Hi
im using websites that use (amongst others )the ...jwpcdn.com and …jwplatform.com scripts.
its bothersome to reactivate the scripts and reload the page a few times before the page works as needed, but its the only possibility to prevent these commonly used (presumably javascript) scripts from working on other sites.
i suggest adding a "Disable <script> on website <website> else <disable>" funktion to this programm.
im looking forward to a possible change/response.
Dis/Enabling specific scripts on specific websites
Dis/Enabling specific scripts on specific websites
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:60.0) Gecko/20100101 Firefox/60.0
Re: Dis/Enabling specific scripts on specific websites
Per-site permissions and reintroducing ABE are already planned. At least one of those will provide ability to do what you want.
*Always* check the changelogs BEFORE updating that important software!
-
-
- Master Bug Buster
- Posts: 244
- Joined: Wed Jan 10, 2018 7:37 am
Re: Dis/Enabling specific scripts on specific websites
If you set only "script" privilege for those domains, then it will only be javascript that you get from there (so yes, definitely javascript).
Do note that these scripts cannot run on any other page unless you have allowed scripts for that page.
Do note that these scripts cannot run on any other page unless you have allowed scripts for that page.
Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:59.0) Gecko/20100101 Firefox/59.0
Re: Dis/Enabling specific scripts on specific websites
If you allow scripts from domain jwpcdn.com on a any page, then scripts from jwpcdn.com can execute on all other pages too (UPDATE: except see the below replies for an exception).skriptimaahinen wrote:Do note that these scripts cannot run on any other page unless you have allowed scripts for that page.
Last edited by FranL on Mon May 28, 2018 4:03 pm, edited 1 time in total.
Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:60.0) Gecko/20100101 Firefox/60.0
-
- Master Bug Buster
- Posts: 244
- Joined: Wed Jan 10, 2018 7:37 am
Re: Dis/Enabling specific scripts on specific websites
My point as example:
Assume site A.com that uses scripts from jwpcdn.com. You have allowed both and the scripts work for the site as expected.
You go to site B.com, that also tries to use scripts from jwpcdn.com, but you have NOT allowed scripts for site B.com. Scripts from NEITHER B.com or jwpcdn.com are run on B.com!
If you do allow B.com, then scripts from jwpcdn.com are also run on B.com without need to re-allow jwpcdn.com.
Assume site A.com that uses scripts from jwpcdn.com. You have allowed both and the scripts work for the site as expected.
You go to site B.com, that also tries to use scripts from jwpcdn.com, but you have NOT allowed scripts for site B.com. Scripts from NEITHER B.com or jwpcdn.com are run on B.com!
If you do allow B.com, then scripts from jwpcdn.com are also run on B.com without need to re-allow jwpcdn.com.
Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:59.0) Gecko/20100101 Firefox/59.0
Re: Dis/Enabling specific scripts on specific websites
Is this true even if the static HTML at B.com directly loads the script from jwpcdn.com using <script src="http://jwpcdn.com/...">?skriptimaahinen wrote:Assume site A.com that uses scripts from jwpcdn.com. You have allowed both and the scripts work for the site as expected.
You go to site B.com, that also tries to use scripts from jwpcdn.com, but you have NOT allowed scripts for site B.com. Scripts from NEITHER B.com or jwpcdn.com are run on B.com!
Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:60.0) Gecko/20100101 Firefox/60.0
-
- Master Bug Buster
- Posts: 244
- Joined: Wed Jan 10, 2018 7:37 am
Re: Dis/Enabling specific scripts on specific websites
Yes. If you have not allowed the site, NoScript will set CSP (Content-Security-Policy) directive script-src:'none'. This will prevent any and all scripts from running on the site, including inline scripts, on-event handlers and script-tags.
You can check this for yourself by opening developer toolbar (shift-F2) and typing "security csp". This will show all the active CSP rules. Note that some sites might add their own rules too.
You can check this for yourself by opening developer toolbar (shift-F2) and typing "security csp". This will show all the active CSP rules. Note that some sites might add their own rules too.
Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:59.0) Gecko/20100101 Firefox/59.0