[RESOLVED] Block non-host scripts?

[CaptainUberCool]

Hi, I'm sure there is a way, because noscript is just awesome. but is it possible to block scripts that do not originate from the host, but still whitelist them when on their respective domains? example, google, youtube, facebook etc.

Thanks.

[Giorgio Maone]

http://noscript.net/faq#qa8_10

[CaptainUberCool]

Thanks for the quick response man! exactly what i was looking for; i saw it somewhere before, i just couldn't remember where.


Cheers. (:

[CaptainUberCool]

Just a quick question with wildcards. would this be a legitimate rule?

Site google.* *.google.*
Accept from google.* *.google.*
Deny


or would i have to specify the TLDs separately?

Thanks.

[Giorgio Maone]

Just a quick question with wildcards. would this be a legitimate rule?

Site google.* *.google.*
Accept from google.* *.google.*
Deny


or would i have to specify the TLDs separately?

It's OK, but you can collapse google.* and *.google.* into .google.*, so it becomes

Code: Select all

Site .google.*
Accept from .google.*
Deny

[CaptainUberCool]

and .google.* would still include a domain that doesn't contain www.? ie just google.com or instance.

Thanks.

[Giorgio Maone]

and .google.* would still include a domain that doesn't contain www.? ie just google.com or instance.

Yes it would.
.google.com matches both http://www.google.com and google.com, while *.google.com matches all the subdomains but NOT google.com, and google.com matches only google.com.

[CaptainUberCool]

Thanks man, a very useful feature!

Thanks again. (:

[CaptainUberCool]

it appears that some GET requests are being blocked. signing into youtube, which requires google.com and google.com's rss feeds homepage which requires gmodules.com.
i can sign into gmail ok, from there i can access my rss homepage, but obviously still not youtube.


here are the broken rules:

Code: Select all

# block google except on google
Site .google.*
Accept from .google.*
Deny

# block youtube
Site .youtube.*
Accept from .youtube.*
Deny

i have tried

Code: Select all

# block google except on google
Site .google.* .gmodules.*
Accept from .google.*
Deny

# block youtube
Site .youtube.* .google.*
Accept from .youtube.*
Deny

but to no avail.


here are snapshots of the error messages.
google.co.uk
http://img695.imageshack.us/img695/678/snapshot8j.jpg


youtube.co.uk
http://img808.imageshack.us/img808/3049/snapshot7y.jpg



Thanks. sorry to take up your time.

[Giorgio Maone]

Rather than DENYing everything, you probably want to deny only some kinds of INCLUSIONs, e.g. SCRIPTs and OBJects:

Code: Select all

Site .google.*
Accept from .google.*
Deny INCLUSION(SCRIPT, OBJ)

Furthermore, you can choose to ACCEPT requests from some sites (.gmodules.com and .youtube.com in this case), e.g.:

Code: Select all

Site .google.*
Accept from .google.* .youtube.com .gmodules.com
Deny INCLUSION(SCRIPT, OBJ)

Please check the docs at http://noscript.net/abe for more details.

[Guest]

Thanks, i read over that post you linked. It, was interesting. it seems simple enough, but if it's not too much trouble, could i run a couple of questions by you?

i noticed the recaptchas on certain sites broke, so i amended the google rule. is it still valid?

Code: Select all

Site .google.com/recaptcha* // i added these two lines.
Accept from ALL

Site .google.*
Accept from .google.* .youtube.* .gmodules.*
Deny INCLUSION(SCRIPT, OBJ)

secondly, there is an article here:
http://arstechnica.com/business/guides/ ... acking.ars
that states a rule like this is necessary.

Code: Select all

Site http://ad.doubleclick.net/adj/ars.dart/
Accept from arstechnica.com *.arstechnica.com
Deny

Site doubleclick.net *.doubleclick.net
Deny

wouldn't:

Code: Select all

Site http://ad.doubleclick.net/adj/ars.dart/
Accept from arstechnica.com *.arstechnica.com
Deny

be suffice?

i just want to clear up some misunderstandings before i start making rules. thank you.

[Giorgio Maone]

i noticed the recaptchas on certain sites broke, so i amended the google rule. is it still valid?

Code: Select all

Site .google.com/recaptcha* // i added these two lines.
Accept from ALL

Site .google.*
Accept from .google.* .youtube.* .gmodules.*
Deny INCLUSION(SCRIPT, OBJ)

It's fine, provided that "// i added these two lines" is not really there.
Comments can only be introduced by a "#" at the beginning of the line.

secondly, there is an article here:
http://arstechnica.com/business/guides/ ... acking.ars
that states a rule like this is necessary.

Code: Select all

Site http://ad.doubleclick.net/adj/ars.dart/
Accept from arstechnica.com *.arstechnica.com
Deny

Site doubleclick.net *.doubleclick.net
Deny

wouldn't:

Code: Select all

Site http://ad.doubleclick.net/adj/ars.dart/
Accept from arstechnica.com *.arstechnica.com
Deny

be suffice?

Yes. However Ars Technica's rules blocks any request (not just scripts and active content) for doubleclick.com.
Their rule could be simplified using the collapsed "domain + subdomains" form, though:

Code: Select all

Site http://ad.doubleclick.net/adj/ars.dart/
Accept from .arstechnica.com

Site .doubleclick.net
Deny

[tlu]

.google.com matches both http://www.google.com and google.com, while *.google.com matches all the subdomains but NOT google.com, and google.com matches only google.com.

Giorgio, it seems that I'm having a mental block right now. I'm not able to fully understand the difference between .google.com and *.google.com

Could you please give some examples how this syntax really works?

[dhouwn]

• .example.com matches example.com and bla.example.com
• *.example.com just matches bla.example.com

It's an extension to the common globbing mechanism.

[tlu]

• .example.com matches example.com and bla.example.com
• *.example.com just matches bla.example.com

It's an extension to the common globbing mechanism.

Ah - thank you. This makes it clearer. (I told you I had a mental block )