many sites i see like to load scripts from "jquery.com" or whatever. but especially jquery.com.
i don't want to allow jquery.com globally. is it possible to let "@yahoo.com" load "jquery.com" globally, but "malicioussite.com" not be able to access "jquery.com"??
"partially" allow a site for a site?
-
TooCrooked
- Posts: 19
- Joined: Sun May 02, 2010 9:51 pm
"partially" allow a site for a site?
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:23.0) Gecko/20100101 Firefox/23.0
Re: "partially" allow a site for a site?
allow jquery in the NS menu, then use ABE to emulate per-site permissions
restrict all non-top-level loads of jquery not requested by yahoo:
block only scripts/active content from jquery globally, except when requested from yahoo:
note that even with the above rules you'll still be able to load content from jquery if you type the URL in the address bar, but the pages won't be very functional with the first rule because access from jquery to jquery (aka all 1st-party inclusions) will be blocked, and with the second you won't be able to allow scripts from jquery on jquery itself
restrict all non-top-level loads of jquery not requested by yahoo:
Code: Select all
Site .jquery.com
Accept from .yahoo.com
Deny INCLUSIONCode: Select all
Site .jquery.com
Accept from .yahoo.com
Deny INCLUSION(SCRIPT, OBJ, FONT, XHR)
Sandbox*Always* check the changelogs BEFORE updating that important software!
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:31.0) Gecko/20100101 SeaMonkey/2.28