InformAction Forums

Hi
im using websites that use (amongst others )the ...jwpcdn.com and …jwplatform.com scripts.
its bothersome to reactivate the scripts and reload the page a few times before the page works as needed, but its the only possibility to prevent these commonly used (presumably javascript) scripts from working on other sites.
i suggest adding a "Disable <script> on website <website> else <disable>" funktion to this programm.
im looking forward to a possible change/response.

Per-site permissions and reintroducing ABE are already planned. At least one of those will provide ability to do what you want.

If you set only "script" privilege for those domains, then it will only be javascript that you get from there (so yes, definitely javascript).

Do note that these scripts cannot run on any other page unless you have allowed scripts for that page.

skriptimaahinen wrote:Do note that these scripts cannot run on any other page unless you have allowed scripts for that page.

If you allow scripts from domain jwpcdn.com on a any page, then scripts from jwpcdn.com can execute on all other pages too (UPDATE: except see the below replies for an exception).

My point as example:

Assume site A.com that uses scripts from jwpcdn.com. You have allowed both and the scripts work for the site as expected.

You go to site B.com, that also tries to use scripts from jwpcdn.com, but you have NOT allowed scripts for site B.com. Scripts from NEITHER B.com or jwpcdn.com are run on B.com!

If you do allow B.com, then scripts from jwpcdn.com are also run on B.com without need to re-allow jwpcdn.com.

skriptimaahinen wrote:Assume site A.com that uses scripts from jwpcdn.com. You have allowed both and the scripts work for the site as expected.

You go to site B.com, that also tries to use scripts from jwpcdn.com, but you have NOT allowed scripts for site B.com. Scripts from NEITHER B.com or jwpcdn.com are run on B.com!

Is this true even if the static HTML at B.com directly loads the script from jwpcdn.com using <script src="http://jwpcdn.com/...">?

Yes. If you have not allowed the site, NoScript will set CSP (Content-Security-Policy) directive script-src:'none'. This will prevent any and all scripts from running on the site, including inline scripts, on-event handlers and script-tags.

You can check this for yourself by opening developer toolbar (shift-F2) and typing "security csp". This will show all the active CSP rules. Note that some sites might add their own rules too.