Glob or regex support in per-site permissions

This issue has been tracked since 2022-10-13.

Am still looking for a reasonable way to allow Recaptcha whilst not outright trusting the google.com/gstatic.com domains. The Recaptcha scripts are insidiously-hosted, with various random-character paths, so you have to trust those domains outright, which opens you up to everything else they want to shove down your throat.

This has always been the case, but does it have to be?

I am especially thinking about a possibility for permitting http[s]?://(?:www)?\.(?:(?:google|gstatic|\.com|recaptcha\.net)/recaptcha/.*, i.e. any subdirectory path of any combination google.com/gstatic.com/recaptcha.net, with or without www, but only if the path starts with /recaptcha

The per-site settings' add-entry UI appears to allow me to enter www.gstatic.com/recaptcha, suggesting some sort of path support, but I think it is requiring a full URI which, because of the randomised release paths, you cannot reasonably supply.

If full-blown regex isn't doable, I'd be happy enough with even a subdirectory wildcard, and duplicating the domains myself, e.g. supporting * for any path at the same level or ** for any nested subdirectory, e.g.:

www.gstatic.com/recaptcha/**
www.google.com/recaptcha/**
recaptcha.net/recaptcha/**
...

It obviously doesn't work now, but could it?

Or are NoScript's per-site rules limited to what can be done with Content-Security-Policy -- i.e domain or globbed subdomain only?

More Details About Repo
Owner Name hackademix
Repo Name noscript
Full Name hackademix/noscript
Language JavaScript
Created Date 2018-06-30
Updated Date 2022-12-03
Star Count 573
Watcher Count 21
Fork Count 79
Issue Count 151

YOU MAY BE INTERESTED

Issue Title Created Date Updated Date