of course
You could toggle tracing and and off. The traces should have the possibilty for block and filter lists. like :
You would only turn on tracing if you suspect something going on. if the html being parsed all of a sudden grasps files that come from a totally different domain -warning-
At least it would make life a lot easier thatn having to read the code ( by then it's too late )
i see this as a right click menu item. instead of clicking on a link you right click the link you don't trust and select 'trace' or 'trace with blocklist'.
Of course the tracer popup menus could be made a bit smart. if it wants to download a jpeg file you can click yes, no, yes to all jpg for this site, yes to all for this and linked sites.
JPEg files are relaitvely safe. So are PNG files. If i see that thing all of a sudden grab a java file from a totally different domain , that would be a red flag.
The filter should NOT look at extensions but analyse what is going on. also when it hits embedded snippets of javascript in html it should pop a warning with an option to execute, block instance , block always for this site.
Anything you click during a trace session is logged to the block-list. blocklists are saved.
whenever you open a webaddress, and a blocklist for that address exists in your blocklist folder : pick up the blocklist. anything new that comes up and is not handled by the blocklist : popup.
That would be one hell of a tool to find out what websites are really throwing at you when you open them. add the capabaility to share blocklists from a pool ( for example blocklists handed out by antivirus companies for known web nasties. ) there could be a blocklist 'for-any'. that is in effect if you have no specific blocklist.
And it is very easy to implement. All you have to do is modify the html parser so that it triggers this popup menu ( when tracing is enabled) whenever it goes off and grabs something from the site. In essence if the html instructs to grab other documents while still parsing : trigger. it would be a simple if then else clause (if tracing=enabled then if msgbox "site will access" & object" from "&domain &""allow yes ,no"=yes then ...procees. else next.) popup in the handler to retrieve a file from a web address.
And it would be a very welcome tool to debug websites too. You could snare any cross site scripting crap with this thing too.