How should we handle scripts from other domains?

[gbaptista]

For the next release I'm working on detecting external scripts used by websites. A website can load javascript codes executed inside iframes:

You can imagine something like this:

├ yahoo.com (localhost:300)
│ ├ pixel.facebook.com (tracker:3000)
│ ├ coinhive.com (cryptominer:3000)
│ │ ├ googletagservices.com (subtracker:3000)

If something is blocked in the main domain, should this reflect on the other domains loaded on the website? Not sure which way is best. I do not want to make the user experience too complicated.

I am inclined to the following idea:

├ yahoo.com (localhost:300) [block an event]
│ ├ pixel.facebook.com (tracker:3000) [blocks too, is blocked on yahoo.com]
│ ├ coinhive.com (cryptominer:3000) [blocks too, is blocked on yahoo.com]
│ │ ├ googletagservices.com (subtracker:3000) [blocks too, is blocked on yahoo.com]

[Atavic]

Is your idea the default option? Seems reasonable. Maybe I'm wrong but some rare exceptions could be when the user wants to leave a comment onto a site where some trackers are blocked.

I met some blogspot or wordpress blogs with malicious scripts or plainly hijacked... I refrained from commenting on those blogs.

[gbaptista]

@Atavic:

Is your idea the default option?

Yes!

user wants to leave a comment onto a site where some trackers are blocked.

Makes sense. As the blocking is done by specific events, I do not think we will have problems with this type of scenario. I mean, I can block getBattery for the whole site and the other codes will continue to function normally. Of course we can discover some problematic scenario over time, but then we can analyze the case and decide how to make improvements.

[gbaptista]

Ideas applied in version 0.0.24. Closing this issue for now.