InformAction Forums

NoScripters and WebSec nerds of all lands, unite!
https://forums.informaction.com/

Tree Format Domain Access

https://forums.informaction.com/viewtopic.php?t=21745

Page 2 of 2

Re: Tree Format Domain Access

Posted: Fri Dec 23, 2016 2:13 am
by Thrawn
barbaz wrote:you really want a "middle ground" type way to handle something like this - viewtopic.php?f=19&t=13576
Er...I can't see the connection between that topic and this. But really, if the middle ground involves regularly re-adding something to your temporary whitelist, every time you visit, then I'd say that you're Doing It Wrong and you need a tool to address your use case (which is probably not the use case NoScript is designed for).
sandboxed and not sandboxed, off the same profile, and what you really want is less restrictive permissions inside the sandbox vs outside it.
Wait, you want the same profile to have different permissions at different times? If you're going to go to that extent, just use two profiles...
I suggest Allowing tiqcdn and using uBlock Origin to block the tracking stuff.
Good, we agree :).

Re: Tree Format Domain Access

Posted: Fri Dec 23, 2016 3:44 am
by barbaz
Thrawn wrote:Er...I can't see the connection between that topic and this. But really, if the middle ground involves regularly re-adding something to your temporary whitelist, every time you visit,
Well, it wouldn't be every time, or I'd be saying it's best to just use permanent permissions + ABE/µMatrix.

The connection here is that it's a real-world situation where someone needs JS for a site, but doesn't feel comfortable allowing the site's JS...and was justified in their feeling. The solution there was to make a surrogate of a known-clean version of the site's scripts. But that's too time-consuming for people like me, and too involved for most users.

I would solve that situation with this RFE + sandboxing (e.g. firejail). I'd only Temp-Allow JS when using that functionality, and if I do get pwned the damage would be more limited.
Thrawn wrote:Wait, you want the same profile to have different permissions at different times?
Yes, and I achieve this with multiple sandboxes at once plus temporary NoScript permissions.

As noted, this RFE would make it safer to be accustomed to Temp-Allowing specific sites all the time, because the pre-defined group wouldn't include Unicode lookalikes and such.
Thrawn wrote:Good, we agree :).
Image
All times are UTC
Page 2 of 2

Powered by phpBB® Forum Software © phpBB Limited