Brave Shields and js blocking


Brave JS blocking works, but has no ability to stick

I have several websites that I go to on the reg. Could be anything from reddit to sites i dont want to share. I go to said site, and things are being blocked as they are supposed to. Some of the blocking would be for js from the site itself, which, depending on the site I may choose to allow. Great I go into the shield and click allow for the script from that site. The page loads peoperly. Then maybe I try to log in. They have js integrated with their sign in, so the login goes to another page and fails, becuse we’re blocking that sites js again, so I get into a loop ultimately forcing me to turn shields off. This however allows other site then to run amok, including tiq and googletagmanager etc This is obviously undesireable behavior.

If it exists, Ihavent found it, so could someone direct me to where I can whitelist scripts from a certain site and/or blacklist certain sites. I will never allow adsense or bing or whatever so can I block it?

If there is no white/black list type functionality…well first Why not? Seems a basic thin

As it stands on many websites - I have to re allow the js on every damned page click. Just annoying

I’m using
Version 1.58.135 Chromium: 117.0.5938.140 (Official Build) (64-bit)

Which actually means it auto updated itself when I wasnt loking, but that’s an annoyance for another day. If we can’t have blocklists and whitelists because you don’t have it as a priority fine. I’ll simply go elsewhere. Sticking with chromium always left a bad taste in my mouth at any rate…Just the petina or google is a negative.

So if you have global Shields settings (brave://settings/shields) configured to block scripts, any new site you visit will have scripts blocked by default. However, if you’d like to change that setting for a specific site, as you noted, you just need to go into the Shields panel in the address bar and allow those scripts. This setting will be remembered as the Shields panel is site specific and as long as you are on the same domain this should be the case.

Observing the example below, you can see that I have scripts blocked by default, I visit the site, then allow scripts via the Shields panel. I then navigate away from the site, then return to it and observe that the settings have been retained:

However, if I’m understanding you correctly, you’re saying essentially that you’re on a site, then you allow scripts (which works), then go to login to that site but on the login screen, the scripts are still blocked — is that correct? If so, would it be possible for you to share the site you’re seeing this behavior on so that I can test on my end?

Thank you

Hi - Thanks for the reply. I watched the video and I see what you are talking about, but this is not the desired action. I have Brave blocking scripts , per your video. Then you go to the site and you turn OFF Blocking scripts. I don’t want that at ALL and would totally expose me. I want to go to X site. when I get there i see scripts are blocked, as per desired functionality. HOwever then I click on the number of blocked scripts. This will show me things from X, and also from i.e. tiq or googletagmanager, or google analytics or bing or etc etc. So I click on allow the script from my site. I can move around the site. Ok it moves to a different page on the same site, and there we are again, I have to go back in and allow scripts from x domain, and continue blocking the others. THe desired functionality would be if I go to X, and I allow scripts, then the next time I go there or as I move through the site all scrtipts from X would continue to be allowed, and the rest blocked. I am having to go in, over and over to alow the same scripts, sometimes from new visits sometimes from site exploration, and allow X. I don’t want that. If I know I go to X (lets just say my media server on a local subnet in my network that functions with js to deliver my media) why d I have to continually have to click on allow? Why can’t that setting stick and if I go back to my personal media server and allow scripts (loading from the local subnet machine nowhere else) Do I have to KEEP clicking allow? I won’t turn off the shields for even the local site as it tried to load some random crap from google which I will not alow. So how can I set a domain to be trusted and when I go there daily or later or after close/open and I have to deal with the same annoyance over and over? I don’t need a primer on how to block and allow scripts, I’m looking for some version of whitelist/blacklist functionality. If Brave can’t or won’t function like that for some technical or philosophical reason at brave hq, that’s fine, then I’ll just have to look elsewhere for a new browser/solution. I just like brave, like what it stands for and wanted to be involved.

But I do thank you for taking the time to make the video and reply, I just don’t see it as relevant.

and really you can’t post the word sht but you can say crap? It’s not even a swear word and it’s being sensored??*

Heya so I just notied your request for a site. Go to broderbund.com check out the nostalia inducing software. Have your shields up. If you want to see the purchase options for a product, so into the shields and manually the broderbund scripts while continuing to block googletagmanager etc. Cool it works you can see digital d/l, cd purchase etc. Go to another product. broderbund scripts are once again blocked. So I can either allow that script on every single page, or turn off script blocking and alllow google to rape me. Why, when I click allow on the one script, does it not give an option to remember that forever? Do I need to go to another browser and use a plugin that allows me to use something like noscript to try and block scripts by domain that way? Yes I know I can use that plugin with brave, but if I have to go to that length to fix the broken system on brave, what is my incentive to stick with brave over anything else? Leaving chromium entirely might be desireable in general.

@enesha,
I see and I apologize for the misunderstanding. While this may not be the answer you’d hoped to hear, we actually encourage users to use extensions made for this more granular functionality (for now).

We typically focus “privacy by default” rather than “advanced privacy controls”. Not that those controls aren’t useful (nor that these types of controls will never be implemented/considered), but the latter holds the higher priority for us. Further, the UI/UX for controls like this get complicated quickly and requires a non-trivial amount of work to implement.

Note that you’re not the first person to voice your concern/desire for this type of granular script controls and I will inform the team that these features are still desired by some of our user base.

For now, we recommend using uMatrix for this type of control over individual scripts within the browser.

Thank you

Wow. I’m disappointed in that reply - just another symptom is what seems like a little backlash online regarding things like this and BAT.

So maybe you can try to explain it in a different way. “privacy by default” is a laudable goal, but if users have to disable your privacy protections and open yourself to the entire world, isn’t focused on privacy. You don’t need “advanced” privacy controls in such a situation. And I don’t buy the u/x explaination. How much redesign or whatnot of the interface to add an option when you click on a script to allow, and choose remember this? We’re not talking about redesigning a userinterface here, maybe even a check box would suffice.

So you recommend using a plugin to overcome the deficiency of privacy controls on a browser that screams privacy forward anywhere it can trumpet. If I have to use a script to do your job, (and I hate BAT - pushing tor in the address bar, etc) Then please tell me what purpose does your browser have over literally any other chromium based browser? I can already use plugins on chromium and geko and etc to replace ads. What is your value add to my browsing experience then? Librewolf already has ublock and no telemetry intagrated (which can’t be said about Brave with it’s auto update pings that tell you quite a lot about usage, os etc) and numerous other things.

So why should I, or anyone who has such privacy concerns, not immediately switch to any other (non chromium i guess - hate for google) browser?

The Javascript blocking is meant to be a temporary blocking solution, it was like that 5 years ago, and it is like that today when it was re-added recently. Maybe they will add the option to do it better in the future but if you want to do it permanently, then use Adblocker.
Adblocker is better to do this anyway, and you can do it today.

Brave uses uBlock syntax, but adblockers share syntax for normal network requests.

Also, Brave already blocks millions of scripts already, why do you need to block more? why do you want to break the web instead of just using it?
If you are going to say how Brave ‘doesn’t block googletagmanager’ or scripts like that, Brave does it, but the adblocker has something called $redirect or $redirect-rule which will redirect those network connections to curated or noop JS files to avoid the adblocker being detected and all that.

But anyway, if you want a blacklist function, use normal network request filtering in the adblocker.
If you want a whitelist option, maybe $csp would be a better option, because currently blocking 3p in a generic way in Brave by normal rules is not working as it should be, also $csp is the workaround for some features still not supported by Brave that uBlock added like $denyallow or the newest implementation $to.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.