Quote
Tim
Make a javascript security option similar to cookie security. Allowing only 1st party javascript would be a good default. E.g. when you go directly to somebenignsite.com, javascript is allowed for that site but the random banner which may be from exploits-r-us.com can't execute javascript because it is 3rd party.
I know about noscript but it sucks and it can't do this.
Of course it can. You put all of the benignsites.com in your whitelist, and even more importantly, every time you see a script from ads-r-us.com or exploits-r-us.com, you mark it as "untrusted". Don't just disallow it, mark as untrusted. NoScript will never again ask you about ads-r-us or whatever, unless you tell it to. It will block it by default.
If you mean a single setting that automatically allows all first-party JS, I'm not sure that's a good idea. I don't allow any 1st-party js either unless (a) I trust the site AND (b) I need that script for the function I want to perform. No reason to give blanket permission for all first-party sites. Not all sites are trustworthy in the first party.
I'm referring to the behavior of NS in FX. I'm considering trying KM, so if it changes NS to a manner different from the above, please tell me. Thank you!