"Allow all this page" allows all the scripts that the current page refferences (from any domain). The gottcha is that those scripts may add refferences to additional domains that are still blocked. The site may also refference scripts on additional domains on other pages that you may navigate later. You may have to "Allow all this page" several times on the same site before all the scripts the site uses are unblocked.
NoScript is quite flexible in what it blocks, but it can take quite a bit of effort to get the results you're looking for. The inconvienience is directly related to the security that NoScript provides. If you want site specific javascript blocking, but don't want to set up the rules yourself, you could look for whitelists to import into NoScript (of course this is delegating your decision to trust a site to the source of the whitelist).
the noscript site states:
For example, setting the noscript.allowedMimeRegExp
preference value
to
FRAME@https?://somesite\.com
FONT@https?://some-other-site\.com
WebGL@https://www\.khronos\.org
will permanently allow any
FRAME/IFRAME load from somesite.com, web fonts from
some-other-site.com and WebGL 3D content from https://www.khronos.org
.
I don't think the ABE can do it. One hacky way to enable the font only for a particular site/domain is to use Vimperator/Pentadactyl and change the MimeRegExp setting automatically on a LocationChange event. To revert the setting when leaving the page, you could use this simple function (got it from Anekos) in .vimperatorrc that uses an expression with a negative lookahead:
js <<EOM
function add_AutoCommand(URI, onEnter, onLeave) {
let entered = false;
autocommands.add('LocationChange', '(?!' + URI + ')', function () {
if (entered) {
entered = false;
onLeave();
}
});
autocommands.add('LocationChange', URI, function () {
onEnter();
entered = true;
});
}
add_AutoCommand(https?://allow-font-on-this-site\.com,
:set! noscript.allowedMimeRegExp="FONT@https?://some-other-site\.com",
:set! noscript.allowedMimeRegExp=" "
);
EOM
I haven't tested this but I will.
EDIT: it should be
add_AutoCommand('https?:\/\/allow-font-on-this-site\\.com.*',
function(){options.setPref("noscript.allowedMimeRegExp",
"FONT@http://fonts.gstatic.com")},
function(){options.setPref("noscript.allowedMimeRegExp",
"")}
);
...but noscript doesn't pick up on the preference unless the page is reloaded, so either manually reload or use tabs.reload(config.browser.mCurrentTab, false);
It seems that you should set a boolean and a timeout to prevent LocationChange to execute (thus, looping) the reload again. Perhaps another autocmd on the PageLoadPre event might be used for the boolean. This is getting quite ugly I know. Sorry.
ps. a more useful application of simple URL-based pref switching is obviously changing the download directory.
EDIT (2017): With uBlock Origin you can specifically target certain types of html objects, files or behaviors.
Both dynamic as well as static rules specify that origins are allowed for a domain/url. I've been using this for a few years now. Types include font as well as inline-script, stylesheet, image, object, script, xmlhttprequest, sub_frame, media, websocket, popunder and popup.
example rules:
* * 3p block
no-remote-fonts: * true
no-remote-fonts: allow-font-on-this-site.com false
allow-font-on-this-site.com font-cdn.org noop
which mean:
- block third party request from any page to anywhere
- block third party fonts on any page from anywhere
- re-enable third party fonts on a page on the domain allow-font-on-this-site.com from anywhere
- optionally re-enable request on our page to origins on the domain font-cdn.org
With noop ('no operation') we still apply static rule filtering (commonly defined in distributed rules known as ad-blocking or malvertising lists).
Best Answer
NoScript allows blacklisting. Just select "Allow script globally (dangerous)", then use "Forbid google-analytics.com".