InformAction Forums

I have NS configured to temporarily allow JavaScript for the current top-level site, and would like to restrict active content to HTTPS connections. However, I need access to some HTTP sites with JavaScript that wouldn't work in this configuration. Is there a way - perhaps by setting an about:config variable - to allow active content for all HTTPS sites *and* HTTP sites whitelisted as http://host.dom.ain entries?

Don't temp-allow JS for the current top-level site;
add "https:" to your whitelist (without the quotes, is also case-sensitive)
then go to NoScript Options -> Appearance, uncheck Base 2nd-level domains and Full domains if you want, but make sure to check Full addresses
now you should just be able to use the NS menu to do what you want.

This is exactly what I want to avoid: cluttering the whitelist with lots of https:// entries - because I've noticed that I'm browsing more HTTPS than HTTP sites.

Guest wrote:This is exactly what I want to avoid: cluttering the whitelist with lots of https:// entries

???
With those settings you would only have the one entry "https:" taking the place of all that for you - one entry isn't exactly clutter IMO. You need to type that in NoScript Options -> Whitelist manually; NoScript won't offer you that option in the menus or the GUI at all.

Sorry for misunderstanding you - I didn't read your reply carefully and thought I'd have to add one https://host.dom.ain entry for each HTTPS site. Whitelisting "https:" (without quotes) does the trick, thanks a lot!

And be careful doing this, because although it's not quite as bad as allowing scripts globally, it is close.