Skip to content
This repository has been archived by the owner on Dec 11, 2019. It is now read-only.

Feature to allow scripts by origin #6431

Closed
dhiva opened this issue Dec 26, 2016 · 6 comments · Fixed by #7272
Closed

Feature to allow scripts by origin #6431

dhiva opened this issue Dec 26, 2016 · 6 comments · Fixed by #7272

Comments

@dhiva
Copy link

dhiva commented Dec 26, 2016

Test plan

#7272 (comment)


The site shield does a good job in blocking all the scripts that are executed on the page but I would like to allow specific scripts to be executed on the page. On certain websites the video player scripts are blocked and there is no way to get the player working without disabling "script block" and "ad block".

I would like to suggest a feature to whitelist and blacklist certain scripts. Or feature similar to Ghostery where I could allow specific domain scripts to be executed.

#3732 #2383 #231

@diracdeltas
Copy link
Member

+1 from someone on the internet, perhaps with an option to 'allow first party scripts only'

@diracdeltas diracdeltas self-assigned this Feb 15, 2017
@diracdeltas diracdeltas added this to the 1.0.0 milestone Feb 15, 2017
diracdeltas added a commit that referenced this issue Feb 15, 2017
fix #6431. adjusts the noScriptInfo dialog so that it can be used to allow scripts by origin, instead of all scripts on the page, when NoScript is globally enabled. removes the option to allow scripts persistently (since this can be done via the Bravery panel anyway)

todo: noScriptInfo tests
diracdeltas added a commit that referenced this issue Feb 16, 2017
fix #6431. adjusts the noScriptInfo dialog so that it can be used to allow scripts by origin, instead of all scripts on the page, when NoScript is globally enabled. removes the option to allow scripts persistently (since this can be done via the Bravery panel anyway)

auditors: @bbondy
@diracdeltas diracdeltas modified the milestones: 0.13.6, 1.0.0, 0.13.5 Feb 16, 2017
@Selhar
Copy link

Selhar commented Feb 19, 2017

Just switched to brave and this is currently my biggest problem in usability.

I'm using lastpass for example, and lastpass injects .js in each form so i can generate or autofill passwords, however if i enable Brave to block all scripts, lastpass breaks on-forms (i can still manually go to the extension and ask for it to autofill, but ain't nobody got time for that).

Whitelisting would go a long way to help in usability, but ideally i think users should be able to list and block specific scripts on each page, like in common noscript extensions. Twitter needs some JS to load the twitter feed properly, but i don't necessarily need all JS from twitter.

@luixxiul
Copy link
Contributor

@gregorygoncalves So do you mean exactly that #7272 should be superseded with another PR with which you could select scripts to be denied/allowed, not based on the origins, right?

@Selhar
Copy link

Selhar commented Feb 19, 2017

@luixxiul Oh, i hand's seen #7272. And yep, #7272 is pretty good tho, either would be sufficient, but having the ability to block each .js manually comes in handy sometimes.

@diracdeltas
Copy link
Member

unfortunately we don't have an easy way to whitelist specific scripts (only scripts by origin), so that will not be done in the near future.

@cndouglas cndouglas changed the title Feature to allow specific script to be executed Feature to allow scripts by origin Feb 21, 2017
@cndouglas
Copy link

Renamed to match the PR (#7272).

diracdeltas added a commit that referenced this issue Feb 22, 2017
fix #6431. adjusts the noScriptInfo dialog so that it can be used to allow scripts by origin, instead of all scripts on the page, when NoScript is globally enabled. removes the option to allow scripts persistently (since this can be done via the Bravery panel anyway)

auditors: @bbondy
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.