Inspired in the default NoScript setup of the Tor Browser, I’ve added this rule to my list of static filters in uBlock Origin to block any script or other objects served by http. Some pages load 3rd party scripts over a http connection, posing a risk of a man-in-the-middle attack.
I’ve explicitly excluded the .onion domain as the communication with a hidden service is always encrypted.
|http:$script,inline-script,subdocument,object,font,inline-font,domain=~onion
To see the list of objects available to filter, you can consult the uBlock Origin wiki and the Adblock Plus documentation:
[Read More]