NoScript is a powerful add-on for the Firefox web browser that gives you control over web scripts and several other security related features.
Its core feature is the blocking of scripts loaded by websites to improve overall security and also privacy.
While that requires initial configuration on the user's part, as some websites may stop functioning at all or partially after the installation of the add-on, it is held in high regard by security conscious users.
Scripts can be enabled temporarily or permanently. Permanently makes sense if you use a service regularly, trust it and don't want to whitelist it temporarily each time you visit it.
Sometimes, you may come upon scripts that you only want to enable on select sites but not on all. You may want to enable scripts from Facebook domains on Facebook for instance but not on third-party sites.
Or, to take a recent example closer to home, enable advertising domains here on Ghacks but not generally.
This cannot be done in the frontend. If you enable a script temporarily or permanently there, that rule is valid for all sites you visit.
Enter ABE, NoScript's Application Boundaries Enforcer. It is a powerful module that allows you to add custom configurations to NoScript.
The system looks complicated on first glance as it uses a specific syntax to define rules. Each rule is made up of directives that define it.
- Resources define the boundaries of the rule. A resource can be a site address, a single page on a site or global.
- Actions define what is and what is not allowed, or how requests are handled.
One of the examples given on the NoScript website is the following one:
Site .facebook.com .fbcdn.net
Accept from .facebook.com .fbcdn.net
Deny INCLUSION(SCRIPT, OBJ, SUBDOC)
It defines facebook.com and fbcdn.net as the resources the rule is set for, that requests from those domains should be accessed on them, and to deny the inclusion of scripts and objects on all other resources.
If you want to allow advertising scripts to run on Ghacks but not on other sites, you can add the following rules to NoScript:
Site .doubleclick.net .googleadservices.com .googlesyndication.com .googletagservices.com
Accept from .doubleclick.net .googleadservices.com .googlesyndication.com .googletagservices.com https://www.ghacks.net
This allows the scripts to run here on Ghacks. If you want to support other websites this way, you can simply add them to the list of accepted resources to do so.
Rules are added in the NoScript configuration. To open the options of the extension, either load about:addons and click on the options button next to NoScript, or open the options from one of the extension's menus instead.
There you need to switch to the advanced tab and then to ABE.
To add a rule, simply write it directly in the user section or paste it in. It is still necessary afterwards to whitelist the domains in question.
If you do, rules are enforced automatically based on that configuration. This means basically that you can define exceptions for some sites only using NoScript.