You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Now, in my opinion, temp trusted works quite strangely. Let's consider as an example the site lifehacker.ru, which has quite a lot of third-party scripts.
By default, the noscript settings were changed to set temporary permissions for the top-level domain.
In the list of domains we see at least mail.ru and yandex.ru Let's try to open them in neighboring tabs.
Mail.ru also has a dependency on yandex.ru. Yandex.ru redirects us to dzen.ru.
As we can see in these images, domains are set to temporarily trusted in accordance with the settings. If we return to the first site, we see that by visiting these sites, we have opened access to these sites for it.
In my opinion, it's not safe. And not rational. Moreover, temporary permits not only work on all sites at once without restrictions, they also work until the browser is closed or all temporary permissions are manually revoked.
What is proposed to do
There are several proposals for changing the work of temporary permits.
Temporary trust should be valid only on the site (page) where they were issued. That is, if I have issued temporary permits on one site, they should not apply to other sites.
If the option to issue temporary trust to a top-level site is enabled, these permissions will only work on the sites of the specified top domain, the permission should not apply to other domains on which scripts from the specified domain are placed.
Temporary permissions must be cancelled when the tab is closed.
Thus, the temporary trust that will be issued will affect only the site on which we operate and will not affect the work of other sites or contributions. This will allow you to correctly test the changes without affecting neighbouring tabs. Or view the site without affecting the work of other sites. Temporary permits should be issued very limited and, after verification, should be transferred to the category of permanent ones.
If this change contradicts the main idea of the extension, I suggest changing the behaviour of only the "temporary trust for top-level domains" settings. This is where it has the main impact.
The text was updated successfully, but these errors were encountered:
Now, in my opinion, temp trusted works quite strangely. Let's consider as an example the site lifehacker.ru, which has quite a lot of third-party scripts.
By default, the noscript settings were changed to set temporary permissions for the top-level domain.
In the list of domains we see at least mail.ru and yandex.ru Let's try to open them in neighboring tabs.
Mail.ru also has a dependency on yandex.ru. Yandex.ru redirects us to dzen.ru.
As we can see in these images, domains are set to temporarily trusted in accordance with the settings. If we return to the first site, we see that by visiting these sites, we have opened access to these sites for it.
In my opinion, it's not safe. And not rational. Moreover, temporary permits not only work on all sites at once without restrictions, they also work until the browser is closed or all temporary permissions are manually revoked.
What is proposed to do
There are several proposals for changing the work of temporary permits.
Thus, the temporary trust that will be issued will affect only the site on which we operate and will not affect the work of other sites or contributions. This will allow you to correctly test the changes without affecting neighbouring tabs. Or view the site without affecting the work of other sites. Temporary permits should be issued very limited and, after verification, should be transferred to the category of permanent ones.
If this change contradicts the main idea of the extension, I suggest changing the behaviour of only the "temporary trust for top-level domains" settings. This is where it has the main impact.
The text was updated successfully, but these errors were encountered: