ThrawnCA
commented
5 years ago IIUC the underlying implementation of the regular script-blocking is flexible enough to handle this in 10.x, although the interface may not be complex enough to expose it.
Open aead opened 5 years ago
ThrawnCA
commented
5 years ago IIUC the underlying implementation of the regular script-blocking is flexible enough to handle this in 10.x, although the interface may not be complex enough to expose it.
aead
commented
5 years ago @ThrawnCA That may be the case. I'm not sure whether it's okay to expose an ABE rule set as part of the policy.json and incrementally build a UI for ABE or whether it's better to add everything at once...
In general, IMO, it would be sufficient for many users to have a 4-th option - e.g. "allow on this domain" additionally to "allow", "allow temporally" and "block".
musonius
commented
5 years ago In general, IMO, it would be sufficient for many users to have a 4-th option - e.g. "allow on this domain" additionally to "allow", "allow temporally" and "block".
Another possibility would be another button like the red/green padlock for HTTP/HTTPS. This would offer full flexibility without taking much space.
ThrawnCA
commented
5 years ago aead
commented
5 years ago @musonius For the described use-case that would be an option, too. E.g. a button with the semantics: rule apply only on this domain. For example setting Domain-A as trusted on Domain-B and clicking this button would cause Domain-A be trusted only on Domain-B but not on Domain-C.
PatrickJRed
commented
5 years ago The ABE-feature is still mentioned at the official website (https://noscript.net/abe/ and https://noscript.net/faq) even though it is not implemented/visible in the webextension (i got version 10.6.3). I do think in todays days where most people use plenty of 3rd-party cdns' and js-dns', the opportunity to only allow scripts (fetch,img,media,...) from thoose sites only when neccessary. --> some sites i use include the kind of cdn' i'd like not to have allowed in other sites (mostly gstatic... and similiar/partially tracking ones).
possible implementation-ideas
PatrickJRed
commented
5 years ago just checked your homepage again
you should really update the abe-section with the information that abe isnt supported in webextension (now have 11.0.7)
TFWol
commented
4 years ago just checked your homepage again
you should really update the abe-section with the information that abe isnt supported in webextension (now have 11.0.7)
I just checked myself and still see no mention, at least anything I could find, of ABE not being supported. I've been using uMatrix to supplement things like this; I can get everything tweaked from the GUI without leaving the tab when advanced settings are turned on.
IanNov
commented
4 years ago Checked again, ABE is still not supported in latest stable version. ABE-section has not been updated either. Please at least update ABE section, so it states, that ABE is not currently part of latest version,
I had to ask on noscript's forum, because I simply couldn't find ABE in latest version, while ABE section said, it's there (https://forums.informaction.com/viewtopic.php?f=7&t=25962&sid=1d8a03f352ba790476829620e138f1a5).
TFWol
commented
4 years ago Checked again, ABE is still not supported in latest stable version. ABE-section has not been updated either. Please at least update ABE section, so it states, that ABE is not currently part of latest version,
I had to ask on noscript's forum, because I simply couldn't find ABE in latest version, while ABE section said, it's there (https://forums.informaction.com/viewtopic.php?f=7&t=25962&sid=1d8a03f352ba790476829620e138f1a5).
I concur.
This is a feature request for ABE being added to NoScript 10.x / quantum.
Use case (example): I'm using firefox containers to ensure that e.g.
twitter.comonly has access to a pre-defined scope (cookies, local storage, ...). (Actually I'm redirecting twitter.com -> mobile.twitter.com). Now I want to allow JS for*.twitter.comand*.twimg.combut only if I'm onmobile.twitter.com. So the current state is that I'm redirecting anytwitter.comlink tomobile.twitter.comand firefox containers ensure that all tabs are running the same "twitter" container. The only two options at the moment are:twitter.com / twimg.comscripts permanently. That would also allow e.gtwimg.comJS ontwitter.com / twimg.comscripts temporally when I visitmobile.twitter.com(which is kind of annoying). But even worse as soon as I've visitedmobile.twitter.comonce thetwimg.comJS onBTW: Thank you for this amazing addon which makes the web a lot safer and increases peoples privacy :tada: