Newbie ABE help

[Guest]

I have never used ABE before and do not have knowledge in this area in general. I am interested in using ABE to limit whitelisted sites so that their scripts are only run on their domain. This is something one can do with ABE (ultimately I wish NoScript offered a quick means to do so in addition to the temporarily allow and always allow options - say an always allow on this site only)?

For example, I'd like to always allow msn.com but only on their site. I added the following under ABE -> User

Site .msn.com
Accept from .msn.com
Deny INCLUSION(SCRIPT, OBJ, SUBDOC)

Then I visited http://hardballtalk.nbcsports.com but see that the msn.com script shows as being allowed on that page. Is my custom ABE rule working correctly in that the msn.com script is being blocked on that site, and others other than msn.com, and it just doesn't say so or am I doing, or expecting, something wrong?

[barbaz]

That could be expected behavior as ABE works independently of NS permissions.

One comment on your rule though: it doesn't quite simulate a NoScript forbid despite what the FAQ says. You could get closer if you try

Code: Select all

Site .msn.com
Accept from .msn.com
Deny INCLUSION(SCRIPT, OBJ, SUBDOC, FONT, XHR)

(block all 3rd-party msn active content that NoScript would control)
But I should still say what you had was very well done for a total noob and would work in most cases.

I also have a related question to Guest: would

Code: Select all

Site .msn.com
Accept from SELF++
Sandbox INCLUSION

sandbox msn.com inclusions within msn.com iframes on a 3rd-party site? If so, that really would simulate NS forbidding the site...

[Guest]

That could be expected behavior as ABE works independently of NS permissions.

One comment on your rule though: it doesn't quite simulate a NoScript forbid despite what the FAQ says. You could get closer if you try

Code: Select all

Site .msn.com
Accept from .msn.com
Deny INCLUSION(SCRIPT, OBJ, SUBDOC, FONT, XHR)

(block all 3rd-party msn active content that NoScript would control)
But I should still say what you had was very well done for a total noob and would work in most cases.

Thanks barbaz.

I copied and pasted the first rule you shared but it seemed to have the same result using that site as a test. Does that mean I am doing something wrong or that the drop down menu on the NoScript icon will show msn.com allowed on that site no matter the ABE rule? Meaning, other than my knowing I created a rule for that site, I will not have any way of verifying it is working as intended.

Or perhaps it is something as simple as my pasting it under the "# User-defined rules. Feel free to experiment here." text that is already present there when I am supposed to replace it (rather than under it but leaving that text as is)?

Re: This part..

I also have a related question to Guest: would

Code: Select all

Site .msn.com
Accept from SELF++
Sandbox INCLUSION

sandbox msn.com inclusions within msn.com iframes on a 3rd-party site? If so, that really would simulate NS forbidding the site...

This is over my head so I am not sure what it means in order to offer a reply.

Should I copy and paste that rule to try over the other? If so, could you explain it a little so that I may try and learn how I may mimic that rule for other sites I would like to create a rule for in this same manner (eg. google.com)?

[barbaz]

I copied and pasted the first rule you shared but it seemed to have the same result using that site as a test. Does that mean I am doing something wrong or that the drop down menu on the NoScript icon will show msn.com allowed on that site no matter the ABE rule? Meaning, other than my knowing I created a rule for that site, I will not have any way of verifying it is working as intended.

As I said NoScript permissions work independently of ABE, so it just depends what gets to a site first: script-blocking may catch the site and allow it, but then ABE could catch it afterwards and block it.
You can verify whether it's working by checking the Browser Console (Ctrl-Shift-J) and looking for things that start with [ABE], and see what they say.

Re: This part..

I also have a related question to Guest: would

Code: Select all

Site .msn.com
Accept from SELF++
Sandbox INCLUSION

sandbox msn.com inclusions within msn.com iframes on a 3rd-party site? If so, that really would simulate NS forbidding the site...

This is over my head so I am not sure what it means in order to offer a reply.

Should I copy and paste that rule to try over the other? If so, could you explain it a little so that I may try and learn how I may mimic that rule for other sites I would like to create a rule for in this same manner (eg. google.com)?

That was a question for people who know more than me since I don't fully understand the extra restrictions applied when replacing .msn.com with SELF++. I only posted it here because depending on the answer that might achieve what you really want rather than work around the issue by outright blocking the inclusions.

[Thrawn]

Using '.msn.com' will usually be the same as using 'SELF++'. There are some tricky exceptions when sites use redirects.

Giorgio could best answer questions about exactly what Sandbox does - but bear in mind that this feature is intended for protection from XSS etc, so it is less comprehensively tested for scenarios like this one.

@Guest: What exactly are you trying to stop msn.com from doing on other sites? If it's tracking you're worried about, then you're probably better off with Adblock Plus.

[barbaz]

Thanks for your reply Thrawn. And I can personally verify that Sandbox works well for some annoyance removal purposes also

[Guest]

@Guest: What exactly are you trying to stop msn.com from doing on other sites? If it's tracking you're worried about, then you're probably better off with Adblock Plus.

I don't understand enough to know exactly what happens behind the scenes so I do not have anything specific that I am attempting to block. More along the lines of seeing that the vast majority of times a script, to use the msn.com example, is listed as running on another site that it isn't necessary to that sites visit. I do use ABP but wanted to also play around with attempting to block a script like msn.com from running on other sites I may frequent.

I will try barbaz's kind suggestion for a bit and mimic that wording for additional ones I'd like to try.

Code: Select all

Site .msn.com
Accept from .msn.com
Deny INCLUSION(SCRIPT, OBJ, SUBDOC, FONT, XHR)

One last question (I think). Do I place that group of text under "# User-defined rules. Feel free to experiment here." or replace it so that only the rules I create are entered there (in case it matters)?

[barbaz]

Do I place that group of text under "# User-defined rules. Feel free to experiment here." or replace it so that only the rules I create are entered there (in case it matters)?

It doesn't matter, see http://noscript.net/abe/abe_rules.pdf

[Guest]

Do I place that group of text under "# User-defined rules. Feel free to experiment here." or replace it so that only the rules I create are entered there (in case it matters)?

It doesn't matter, see http://noscript.net/abe/abe_rules.pdf

Thanks.

I'm not sure why but I have never been able to get that link to load. I had thought it was inactive until you mentioned it.

I have tried on multiple computers with the same result (and allowing the originally blocked pdf.js script to allow). An issue with ABP?

[Thrawn]

If you get a PDF.js interface, then there should be a Download button near the top-right.

However, you're correct, I'm seeing a HTTP 403 in the Browser Console when trying to view the PDF. Curious.

[barbaz]

WFM. If you're on Firefox 24 or later make sure that the built-in pdf.js is disabled, then install PDF Viewer 0.8.1 add-on. Newer versions of the extension don't download PDFs properly.

[Guest]

If you get a PDF.js interface, then there should be a Download button near the top-right.

Embarrassed to say that I never thought of the download button. That worked.

Sadly, I understood almost none of it (which is a lie as none without the qualifier is more accurate).

Thanks for all the help.

If there is any chance NoScript might offer a simplified method to add those, I would be interested in that. If by chance a selection such as allow on this site only would work.

[Thrawn]

Glad that the PDF downloaded OK.

The linked Github issue also mentions a workaround: this link should work.

NoScript 3 will include per-site permissions, when Giorgio gets time for it to happen.