2
I notice that there has recently been a big update to both Firefox and NoScript and that NoScript appears to white listing certain sites now like Facebook without my permission. It seems to have some list of privileged domains that it is allowing by default.
How can I stop it from doing this? I want to configure NoScript so it only allows JavaScript from domains that I specifically and explicitly allow.
1I know how make trust settings for individual domains. The question is how to stop NS from whitelisting sites I have not specifically approved. As far as I can tell, the default action for a domain is to block scripts. – Tyler Durden – 2017-11-29T16:46:32.360
Hi Tyler, I have cloned my profile and installed a parallel version of FFX 57 so I can test and try to better understand. I will hopefully be able to update my answer. Could you say whether you upgraded to FFX57 and NoScript 10 from an existing profile, and whether Facebook was white-listed or black-listed in that profile? – Mike Chapman – 2017-11-30T10:54:00.427
1
The list of default whitelisted sites for the old NoScript (version 5.x) is short. It inlcudes youtube, netflix, google, yahoo and some Microsoft sites, but not Facebook: https://noscript.net/faq see sections 1.5 and 3.3. There is no reason to believe that Facebook is suddenly whitelisted by default, that's why I ask about any previous settings.
– Mike Chapman – 2017-11-30T10:57:06.253After spending quite some time today working with the new version of NoScript, I have to conclude that, like the old version, it doesn't whitelist sites without your permission, except for the ones listed in the FAQ. If you can give me reproducible examples, I am perfectly willing to check out the behavior with you. Probably they were already whitelisted without you remembering it, or you whitelisted them by accident without realizing. You can view and search the list of your definitions in the Options, which opens in a new tab. – Mike Chapman – 2017-11-30T22:37:16.573
How do you "Find the Facebook entry"? – Peter Mortensen – 2017-12-03T19:24:53.297
Click on the NoScript icon in the toolbar, then select the options button from the drop-down menu (hover over icons to see their function). The options page opens in a new tab; click in the field labeled "Address of the website" and type facebook. It will select all domains containing facebook. Alternatively, you can go to the Facebook website and when you click on NoScript in the toolbar, it will be listed. – Mike Chapman – 2017-12-04T22:13:37.203