Reply to post: Re: Why do browsers allows JS from other domains to run

Ticketmaster breach 'part of massive bank card slurping campaign'

trydk

Re: Why do browsers allows JS from other domains to run

@tfewster: I thought Verified by VISA ran in a frame thus not mixing JavaScript domains. NoScript only tells you what domains want to execute JavaScript, not the source of the calls.

This actually reminds me that I want NoScript to be able to show the domain of the caller AND to have the permission either apply globally (so very.trusted.domain.earth can be trusted everywhere) or from specific domains (so do.much.evil.hell can be trusted only from specific domains). google.com is a domain that seems to crop up on two thirds of the sites in the world so Google can track me on all those sites even if I need them only on one of them unless I jump through hoops to avoid it (visit site, temporarily allow google.com, go to this other tab with another site, disable google.com, back to first site, re-enable google.com, ...).

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019