• @Capricorn_Geriatric@lemmy.world
    link
    fedilink
    English
    12 months ago

    Sorry to bother you, but how do you check/block scripts? Personally I use Firefox with uBO and Noscript, but noscript seems pretty rudimentary since it only lets you block domains. Me not knowing what the various per-domain toggles mean doesn’t help either.

    • @LunchMoneyThief@links.hackliberty.org
      link
      fedilink
      English
      12 months ago

      Not a bother at all! I have used uMatrix for several years now. It is no longer actively maintained, but has an absolutely unrivaled grid interface (hence Matrix) that comprehensively lays everything out into columns and rows.

      Rows represent the different domains and subdomains that a webpage loads assets from.

      Columns represent the different types of assets individually.

      Sane, strict rules that can be set within the My rules page:

      https-strict: * true
      https-strict: behind-the-scene false
      noscript-spoof: * true
      referrer-spoof: * true
      referrer-spoof: behind-the-scene false
      no-workers: * true
      * * * block
      * 1st-party image allow
      

      Or these can be set with the graphical matrix grid with global scope selected, then click on the lock icon to make it persistent.

      What uMatrix does that uBlock Origin does not (or the authors refuse to integrate into uBlock Origin):

      • Cookie handling. uMatrix is particularly intelligent about cookies in that it will still accept cookies from sites, but never release those cookies back out to web servers (when cookies are blocked).
      • CSS handling. IIRC uBlock does have some rudimentary all-or-nothing css blocking but cannot do so granularly.
      • An awesome, fast, easy to check at a quick glance visual interface.

      Unfortunately, uMatrix has been left to bitrot, so I’ve been closely watching the development of xiMatrix which replicates the idea and extends it to also handle remote fonts and inline scripts. (But still needs further development before I can consider it a drop-in replacement IMO).