InformAction Forums

Guys,

Big fan of NoScript and first time posting, please excuse if this is not the right forum and point me to the right direction.

I noticed that some tracking codes/websites have inline GreaseMonkey/UserScript such as Tumblr tracker Unfollower Hater. On one website, where it was probably poorly inserted, I saw nearly 500 lines of GreaseMonkey related javascript embedded in it toward the end / after the end html tag.

My question: is there a way to block execution of all inline GreaseMonkey/UserScript scripts within a page/domain?

Thanks,

I don't understand. Greasemonkey scripts are provided by *you*. If they're not doing what you want, then change them.

Scripts provided by the site are not Greasemonkey/user scripts.

@100: I went to that site and I'm not seeing what you're seeing. Can you post one such script here? (wrap in code tags please)
Also, other than NoScript, what addons (& versions) do you have?

I'm curious, I want to know if it possible to allow Greasemonkey script to run but disable the website's script. Although some userscript/Greasemonkey does work without enabling NoScript on that domain some/most userscript will not function properly.

I don't think Greasemonkey can do that (not sure, because I've never gotten it to work at all), but Scriptish can in most cases.

Also, NoScript has a feature surrogate scripts that can run conditionally based on site permissions status.

I might have wrote it in a confusing way.

I mean like so (example):

Using NoScripts:
Allow "mozilla.com" (using NoScript) so it mean it can run everything, JavaScript (website) and JavaScript (user / greasemonkey) , Plugins, HTML5(?)

What I essentially want to do is like so;

Allow "mozilla.com" (using NoScript) so it mean it can run everything, JavaScript (website) and JavaScript (user / greasemonkey) , Plugins, HTML5(?)
"Limited" Allow "firefox.com", e.g. Only allow JavaScript (user / greasemonkey), block everything else.

If you did understood what I was asking and answer with the surrogate solution, then I apologize. It just seem a bit complicated and annoying to use.

Oh, sorry for the misunderstanding. It would have helped if you started a new thread for that, because your question is unrelated to the OP.
Anyway, the option you're looking for is
NoScript Options > Embeddings > Apply these restrictions to whitelisted sites too

To whitelist sites for plugin content, use
about:config -> noscript.allowedMimeRegExp

barbaz wrote: Anyway, the option you're looking for is
NoScript Options > Embeddings > Apply these restrictions to whitelisted sites too

Actually, I don't think that that is what oakoi wants...s/he wants to run userscript without allowing the domain's own scripts.

And the answer is, if the userscript runs in the page context, then there is no way for NoScript to tell them apart, whereas if it runs in a privileged context, then it's allowed already.

Thrawn wrote:

barbaz wrote: Anyway, the option you're looking for is
NoScript Options > Embeddings > Apply these restrictions to whitelisted sites too

Actually, I don't think that that is what oakoi wants...s/he wants to run userscript without allowing the domain's own scripts.

And the answer is, if the userscript runs in the page context, then there is no way for NoScript to tell them apart, whereas if it runs in a privileged context, then it's allowed already.

@Thrawn: That is the question I answered with this post

Thank you. Having to use create rules each time via about:config is rather time consuming, I guess I will go make a request in NoScript Wishlist.

Considering how the thread is related to what I wanted to know I did not think creating a new thread was appropriate.

oakoi2 wrote:Having to use create rules each time via about:config is rather time consuming

In what way?
If it's because of minifying the code to fit it into the pref, you could put the surrogate script's file: URL instead of the JS code. But note that changes to the script don't take effect immediately in that case.

oakoi2 wrote:Considering how the thread is related to what I wanted to know I did not think creating a new thread was appropriate.

My apologies for the misunderstanding, when I said that I didn't realize that you weren't asking something like "how do I allow only some (Temp)Allowed sites to run plugin content".