Ssenkahdavic said:
Being more complicated is a definite, though it allows for maximum flexibility. Some pages I just allow to run whatever they want (depending on what they are of course) others I specify very specific things (THIS site for example). I like having as much control over what I am using as possible. |
I do the same, because I also love having absolute control. But I sometimes get lazy to block specific scripts, and the site has to suffer for it. I've emailed the NoScript team a couple of times asking if it could implement a feature that allows users to whitelist all scripts under a top-level domain the same way AdBlock does, instead of whitelisting each site individually and giving them free reign across all domains. For instance, I may want to allow scripts from quantserve.com to run on this site, but not any other site that I visit. Right now, I'd have to manually give it temporary permissions to run when I come to VGC, then remove this permissions on my way out. I'd like to be able to say, "Run all cross-site-scripts on VGC no matter what because I completely trust that site, but if the same XSS is on another site, don't run it."
