Allow URI by regex?

[Lucas Malor]

Is there a way to allow a particular URI using a regular expression?

I want to allow a single static page on my computer, but I do not want to allow the whole file:/// "protocol"

[Thrawn]

In short: not easily.

You could try serving the page via Apache? It's pretty easy to set up.

[barbaz]

Well, you can Temporarily allow file:// and load *only* the one file in the browser session.

But the way that NoScript works, being geared toward security - either you trust a site or you don't... and if you don't trust your own filesystem, then you have a MUCH bigger problem than NoScript can handle!!!!!!!!!!!!!!!!!!!!!

[Thrawn]

if you don't trust your own filesystem

Well, let's not go too far; it's quite reasonable to have downloaded various files from sites with varying degrees of trustworthiness, and want to run script in some but not others.

What kind of a static page are we talking about?

[Luke42]

Sorry to dig out this old thread...

Is this still current/true? I have the same problem, i want to allow Javascript on some specific local files only (custom startpage in Firefox for example) but i don't want to allow file:// globally.

If this is still not possible, any other solutions? I thought about maybe using Greasemonkey in some way, because GM-Code will run even with JS disabled, but i'm not sure it would work (and how) and it feels like an ugly hack. Something with a local webserver could work but it feels quite overkill and i don't know anything about Apache and stuff.

Any ideas?

[barbaz]

Is this still current/true?

Yes.

i don't want to allow file:// globally.

Why not?

If this is still not possible, any other solutions?

1) Fix your filesystem so that you can trust it.

2) Set up Apache or nginx and run a local server.

3) Create a simple Firefox extension that contains only the one page (and whatever external files it needs). Then your page should be accessible from a URI that is allowed by default.

[Luke42]

Thank you for your quick answer!

i don't want to allow file:// globally.

Why not?

As Thrawn mentionned some people (including myself) sometimes download suspect html-files (like from links in spam/phishing-mails) to analyze, i don't want their JS running if i'm not carefull and open them while file:// is allowed (and if i want to use my trusted local files file:// would be allowed all the time so i would have to disable it before opening a non-trusted file, way to risky).

If this is still not possible, any other solutions?

1) Fix your filesystem so that you can trust it.

see above

2) Set up Apache or nginx and run a local server.

Yeah, maybe i will need to have a look at all this stuff.

3) Create a simple Firefox extension that contains only the one page (and whatever external files it needs). Then your page should be accessible from a URI that is allowed by default.

That could be a solution indeed. I don't know anything about FF-extensions but i suppose it's not too difficult and probably better than a webserver. I will dig into this as soon as i have some time. Thank you for the suggestion.