Page 1 of 2
Always allow a particular embedding?
Posted: Fri Nov 08, 2013 3:30 pm
by access2godzilla
I have NS to block Flash on all sites (regardless of trusted/untrusted). However, I want to allow
http://www.jamendo.com/js/libs/jquery.j ... player.swf always. Is there any way to do this?
Re: Always allow a particular embedding?
Posted: Fri Nov 08, 2013 8:48 pm
by Giorgio Maone
Yes you can.
Just add to your
noscript.allowedMimeRegExp about:config preference the following pattern:
Code: Select all
application/x-shockwave-flash@http://www\.jamendo\.com/js/libs/jquery\.jplayer/Jplayer.swf
Re: Always allow a particular embedding?
Posted: Sat Nov 09, 2013 1:56 am
by barbaz
This pattern isn't working for me. In my case I want to always allow the Flash streaming player at
Code: Select all
http://www.deeplinkmusic.com/modules/mod_radioplayerjoomla-pro/muses.swf
(there are flashvars listed in the actual URL), but despite my noscript.allowedMimeRegExp being set to
Code: Select all
application/pdf application/x-shockwave-flash@http://www\.deeplinkmusic\.com/modules/mod_radioplayerjoomla-pro/muses\.swf#!flashvars#.+
it's still blocked by NS. Removing the trailing .+ and/or the reference to flashvars doesn't help. The page in question is script-forbidden. What am I doing wrong? Does this preference require a browser restart to take effect?
Re: Always allow a particular embedding?
Posted: Tue Nov 12, 2013 10:48 am
by Giorgio Maone
Could you please show me a page where this is actually embedded for me to test it? Thanks!
Re: Always allow a particular embedding?
Posted: Tue Nov 12, 2013 2:33 pm
by barbaz
http://www.deeplinkmusic.com/deeplinkradio
It should be the Flash object on the left, under Listen Live Now.
Re: Always allow a particular embedding?
Posted: Tue Nov 12, 2013 4:08 pm
by therube
As a start, & to simplify things, removing the trailing / looked to work:
> application/x-shockwave-flash@http?://www\.deeplinkmusic\.com
vs
> application/x-shockwave-flash@http?://www\.deeplinkmusic\.com/
Re: Always allow a particular embedding?
Posted: Tue Nov 12, 2013 4:39 pm
by barbaz
therube wrote:As a start, & to simply things, removing the trailing / looked to work:
> application/x-shockwave-flash@http?://www\.deeplinkmusic\.com
vs
> application/x-shockwave-flash@http?://www\.deeplinkmusic\.com/
Thanks therube, that does work. But wouldn't that allow every Flash object coming from deeplinkmusic on any site, thus requiring an ABE rule to achieve the desired effect?
Re: Always allow a particular embedding?
Posted: Tue Nov 12, 2013 6:24 pm
by therube
As a start, & to simply things
So I didn't try to go further then that.
So, if I get time... Or if you...
Re: Always allow a particular embedding?
Posted: Tue Nov 12, 2013 7:18 pm
by Giorgio Maone
barbaz wrote:
Thanks therube, that does work. But wouldn't that allow every Flash object coming from deeplinkmusic on any site, thus requiring an ABE rule to achieve the desired effect?
Sorry, my fault, I overlooked that it was a full URL.
Actually this preference works on "sites", i.e. protocol + domain (+ port) (with no trailing slash, which would constitute "path").
And yes, if you want the "desired effect" you may achieve it by intersecting this permission with a restrictive ABE rule (but you wouldn't get placeholders, in that case).
Re: Always allow a particular embedding?
Posted: Tue Nov 12, 2013 7:19 pm
by barbaz
OK, I've done some further testing. Interesting.
It seems this feature is limited to regexps matching scheme://host.dom.ain on the same site as the top-level site. This is bad because it means you can't whitelist specific objects, nor can you allow an object coming from a CDN. Also, the issue here is unrelated to the inability to allow FONTs through allowedMimeRegExp. Without further ideas, at this point I would be inclined to wait for Giorgio to sort this out.
Edit: @Giorgio: Sorry, just missed your reply. One last question: Why doesn't this feature work on objects coming from CDNs?
Re: Always allow a particular embedding?
Posted: Tue Nov 12, 2013 7:49 pm
by Giorgio Maone
barbaz wrote:
Edit: @Giorgio: Sorry, just missed your reply. One last question: Why doesn't this feature work on objects coming from CDNs?
Example page?
Re: Always allow a particular embedding?
Posted: Tue Nov 12, 2013 8:07 pm
by barbaz
Thanks for clearing the "site" question up.
Any Youtube video page will do (the Flash object is coming from s.ytimg.com).
Edit: Even copying/pasting the suggested pattern from
http://noscript.net/features#contentblocking didn't work
Re: Always allow a particular embedding?
Posted: Wed Nov 20, 2013 9:01 pm
by Giorgio Maone
barbaz wrote:Thanks for clearing the "site" question up.
Any Youtube video page will do (the Flash object is coming from s.ytimg.com).
Edit: Even copying/pasting the suggested pattern from
http://noscript.net/features#contentblocking didn't work
Mmmm,
Code: Select all
application/x-shockwave-flash@https?://[^/]+\.(?:youtube|ytimg)\.com
actually works just fine for me (of course you need to allow youtube.com because the Flash object is generated by JavaScript).
Step-by-step instructions to reproduce?
Did you try on a clean
profile with just NoScript installed, with either default configuration or "Apply these restrictions to whitelisted sites" embedding option?
[Edit]
even just
Code: Select all
application/x-shockwave-flash@https?://s\.ytimg\.com
works for me ?:/
Re: Always allow a particular embedding?
Posted: Wed Nov 20, 2013 10:06 pm
by barbaz
After some testing, it looks like marking ytimg.com as Untrusted was enough to prevent
Code: Select all
application/x-shockwave-flash@https?://s\.ytimg\.com
from working. Is this intended behavior?
Re: Always allow a particular embedding?
Posted: Wed Nov 20, 2013 10:38 pm
by Giorgio Maone
barbaz wrote:After some testing, it looks like marking ytimg.com as Untrusted was enough to prevent
Code: Select all
application/x-shockwave-flash@https?://s\.ytimg\.com
from working. Is this intended behavior?
Absolutely, it is.
NoScript Options|Embeddings|Block every object coming from a site marked as untrusted.