InformAction Forums

I just came across an interesting add-on called decentraleyes https://addons.mozilla.org/en-US/firefo ... ntraleyes/ that intercepts some javascript queries. It seems to know and respect other blockers, including NoScript. Also, it seems that it requires a permanent whitelist on "file://", or else it will not work. What are the ramifications of whitelisting "file://" to always run javascript? I have only used it a few times, and figued it would be better to leave it as a temporary allow rather than a permanent allow.

Do you trust your own filesystem? If not, you may have a much bigger problem than Javascript permissions for one addon!

That said, some people do download spam/malware webpages and analyse them locally in their web browser. If that describes you, it's fair to not want to whitelist "file://". In which case, your best bet would be to set up NoScript surrogate script for the JS you want to run local replacements. For example, to do this for jQuery -

1) Download jQuery from its official site - https://code.jquery.com/
2) Drag the downloaded file into the browser window, and copy the file: URL in the address bar
3) Go to about:config
4) Right-click > New > String
name: noscript.surrogate.jquery.replacement
for value, paste in the file: URL
5) right-click > New > String
name: noscript.surrogate.jquery.sources
value: That will make your downloaded jquery replace *all* blocked jquery. If, for example, you only want to replace googleapis jquery, you could try this value - 6) Test it: Go to a site with jquery loaded from a third-party CDN, then Forbid the domain it's served from. If it doesn't work, and if the file: URL has any spaces, replace each space with "%20" (without quotes) and try again.


Does this help?