Page 1 of 1
twitter and ABE settings
Posted: Sat May 24, 2014 3:15 am
by helpmeobiwan
I want to allow twitter.com and twimg.com to run scripts on twitter.com only (so I can use it).
I want to disallow these scripts from running from any other page (like cnn.com or whatever).
It seems that ABE is how to do this? I read the FAQ and tried what was suggested but it doesn't work as I want.
Any advice? Can what I want even be done?
thanks in advance
Re: twitter and ABE settings
Posted: Sat May 24, 2014 10:55 am
by Thrawn
Do you want to post the rules that you tried?
I'd suggest something like this:
Code: Select all
Site .twitter.com .twimg.com
Accept from .twitter.com .twimg.com
Deny
Re: twitter and ABE settings
Posted: Sat May 24, 2014 8:30 pm
by helpmeobiwan
That's pretty close to what I tried:
Site .twitter.com
Accept INCLUSION from SELF++
Accept INCLUSION from .twitter.com .twimg.com
Deny
That's taken from the example in the FAQ.
I tried your script instead. However, I must be doing something wrong.
After twitter.com loads, I temp allow twitter.com and twimg.com. Twitter then works properly. But if I go to another site (in a different tab), the twitter.com script is still active there.
Here's an image:
You can see that the twitter script is active on this site, which is what I want to stop. I just can't imagine why I want twitter scripts running anywhere but on twitter.
Re: twitter and ABE settings
Posted: Sun May 25, 2014 12:06 am
by barbaz
ABE and script permissions are totally separate mechanisms so it's possible that normal script blocking gets to the twitter requests first so it shows up as Allowed there, but ABE blocked it afterwards.
You can get closer to emulating true per-site script permissions with this rule:
Code: Select all
Site .twitter.com .twimg.com
Accept from .twitter.com .twimg.com
Deny INCLUSION(SCRIPT, OBJ, FONT, XHR)
Sandbox