InformAction Forums

I just installed NoScript and found that one site I go to, Nationalgeographic.com, no longer sends me annoying adds to register, etc. The site's main page wouldn't load until I allowed only js from the site itself. There were dozens of other sites that had js denied on that page, however.

This leads me to believe that there was some javascript that was triggered by a call on another site, that gave me the ads on the site I was on. I don't know if this is true or not, but I'm wondering if there is a global option to allow only javascript from the host site, but not from other sites.

I don't know if this is wrong-headed or not. If this is absolutely not how NS works, please correct this. But since I disable all third party cookies, I'm wondering if the same global setting might work with javascript as well.

paulri wrote:But since I disable all third party cookies, I'm wondering if the same global setting might work with javascript as well.

sort of...
noscript options -> general -> check "temporarily allow top-level sites by default"
but this is like the "allow 3rd-party cookies only from sites you visited" option, so any site you visit, *including through redirects*, would be temp-allowed even on other sites

If you always want to allow JavaScript from sites you choose to visit,
then you might want to try putting NoScript into Global Allow mode and installing RequestPolicy.

It will block all third-party content by default (including images and stylesheets),
with an interface similar to NoScript, and it will catch redirects as well,
but it will allow everything from the main site.

However, I don't recommend this approach; what if you follow a poisoned search engine result
and the main site is actually malicious?

My preference is to use both NoScript and RequestPolicy in their default restrictive modes.

paulri wrote:I just installed NoScript

so i assume that you are new to using "noscript"? it might seem a little awkward at first but working with "noscript" is not very complicated and it is easy to figure out how things work..

i suppose that the thing to do is to go through the settings and adjust them.. that is an important step with using any program but not everyone thinks to do that..

Nationalgeographic.com's main page won't load unless I allow scripting on the site itself

so you see that scripting is blocked on all websites, by default, including third-party websites..

is there is a global option to allow javascript from the host site, but not from other sites

the thing to do is to add "nationalgeographic.com" to noscript's "whitelist".. then scripting will be allowed on the "nationalgeographic.com" webpage while remaining restricted on "third-party websites".. it is pretty simple..

in noscript's settings, on the "general" tab, there is a setting for ""temporarily allow top-level sites by default", where scripting would always be allowed on whatever "first-party" website you open, but, if you want maximum security, it would be better not to enable that settings and, instead, either temporarily allow scripting on individual websites, as needed, or add individual websites to noscript's "whitelist", as needed (rather than always allowing scripting on whatever "first-party" webpage you happen to open)..

personally, i try to adjust noscript's settings for maximum protection, but i just use the basic settings to accomplish that.. i don't use any complicated custom-settings that some experts might use, but noscript allows one to do that, if they choose to..

i remove everything from noscript's default "whitelist", except for "youtube.com" and "ytimg.com", which belongs to youtube, and the "about:blank" entry, and then i add my own entries to the whitelist, as desired.. i try to keep the number of entries in the whitelist to a minimum, to make it easier to manage, to make sure that i didn't inadvertently add something to the whitelist that shouldn't be there.. for websites that aren't whitelisted, i temporarily allow scripting, as needed, or as desired..

people have their own way of doing things, with their computers.. personally, i like to try to make my computer as secure as possible, while still being functional, and a big part of that is restricting "javascript", which is what "noscript" is for.. restricting javascript helps to prevent "driveby malware-infections", when viewing webpages..

in my opinion, it also is good to use the "adblock plus" addon, with "firefox".. when you install "adblock plus", it includes a default blocklist, the "easylist" blocklist, but you can get additional blocklists at:

https://easylist.adblockplus.org/en/

in addition to the standard "easylist" blocklist, i use the "easyprivacy"-blocklist and "fanboy's annoyance list".. also, there are a lot of "exceptions" (whitelisted items) in the blocklists.. after the blocklists have been installed, i edit adblock plus's "patterns.ini" file, removing all of the whitelisted items.. i have my own "custom blocking-list", which includes some websites that are whitelisted, instead..