NoScriptian wrote:I'm at a loss then. What does Untrusted actually do?
It applies the rules you specified to the source you specified.
Barbaz's resonse was basically pointing out that while you fixed the flawed settings of your untrusted preset (which definitely shouldn't have happened but was true for me, too, to a lesser degree)
When creating the nikon rule, you either forgot to apply the "trusted -> redlock ->untrusted" trick" or something went wrong.
The way it is as you quoted your config, due to the "§" it again only applies to https nikon, instead of both http and https.
From a security standpoint there should not be a single entry in the untrusted preset that has a "§" in front of it, or has black text in the settings UI for the domain name.
edit: A more comprehensive answer:
If you never use the "allow all temp" button, very little. (if you do, it helps not temp allow domains that you KNOW you don't want to also allow by hitting "allow all temp".)
In that case it is merely a visual reminder setting it apart from all the sites that are set to "default", that you already decided on that one.
The third application is for people who aren't AS distrustful. For those the option is to allow scripts in the default setting, and then specifically just un-trusting those pages that they ACTUALLY want to block. So for people who use this actually primarily as a pure adblocker, they would allow scripts by default, and then explicitly killing of the ads, in this not having to deal with every page by default being broken.