@ XxMayhemxx: My
personal policy is to deny, or rather, leave denied, *everthing*, except that which is absolutely necessary for the specific function you want (even if the rest of the page stays broken). Then, and only then, is there a decision about whether those particular items are trustworthy. Cuts the decision-making tremendously, by cutting the universe of scripts etc. tremendously.
Everyone's usage and system are different. This is a personal opinion and does not represent the forum, developer, or product, and conveys no rights or warranties.
@ GµårÐïåñ: Giorgio himself would be the one to answer that, but from
the announcement:
Many of the threats NoScript is currently capable of handling, such as XSS, CSRF or ClickJacking, have one common evil root: lack of proper isolation at the web application level. Since the web has not been originally conceived as an application platform, it misses some key features required for ensuring application security. Actually, it cannot even define what a “web application” is, or declare its boundaries especially if they span across multiple domains, a scenario becoming more common and common in these “mashups” and “social media” days.
The idea behind the Application Boundaries Enforcer (ABE) module is hardening the web application oriented protections already provided by NoScript, by developing a firewall-like component running inside the browser. It will be specialized in defining and guarding the boundaries of each sensitive web application relevant to the user (e.g. webmail, online banking and so on), according to policies defined either by the user himself, or by the web developer/administrator, or by a trusted 3rd party.
Rules for the most popular web applications will be made downloadable and/or available via automatic updates for opt-in subscribers, and UI front-ends will be provided to edit them manually or through a transparent auto-learning process, while browsing. Additionally, web developers or administrator will be able to declare policies for their own web applications: ABE will honor them, unless they conflict with more restrictive user-defined rules.
Sounds like you could ask a trusted third party to provide *rules*, but that still doesn't tell you anything about the particular script/object itself. Rules aren't a database of individuals, and as Alan pointed out, the number of executable objects out there changes by the thousands every second. But yes, ABE might assist the OP and others who wish to use the opt-in subscription or implement rules of a third party that they trust.