Apart from true extensions/add-ons, one could also use Greasemonkey scripts. This normally requires either an add-on or built-in browser support†. But for non-HTTPS sites on a Mac one can use GlimmerBlocker to add such script to all browsers in one go:
GlimmerBlocker is implemented as an http proxy, so the stability of Safari [or any browser, Arjan] isn't compromised because it doesn't use any hacks. It is even compatible with all other browsers and other native Mac OS X applications which uses http, e.g. NetNewsWire.
You'll always be able to upgrade Safari [or any browser] without breaking GlimmerBlocker (or waiting for a new release); and you'll be able to upgrade GlimmerBlocker without upgrading Safari [or any browser]. This makes it much easier to use the beta versions [..].
Apart from simply blocking references to .swf
, one could also use its Transform option to rewrite the HTML. But the easiest solution is the GlimmerBlocker feature to add any JavaScript to any page:
- Add a new Rule (optionally, first add a new Filter to store the Rule)
- Set "Rule Type" to "Whitelist URL, optionally modifying content"
- On the "javascript" pane add the source of, for example, the AdBlock Greasemonkey script by Alexey Ruzanov.
I have not used Alexey Ruzanov's real add-on, but in his Greasemonkey script pressing Option-F toggles whitelisting of the current website. To temporarily enable some specific Flash, click the Flash icon that is shown for blocked content. Right-click (or Ctrl-click) that icon for more options, including copying the Flash URL. Unfortunately, whether or not a site is whitelisted is remembered using either DOM Storage or cookies, and both are browser-specific. So, enabling Flash in one browser does not enable it in another.
And of course, as a bonus one gets GlimmerBlocker's ad blocking, for plain HTTP sites.
However, beware:
FlashBlock uses HTML local storage, and hence might leave a trail on your local harddisk for each site you visit, regardless if it uses Flash and even in private browsing modes.
This cannot be used to filter secure HTTPS pages. The proxy cannot peek into the content, let alone change it. Even more, GlimmerBlocker cannot block on IP address either: the value for "Host" is really the value of the Host header, which it cannot see in HTTPS traffic. That aside, blocking on IP address is easier done in a hosts file.
Even when viewing a plain HTTP page, then references to HTTPS resources cannot be blocked either. Like to stop HTTP websites from telling Google and Facebook what you're viewing, blocking <iframe src="https://plusone.google.com/...">
really needs you to change the HTML of the page that you're viewing. Browser add-ons do a much better job there, and are probably also updated when domains change. Still, for those who insist to do it in GlimmerBlocker: one could rewrite specific domains to some dummy. On the "transform" pane, set "Only for content-type" to "any text type", and add:
// Rewrite "plusone.google.com" to "plusone.google.com.blocked", and so on:
replace(/(plusone\.google\.com)/g, "$1.blocked");
replace(/(apis\.google\.com)(\/js\/plusone)/g, "$1.blocked$2");
replace(/(facebook\.com)/g, "$1.blocked");
replace(/(facebook\.net)/g, "$1.blocked");
replace(/(fbcdn\.net)/g, "$1.blocked");
This will still fail if some JavaScript writes out the domain names in a way that is not easily recognized by simple text replacement.
† Like for Firefox one needs the original add-on, but Opera and Chrome have built-in support. See Wikipedia for more browser details.
I've extended my answer a bit: GlimmerBlocker fails when using HTTPS. So I guess mine is not the best answer. Feel free to accept your own as the best ;-)
– Arjan – 2011-07-24T17:37:03.410ruzanow's flashblock also gives you a whitelist, if you right click on a flash element. – yanokwa – 2010-01-02T17:28:12.943