Allowing only certain sites to use JavaScript: Difference between revisions

From MozillaZine Knowledge Base
Jump to navigationJump to search
(Added links to NoScript)
m (See also/External links)
Line 30: Line 30:
You need to restart your browser after editing user.js, otherwise the changes will not take effect.
You need to restart your browser after editing user.js, otherwise the changes will not take effect.


==See Also==
==See also==
* [http://www.mozilla.org/projects/security/components/ConfigPolicy.html Configurable Security Policies (CAPS)]
* [[Security Policies]]
* [[Editing configuration]]
* [[Editing configuration]]
* [[JavaScript]]
* [[JavaScript]]
==External links==
* [http://www.mozilla.org/projects/security/components/ConfigPolicy.html Configurable Security Policies (CAPS)]
* [http://www.noscript.net/ NoScript - JavaScript Whitelist Extension]
* [http://www.noscript.net/ NoScript - JavaScript Whitelist Extension]


[[Category:Security and privacy]] [[Category:Configuration (Firefox)]] [[Category:Configuration (Mozilla Suite)]]
[[Category:Security and privacy]] [[Category:Configuration (Firefox)]] [[Category:Configuration (Mozilla Suite)]]

Revision as of 02:40, 5 August 2005

This article applies to Firefox and Mozilla Suite
Note: A user interface for editing a JavaScript-enabled site whitelist exists in the NoScript extension.

If you prefer to keep JavaScript turned off but need it for a few sites, you can configure the browser to use a JavaScript site "whitelist." There is no built-in interface to do this, so you will need to edit user.js. You can also edit about:config, but due to a bug, you will not see the changes you've made (though they will take effect).

In user.js, add the following lines:

user_pref("capability.policy.policynames", "jsok");
user_pref("capability.policy.default.javascript.enabled", "noAccess");
user_pref("capability.policy.jsok.sites", "http://www.example.com");
user_pref("capability.policy.jsok.javascript.enabled", "allAccess");

The line with capability.policy.jsok.sites can have multiple websites separated by spaces, like so:

user_pref("capability.policy.jsok.sites", "http://www.example.com http://www.example.net");

(Naturally, you would replace http://www.example.com and http://www.example.net with sites you wanted to whitelist.)

Similarly, you can create a JavaScript site "blacklist" — that is, allow JavaScript on every site but those you specify. For this behavior, you would add the following lines to user.js:

user_pref("capability.policy.policynames", "nojs");
user_pref("capability.policy.nojs.sites", "http://www.example.com http://www.example.net");
user_pref("capability.policy.nojs.javascript.enabled", "noAccess");

These examples were taken from the CAPS documentation.

You should have JavaScript enabled when you use these preferences, because disabling it will override these settings.

You need to restart your browser after editing user.js, otherwise the changes will not take effect.

See also

External links