Hi:
First, thank you for writing NoScript!!
I am seeing a lot more sites that use googleapi.com on sites I visit and I want to conditionally accept it based on a site I've allowed, usually temporarily. I've seen the the examples and they specifie the site I want to conditionally allow, the site where I am at where they're accepted and blanket deny.
i.e.:
Site googleapis.com *.googleapis.com
Accept from *xyz.com
Deny
I've seen the facebook ABE exception and it is defined as:
Site .facebook.com .fbcdn.net
Accept from .facebook.com .fbcdn.net
Deny INCLUSION(SCRIPT, OBJ, SUBDOC)
Could I specify INCLUSION in the Accept so that anything I accept either permanently or temporarily in the Whitelist is automatically included without having to modify my ABE definition?
My Whitelist is very small and I manually accept many sites on a temporary basis.
So...
Site *googleapis.com
Accept INCLUSION
Deny
Would this work? Or should I specify
Accept INCLUSION(SCRIPT)
or
Accept INCLUSION(SCRIPT, OBJ, SUBDOC)
?
What are the various parameters I could use for INCLUSION? Are there any other types of Accept methods? The SYSTEM ruleset uses "Accept from LOCAL".
I anticipate temporarily allowing googleapis.com but does it really matter if I allow on a temporary or permanent basis since ABE specifies it only for specific domains.
Finally, for those who want to use HTTPS, you can add *googleapis.com in the Advanced > HTTPS > Force text box.
Thanks
Q re: ABE and conditional accepts
Q re: ABE and conditional accepts
Mozilla/5.0 (Windows NT 5.2; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Re: Q re: ABE and conditional accepts
The Inclusion keyword does not relate to your list of trusted sites. It woul d be interesting to have such a keyword, but probably wouldn't really suit ABE's primary purpose of preventing CSRF and similar attacks. For general cross-site control, I recommend RequestPolicy.
Inclusion actually refers to including resources (scripts, images, etc) in a page, as opposed to a top-level request. So,
means sites can't use images hosted on example.com, while
means sites can't even link to it.
Inclusion actually refers to including resources (scripts, images, etc) in a page, as opposed to a top-level request. So,
Code: Select all
Site example.com
Deny INCLUSION
Code: Select all
Site example.com
Deny======
Thrawn
------------
Religion is not the opium of the masses. Daily life is the opium of the masses.
True religion, which dares to acknowledge death and challenge the way we live, is an attempt to wake up.
Thrawn
------------
Religion is not the opium of the masses. Daily life is the opium of the masses.
True religion, which dares to acknowledge death and challenge the way we live, is an attempt to wake up.
Mozilla/5.0 (Linux; U; Android 2.2.1; en-gb; GT-S5570 Build/FROYO) AppleWebKit/533.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/533.1