how to use ABE to create an exception?

[ginahoy]

I was unable to view reader comment streams on articles @ azcentral.com. After some trial-and-error, I discovered that I could view the comments by temporarily allowing facebook.com and facebook.net, which I had marked as untrusted. Rather than having to remember to do this, I tried setting up a user-defined exception from the ABE tab, using the final example on the help page ("What is ABE", https://noscript.net/abe/) as a guide...

Code: Select all

Site .azcentral.com
Accept from .facebook.com .facebook.net
Deny INCLUSION(SCRIPT, OBJ, SUBDOC)

Unfortunately, this doesn't work, but that's not surprising since I don't understand the syntax and don't fully comprehend the explanation (terminology) on the help page.

[barbaz]

You just had it backwards -

Code: Select all

Site .facebook.com .facebook.net
Accept from .azcentral.com
Deny INCLUSION(SCRIPT, OBJ, SUBDOC)

[ginahoy]

You just had it backwards

Thanks! That makes sense. OK, I just tried this, but for some reason it works for facebook.com, but not for facebook.net. What I mean is when I load the page, facebook.com no longer shows in the Untrusted list, but facebook.net does.

I proofed my code, and also tested with .facebook.net listed first, and with .facebook.net only. In all cases, facebook.net continues to appear in the Untrusted list, and thus I cannot view the comment string. In fact, with the ABE rule working for facebook.com, I can no longer view the comment string even when I temporarily allow facebook.net. So even if I'm able to get .facebook.net working, I don't think it's going to fix the problem.

Here's the page: http://www.azcentral.com/story/news/pol ... /92316626/

BTW, I have 14 other scripts blocked for this site, plus 5 that are not blocked. That's a LOT of scripts!

[barbaz]

If you want to turn on a light, you need to flip the light switch.
If you want scripts from both facebook.com and facebook.net to run, you need to Temp-Allow both facebook.com and facebook.net in NoScript.

As for the ABE rule, try duplicating the Site line into the Accept line, like this:

Code: Select all

Site .facebook.com .facebook.net
Accept from .azcentral.com .facebook.com .facebook.net
Deny INCLUSION(SCRIPT, OBJ, SUBDOC)

[ginahoy]

If you want to turn on a light, you need to flip the light switch.
If you want scripts from both facebook.com and facebook.net to run, you need to Temp-Allow both facebook.com and facebook.net in NoScript.

Well, I already know how to do that. And I can easily automate a light switch. The purpose of my query is to see how to use ABE to create an exception. Based on the FAQ, this seems like a valid use, no?

As for the ABE rule, try duplicating the Site line into the Accept line, like this:

Code: Select all

Site .facebook.com .facebook.net
Accept from .azcentral.com .facebook.com .facebook.net
Deny INCLUSION(SCRIPT, OBJ, SUBDOC)

Ok, I just tried that and now it doesn't work for either facebook.com or facebook.net. Both remain in the untrusted list. Sigh.

[barbaz]

The purpose of my query is to see how to use ABE to create an exception. Based on the FAQ, this seems like a valid use, no?

Screwing in a loose lightbulb is certainly a valid thing to do, but that alone is not enough for the light to turn on.

Ok, I just tried that and now it doesn't work for either facebook.com or facebook.net. Both remain in the untrusted list.

(emphasis mine)
On the plus side, getting the expected results seems not to be a problem there.

[ginahoy]

getting the expected results seems not to be a problem there.

Huh? I may not be explaining myself very well. I'm simply asking if there's a way to create an exception in NS so that a script from an otherwise untrusted site will automatically be allowed to run on a given website. If ABE rules are not capable of doing this and there's no other way to accomplish this feature in NS, then fine... it would be useful to know that so I can move on. I don't understand ABE syntax and its capabilities, which is why I'm asking.

[barbaz]

viewtopic.php?p=83901#p83901

[Thrawn]

ABE rules do not make exceptions from regular script blocking. They are an added, independent layer of filtering.

However, you can effectively use them to make exceptions from script-blocking, simply by allowing the site(s) and then applying ABE rules to restrict access as desired.

[ginahoy]

ABE rules do not make exceptions from regular script blocking. They are an added, independent layer of filtering.

I lost track of this thread. A belated thanks for that clarification. Your comment plus the discussion Barbaz linked in his last comment... NOW I think I understand.

However, you can effectively use them to make exceptions from script-blocking, simply by allowing the site(s) and then applying ABE rules to restrict access as desired.

OK, I think I understand... the Deny action on the *last* line restrict access from all sites not explicitly listed after the Accept action, right?

By trial and error, I was able to verify that the Accept action works (of course, it would work since I 'Allowed' fb from Noscript drop-down menu). But in order to verify the Deny action is working as expected, I removed azcentral from the Accept list, and indeed, I was no longer able to access the comments. Apparently there's no way to directly tell if a script is blocked by ABE since it no longer shows up as Untrusted in the NS menu.

I'm not sure I understand the purpose of "INCLUSION(SCRIPT, OBJ, SUBDOC)" after the Deny action. Wouldn't just "Deny" work?

[barbaz]

I'm not sure I understand the purpose of "INCLUSION(SCRIPT, OBJ, SUBDOC)" after the Deny action. Wouldn't just "Deny" work?

Yes it would, but you're then restricting *all* requests. This would include top-level documents, so you wouldn't be able to access facebook by clicking a link on this forum.

That Deny INC(...) limits ABE to emulating NoScript active content blocking.

[ginahoy]

Yes it would, but you're then restricting *all* requests. This would include top-level documents, so you wouldn't be able to access facebook by clicking a link on this forum.

Thanks Barbaz

[barbaz]

You're welcome.

[Thrawn]

Apparently there's no way to directly tell if a script is blocked by ABE since it no longer shows up as Untrusted in the NS menu.

There should be a message logged in the Browser Console, though, whenever an ABE rule fires.