Allowing only certain sites to use JavaScript: Difference between revisions

This article applies to Firefox and Mozilla Suite

If you prefer to keep JavaScript turned off but need it for a few sites, you can configure the browser to use a JavaScript site "whitelist." There is no built-in interface to do this, so you will need to edit user.js. You can also edit about:config, but due to a bug, you will not see the changes you've made (though they will take effect).

In user.js, add the following lines:

user_pref("capability.policy.policynames", "jsok");
user_pref("capability.policy.default.javascript.enabled", "noAccess");
user_pref("capability.policy.jsok.sites", "http://www.example.com");
user_pref("capability.policy.jsok.javascript.enabled", "allAccess");

The line with capability.policy.jsok.sites can have multiple websites separated by spaces, like so:

user_pref("capability.policy.jsok.sites", "http://www.example.com http://www.example.net");

(Naturally, you would replace http://www.example.com and http://www.example.net with sites you wanted to whitelist.)

Similarly, you can create a JavaScript site "blacklist" — that is, allow JavaScript on every site but those you specify. For this behavior, you would add the following lines to user.js:

user_pref("capability.policy.policynames", "nojs");
user_pref("capability.policy.nojs.sites", "http://www.example.com http://www.example.net");
user_pref("capability.policy.nojs.javascript.enabled", "noAccess");

These examples were taken from the CAPS documentation.

You should have JavaScript enabled when you use these preferences, because disabling it will override these settings.

See Also

• Configurable Security Policies (CAPS)
• Editing configuration
• JavaScript