, 2009 9:23 pm

Feature Request: Aggressive Domain Boundary Enforcement

Post by user2037 » Thu Mar 26, 2009 9:42 pm

When visiting a domain I would expect to interact with only that destination unless there is a compelling reason to interact with another domain via the same destination. Noscript's frame and script controls go a long way toward mitigating the risks. But even seemingly harmless things like style sheets, images, and links (anchor tags) cross the domain boundaries with little or no indication who the client is --or will be-- communicating with. Combined with the years of cross-domain slop that passes for 'dynamic' websites and the situation is that users expect everything to work and site developers treat domain boundaries like a legacy limitation that must be worked around or bridged without regard to security, privacy, or user experience.

It seems to me that domains (in combination with cryptographic certificates) are the last, best hope for ensuring healthy boundaries between Internet destinations. And the more sites carelessly knit domains together the more users will become accustomed to it. A tool which highlights *every* domain boundary very clearly would really help. For example, why does one have to look to the status bar to see where a link truly leads? I'd prefer an unobtrusive tool-tip-style pop-up appearing only when hovering over the link. Perhaps there could even be a tool-bar or more status icons for the various boundary cross resources. It could indicate what has been blocked or allowed. It could also be grouped by resource type (style, image, script, object, etc.) or domain of origin. Another visual indicator could be to outline or overlay/shade objects from, or referring to, external domains.

Perhaps this falls outside the scope of Noscript, but Ns and Request Policy are certainly the closest to it.
Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.7) Gecko/2009030422 Ubuntu/8.10 (intrepid) Firefox/3.0.7

User avatar
GµårÐïåñ
Lieutenant Colonel
Posts: 3339
Joined: Fri Mar 20, 2009 5:19 am
Location: PST - USA
Contact:

Re: Feature Request: Aggressive Domain Boundary Enforcement

Post by GµårÐïåñ » Thu Mar 26, 2009 10:16 pm

I think that would be a bit outside of the current scope of NS which actually handles this issue very effectively by eliminating harmful XSS. If you want further protection, as you stated yourself RequestPolicy is a good place to start as an amendment to NS, I use them both along with strict blocking in exceptions (which admittedly is slow) and Adblock for whatever else is left and I run a very tight ship. But who knows, Giorgio being the man, he might take this on and that would be awesome if he feels its worthwhile :ugeek:
~.:[ Lï£ê ï§ å Lêmðñ åñÐ Ì Wåñ† M¥ Mðñê¥ ßå¢k ]:.~
________________ .: [ Major Mike's ] :. ________________
Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.0.7) Gecko/2009021910 Firefox/3.0.7

Tom T.
Field Marshal
Posts: 3620
Joined: Fri Mar 20, 2009 6:58 am

Re: Feature Request: Aggressive Domain Boundary Enforcement

Post by Tom T. » Thu Mar 26, 2009 10:59 pm

Umm, it's a little over my head, but is *this* what you're talking about?
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.20) Gecko/20081217 Firefox/2.0.0.20

User avatar
GµårÐïåñ
Lieutenant Colonel
Posts: 3339
Joined: Fri Mar 20, 2009 5:19 am
Location: PST - USA
Contact:

Re: Feature Request: Aggressive Domain Boundary Enforcement

Post by GµårÐïåñ » Thu Mar 26, 2009 11:14 pm

Tom T. wrote:Umm, it's a little over my head, but is *this* what you're talking about?


That for the most part would address this further, yes. My understanding can be narrowed to simply - It provides more customization and configuration to be performed to more extensively fine tune or play with what happens, not just client side - I know that Giorgio has been very hard at work on that and its taking up alot of his time right now.
~.:[ Lï£ê ï§ å Lêmðñ åñÐ Ì Wåñ† M¥ Mðñê¥ ßå¢k ]:.~
________________ .: [ Major Mike's ] :. ________________
Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.0.7) Gecko/2009021910 Firefox/3.0.7

aidave
Posts: 1
Joined: Sat Mar 28, 2009 4:01 am

Allow Domain For This Domain / Allow All For This Domain

Post by aidave » Sat Mar 28, 2009 4:05 am

Hi, thank you for NoScript. The most excellent tool in this day and age.

I have a feature suggestion.

When you are browsing xyz.com, sometimes you might like to enable a domain, like googleanalytics.com, but you only want that domain enabled when xyz.com, but not on any other site. This might occur, for example, when you are developing xyz.com and want to use an outside domain tool. Then you need googleanalytics.com to work for xyz.com but you might not need it for any other site.

So my suggestion is to extend the database so that you can enable those domains not just globally, but per domain...

In the same vein, you'd be able to say "Allow All for this Domain" when there are five or more domains on a site you are visiting, yet you dont want to keep those domains allowed later on, just for this visit to the page. And, finally, it could combine to have more options with "Temporarily". That is alot but, I've secretly wanted this feature for over a year now.

Hope that makes sense and sounds useful!

thanks for noscript

cheers
dave
Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.0.7) Gecko/2009030516 Ubuntu/9.04 (jaunty) Firefox/3.0.7

Tom T.
Field Marshal
Posts: 3620
Joined: Fri Mar 20, 2009 6:58 am

Re: Allow Domain For This Domain / Allow All For This Domain

Post by Tom T. » Sat Mar 28, 2009 9:52 am

Hi aidave, and welcome!

Very good idea, which has been suggested many times here and at the old Mozillazine NoScript thread. Giorgio has intended for a long time to add this type of fine-grained control, but the Web keeps lighting fires that he has to put out, plus he has a couple of other major projects underway. We all look forward to the day when this type of individual control will be enabled. Cheers!
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.20) Gecko/20081217 Firefox/2.0.0.20

Jangly Mark
Posts: 3
Joined: Mon Mar 30, 2009 6:21 pm

How to choose what to block?

Post by Jangly Mark » Mon Mar 30, 2009 6:30 pm

I'm new to NoScript, and was wondering how to select which scripts to block.

Mainly, this is for Facebook, which is deathly slow.
It seems that I can block by web address (eg. Facebook.com), and this will block ALL SCRIPTS from this address.
I can also block TYPES of scripts (EG Java).

But - how do you selectively block some scripts from a site and not others (So that the stuff you don't care about anyway is blocked, but, the rest of the page still works).

If, for example, there are 8 scripts running, I may want to block 5 and allow 3...
Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.8.1.20) Gecko/20081217 Firefox/2.0.0.20

User avatar
therube
Ambassador
Posts: 7425
Joined: Thu Mar 19, 2009 4:17 pm
Location: Maryland USA

Re: How to choose what to block?

Post by therube » Mon Mar 30, 2009 6:38 pm

Look at it from the opposite direction.

By default, all are blocked.
So now you only need to decide which to Allow.

If facebook.com needs to be allowed for at least minimal functionality (& I have no clue?) then I guess you're relegated to do so.

After that, if you're still restricted in some manner, look to see what may be the next domain to Allow to get to where you're functional.

(Again, no knowledge of facebook here.)
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball NoScript FlashGot AdblockPlus
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.22pre) Gecko/20090327 SeaMonkey/1.1.16pre

Jangly Mark
Posts: 3
Joined: Mon Mar 30, 2009 6:21 pm

Re: How to choose what to block?

Post by Jangly Mark » Mon Mar 30, 2009 9:48 pm

Yeah...I can allow Facebook.com and make the site functional.

But, is there a way to allow some of the scripts under Facebook.com to run, and block others - on a script by script basis, rather than an url or domain name basis?

That's what I was trying to get at.
Facebook runs god knows how many scripts all from the same address.
I want to keep some of them blocked, yet, enable others, but, they're all from the same domain (facebook.com).

Is there a way of getting a list of the individual scripts up and choosing which to allow and which not?
Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.8.1.20) Gecko/20081217 Firefox/2.0.0.20

User avatar
GµårÐïåñ
Lieutenant Colonel
Posts: 3339
Joined: Fri Mar 20, 2009 5:19 am
Location: PST - USA
Contact:

Re: How to choose what to block?

Post by GµårÐïåñ » Mon Mar 30, 2009 10:18 pm

I think I know what you are trying to achieve and you can try to pull a trick by using Adblock Plus to block specific scripts that you don't want allowed by virtue of allowing the main site. Now since I don't use Facebook, I can give you theory only not specifics but if you get Adblock Plus, there is a filter subscription designed to block crap from MySpace, Facebook and so on where someone sat down and did the hard work of isolating them for you and you can further tweak their stuff if you wanted even. Hope that helps.
~.:[ Lï£ê ï§ å Lêmðñ åñÐ Ì Wåñ† M¥ Mðñê¥ ßå¢k ]:.~
________________ .: [ Major Mike's ] :. ________________
Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.0.8) Gecko/2009032609 Firefox/3.0.8

RacerX

Re: blocking scripts from a domain on per web-site basis

Post by RacerX » Tue Mar 31, 2009 2:13 am

Hello-


I'd also like to see this feature (and real quick!)

I'm on a site (let's call it.... GAMEKNOT.... and let's say that, for example, it's an online chess playing website.)

So I get an email from them saying that they can tell I'm blocking ads because the server never receives a request to load the ad. And it's a free site, they rely on ad revenue to keep it free, unless I join a premium, etc. etc.

Long story short- they're going to suspend my account unless I allow ads.

I have allowed gameknot.com
doubleclick.net is blocked (I assume that's where the ads are coming from)

So how can I allow doubleclick on gameknot ONLY, without allowing ads from doubleclick everywhere???


HELP!


Thanks


RacerX
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.8) Gecko/2009032609 Firefox/3.0.8

Post Reply