Alternative Script Blocking Exception Feature

Brave Feature Requests Desktop Requests
,
1

I was reading a few feature requests related to more granular script blocking exceptions (essentially, rather than allowing all scripts on a site allowing certain scripts on a site and having Shields remember that setting across browsing sessions):
Better Javascript Blocking Controls
Scripts are only allowed once. Why not remember it like device recog and cookie settings?
Remember blocked scripts for a site

I like the ideas above but wonder if that will result in a large amount of data storage or cumbersome custom saved settings area within the browser depending how many sites are visited and have custom script blocking/allowance settings.

However, I wonder if people are more interested in blocking a certain set of scripts across all sites. For example, they want to block any ajax.googleapis.com script on any site they visit. Maybe, rather than having a site-by-site granular set of allowed scripts, it would be cleaner and easier to have a script “blacklist” in Brave Shields that tells shields to continue blocking those scripts regardless if you disable shields script blocking for that site.

At first, I thought this was already possible via settings (Brave settings > Additional Settings > Privacy and security > Site Settings > JavaScript > Block [add site]). However, there are two reasons I was wrong:

  1. The block only would block scripts for that individual site (e.g. if i added “ajax.googleapis.com” to the block list, all scripts would be blocked if I navigated to ajax.googleapis.com but if I went to a different site (with scripts allowed) ajax.googleapis.com scripts would still run.
  2. I think Brave Shields overrides the javascript block settings and renders them moot (in contrast, “Allow” exceptions do work, and Brave actually stores individual site script block exceptions in the “Allow” section). I tested it out: I added “google.com” to the block section and then loaded google.com, used shields to disable script blocking, and all scripts still ran on google.com (i.e. the block setting didn’t take precedence over my shield selection - shield selection takes primacy).

So if it is a set of scripts that you want to block across all sites, it seems like a blacklist (that is coded to take precedence over shield script block exceptions) would be a better/cleaner way to go.

What do you think @sleepy62 @TheScrubbyForest @jaybird @mangobe553?
@Matches - Any technical corrections to my above assumptions on the JavaScript settings vs shields script settings primacy? Or if a blacklist would break other things (‘cure worse than the problem’)?

4 Likes
2

Hey Thanks for looking in to this. I agree that a master blacklist would likely be simpler to implement and result in less stored data. It would also be an improvement over the current situation.

Im also guessing that a master blacklist would in a round about way allow a site specific black list. For example I could blacklist "www.nytimes.com/vi-assets/static-assets/“ and it would kick in when on NYT web site and be ignored in all other cases.

However, my personal view is that a site specific filter set would still be better. Even given that data storage issue. I envision it as two lists, allowed and blocked with the option for once or always.

Something like this: https://jsblocker.toggleable.com

Mike

3 Likes
3

Basically this request is for a Brave version of NoScript. The links you reference point to this. I agree that a simple, site-specific “Always allow” option would be nice. :+1: On desktop I’m not concerned about storage issues.

It’s nice to dream :upside_down_face: but it appears that Brave devs have a lot on their plates already with sync and Rewards issues/goals. :wink:

2 Likes