InformAction Forums

Hi,

I was just wondering, are there any plans to add "Always allow X@Y" next to "Temporarliy allow X@Y", instead of having to manually add a regexp to allowedMimeRegExp?

... and thanks for an awesome addon!

I would support that. Or even better, if by trusting a site, fonts would be trusted too.

The problem is, things like glyphicons (bootstrap 3.0) and fontawesome dont really work at all if an user has NoScript installed, even if he trusts the site. At least that's my experience / feedback I got for a site implementing fontawesome. And that really can turn into a problem, since the whole iconography is done over a font (basically, displaying ugly 'unknown symbol' squares everywhere). I love the idea behind NoScript, but @font-face should be easier to allow.

Katai wrote:Or even better, if by trusting a site, fonts would be trusted too.

It already works this way, by default, unless you check NoScript Options|Embeddings|Apply these restrictions to whitelisted sites as well.

It would be nice to have a permanently allow option for fonts from a domain on the GUI though, or even permanently allow all content from domain carrying a font.
At the moment if a website links to a font from another domain (the biggest case is themes.googleusercontent.com for example) then it will only appear under the blocked objects menu and will only allow for "temporarily allow" options instead of permanently allow font, or permanently allow all fonts from domain, or permanently allow all from domain.

There are no 'permanent allow' options in the GUI for embeddings. If you're comfortable with about:config, then you can use noscript.allowedMimeRegexp.