InformAction Forums

I want to block all third-party scripts only except the ones I whitelist. I can do this by temporarily allowing top-level sites. But the site remains whitelisted until I revoke it manually or restart the browser. This causes problems where, for example, I visit facebook.com, it's temporarily whitelisted, then I visit another site but facebook.com scripts are still allowed. It would be nice if there was an option to allow top-level sites without whitelisting them.

You can do this with an ABE rule, but you'll have to write exceptions to it by hand: Or RequestPolicy, but that will block all cross-site requests, including images and stylesheets.

yeahman wrote:... It would be nice if there was an option to allow top-level sites without whitelisting them.

There is. It's "temporarily allow", but as you noted, you must remember to "revoke temporary permissions" before leaving the site.
I do this fairly frequently. (Probably more than most, in the process of visiting sites I've never heard of, to help a user with their reported site.)

If the number of sites or scripts to which this applies is fairly small, it might be easier to use Thrawn's ABE suggestion in the opposite manner, by enumerating only the restricted scripts:
... and similarly for other sites.

So it depends on which is easier: Thrawn's rule, with all exceptions added by hand, or this rule, writing only the sites to which it applies.

Actually Thrawn's rule as presented is a more generalized single shot wildcard versus your rules which are far more time consuming to create for every exception. The first rule says every site make sure it comes from itself or deny it, but your says, make sure each site comes from itself by individually identifying them. one rule, verus MANY, and adding exceptions to that one rule would take much less time than create a full rule for ever site you come across.