InformAction Forums

Wouldn't it be great to quickly know what a certain domain wants from one, e.g. whether it's a script or an iframe and what the URL of the embedding is? Because if a script address has "analytics"/"ad"/etc. in it I can assume that those domains are less likely needed for the site to work.

So why not putting some of that information in the tooltips that pop up whenever hovering over the "Allow …"/"Forbid…" menu entries?

That may not be practical if a lot of scripts etc are being requested from any single domain.

You're probably better off using something like JSView (may need modifications in order to work properly) or Firebug.

It might still be possible to show something for the *first* tag/object requested?

barbaz wrote:That may not be practical if a lot of scripts etc are being requested from any single domain.

That's why I wrote "some of that information", e.g. what Thrawn suggests.

Just something that might help in situations where one needs to guess what domain to allow in order make a site work, not necessarily something precise and reliable.

dhouwn wrote:That's why I wrote "some of that information"

OK then. This could work if the number of URLs shown in the tooltip is limited to, say, 3 or so; if there are more it should be indicated by something like "..." - otherwise the tooltip will simply be too big, and that gets really ugly on Mac OS X.
Maybe the limit of displayed URLs could be configurable in about:config.

Also how do you think the current top-level site should be handled?

I'd also like to see script URLs. My workplace recently tightened up IT security policies, so I've had to start using Firefox at work. At home, I use Opera 12 with an extension called ScriptWeeder, and it shows the file names of scripts that each domain wants to load. When you mouse over a domain in the tooltip, it shows a second tooltip with the file names (not the full URL). Like dhouwn said in the first post of this thread, this information is very helpful in quickly determining whether I should allow the domain or not.

NoScript could show a list of script file names (or full URLs) in a sub-menu like the ones it already uses for the Untrusted, Recently blocked sites, and Blocked Objects menu entries. Or, the current system-style menu could be replaced by a custom popup like the one the Ghostery extension uses, where you can click on a heading (in Ghostery, a tracking company name; in NoScript, a domain name) to expand it and show which URLs it includes.

> I use Opera 12 with an extension called ScriptWeeder, and it shows the file names
> of scripts that each domain wants to load. When you mouse over a domain in the
> tooltip, it shows a second tooltip with the file names (not the full URL).

Could you post screenshots of what that looks like.

Here's an example on the New York Times website:



Normally I'd think it was okay to allow scripts from a1.nyt.com, but mousing over it I can easily see that all it wants to load is an ad. The markets.on.nytimes.com domain is the same situation, though at least the "markets" in that one gives it away.