Make script auths sticky

I often change subdomains on a domain I use often.
To get the functionality I want I have to authorize first one group of scripts, then after waiting for them to load, another set of scripts (out of 11).
Can we get approved scripts to stick through new subdomains?

The allow scripts in Shields Panel have always been a temporary option to allow scripts that are blocked by the browser’s feature, was removed for compatibility issues with Chromium code, but it works exactly the same as before but fine, without issues like not being able to allow inline scripts for example.
But it is not meant to be permanent or be for power users, it has to be as simple as possible and don’t complicate things where you have to click the icon all the time because you don’t know if you forgot to allow or disallow scripts you allowed 300 years ago.

If you want to allow scripts or block whatever, then use Custom AdBlock in Brave://adblock rules which is exactly what most people should run anyway, especially if they want something permanent, plus it works in Android if you can get your lists on it.

Brave uses the same syntax and most features of uBlock and even its resources, so not hard to find the information about it.

1 Like

Hmm, I like that idea, but when I went to get the syntax this came up:

Is there a post somewhere that shows me how to authorize these particular scripts?

Like I said, Brave uses uBlock format/syntax, so you search on anywhere else but Brave’s page.

Syntaxes should be the same for Network filtering between adblockers, usually it is the Cosmetics and the Scriptlet injections the ones that change from one adblocker to the other.

But for what you need it, you just use the normal Network filter exceptions, which you can easily read about it here: and here

that’s what you use to whitelists scripts
You can read about it there in the ABP page, but pretty much you write @@/scripts/example.js and done or @@||^ the || just tells the adblocker it is http or https and the ^ just tells it it is the end of the address, but pretty much the adblocker will search in the whole URL for it, that’s why you can just not use them, but sometimes they make it more specific.

saying ||^ will block document and all scripts from that domain (first-party), if you don’t add that, then it will not act like that and you will have to use $document to block the document.

like scripts/example/*$document and anything that matches that URL will get the page blocked where you can choose to proceed or not.

You can also use $CSP rules which is a feature on browsers, but then adblockers and brave took it to take advantage of the nice features it offers.

You can pretty much block individual inline scripts with it and all, it works in a whitelist mode, so you block everything and then allow what you want by 'self'

It is more advanced but you only look at Devtools and it will tell you what it is blocking and how to allow it.

But it is used like this:$CSP=script-src 'self' which will allow only 1p scripts but not inline scripts, and then you can add a 'self' and it will allow also the scripts that match that address.
If you want to remove CSP from a domain you can always do a: @@||$csp

the good thing about CSP is that it doesn’t touches the scripts being blocked by Brave adblocker, so you can use both, and allow or block things without getting trackers allowed.

But it is nice in the way you can block easily popup windows by using example$csp=sandbox allow-same-origin allow-scripts which will allow all scripts to run normally but block poups and forms and all that, unless allowed and unless a website doesn’t want to be sandboxed.

It is pretty easy.

There are still cool features missing in Brave adblocker that could make whitelisting faster and easier, but it can be manually done in Brave.

for example if you want to create a whitelist mode with normal network filters you can do a: *$script, which will block all scripts and then @@||$scripts, so you only allow what you want in the subdomain you want.
You can also allow all scripts in a subdomain, but that will allow everything, included trackers and all that is being blocked by Brave.

This is why CSP is cool because you can do it per page if necessary.$csp=default-src will block everything scripts, images, videos etc etc in homepage only, but the the normal Brave filtering is still in place so if you change page, everything will be blocked normally without CSPs being on.
And then you can also do a @@||^$ so it gets allowed in all pages but homepage.

CSP and normal exceptions will work fine for what you want, especially if you work with subdomains.

You just need to know the first part of the rule || is like what the adblocker is searching in the URL, that’s why ||^ will only block first-party, because third party elements have a different URL, that’s why *$ will block everything in domain, first and third party requests.

Not everything is perfect, because Brave has a problem in the way it applies the filtering so you can’t do *$3p, to block only third-party elements, you need to write something in the URL for Brave adblocker to work, if not it will block 1p and 3p, so instead of the asterisk, the best way to do it is just using .com or something, and if you need multiple you can always use regex even if it is slower and less efficient like: /(\.com\/|\.net\/)$/$3p, to block third party request with .com and .net

Of course you can do a .com/$3p, and then .net/$3p, but it’s two rules instead of one, by the way, all URLs have a / at the end, that’s why I put it to make sure it will not grab some url that has .com but only a .com that is at the end of a url, like if you want to block zip domains, you do a .zip/ and it will not block any zip file from being downloaded, so even if a URL in the address bar doesn’t show the slash, you add it, especially in regex where you can match the end of a rule with $.

Anyway, about the Network filters, the syntax after $ are what you can do with the url, either block scripts only or images, make it only work in certain domains, just to be specific on what you wan to allow or block.

In CSP it is different because the first part of the URL is the one the adblocker is searching to apply the CSP rules on, it is limited to that url, which can be the whole domain or individual pages, so that’s why you can nicely block in one page differently than another page or domain.
CSP in the adblocker can use $domain= as well but it is pretty weird to use it, because unless you need to limit it to certain domains, because two domains share the same /example/scripts I never use that domain option, but you can read about it in uBlock wiki.

But as you can see, it is pretty easy to do once you read the documentation, since you want to create only exceptions and some whitelist mode, it should be easy to understand even if Brave is still missing some features that would make everything easier like denyallow which acts like CSP but in a normal better way for an adblocker, or the new to in uBlock which will make denyallow obsolete eventually, to or denyallow will make things easier but it an still be done with Brave features.

But, you can just simply go to Brave shields logger or devtools, copy the url of a blocked script, copy and paste it as you see it and add @@ at the beginning and done.


and if you want to limit it to certain domains, just add the $domain= and it will work perfectly fine as you want it. it will do the job easy and simple, without understanding how it works or other features in the adblocker.

But yeah, this is what I do when I want to create exceptions or want to take advantage of CSP and how easy is to block popups or annoying scripts if uBlock lists has a feature Brave doesn’t support, like denyallow, to, $popup.

Thank you for your reply, Emi.

But, you can just simply go to Brave shields logger or devtools, copy the url of a blocked script, copy and paste it as you see it and add @@ at the beginning and done.

I copied the scripts from the brave popup, I put them in brave://settings/shields/filters add custom filters box, and saved the changes, but when I open the pages it still requires me to allow them individually.


Have I missed something?

You don’t block the scripts with the browser setting, you do it through the adblocker, you do everything through the adblocker. The Chromium setting is a block everything or allow everything, Brave added the temporary Allow script panel but the nature it is still pretty limited.

You block all scripts from the page, with *$script,domain= and then allow them with the @@ or just block the scripts with ||$script,domain=

Also, you use the Adblocker logger, not the Block Scripts one to know which scripts or other elements are being blocked, with CSP you use the devtools/console.

Just use the Browser setting Block Scripts if you want something temporary, the adblocker if you want it permanent, the only time I would use the block scripts feature is if it was available in Mobile, but for desktop using the adblocker is better.

I also have Visual Studio Code and Adguard released an extension which will make it easier to write rules and all that, and since Code supports multi cursor, then it is easier to modify rules and all that, and just update the list and done.
I also have uBlock installed to easily test rules and create them in few cases, it can easily create rules and then copy and paste them in the custom rules. Open logger, click on script, then go to static filter and change it to allow, copy and done.
Whatever makes things easier.