https://blog.099c.org/categories/security/ Recent content in Security on Apuntes de root Hugo en-US jorti@pm.me (Juan Orti Alcaine) jorti@pm.me (Juan Orti Alcaine) Wed, 19 Aug 2020 00:00:00 +0000 https://blog.099c.org/posts/block-non-https-scripts-with-ublock-origin/ Wed, 19 Aug 2020 00:00:00 +0000jorti@pm.me (Juan Orti Alcaine) https://blog.099c.org/posts/block-non-https-scripts-with-ublock-origin/ <p>Inspired in the default NoScript setup of the Tor Browser, I&rsquo;ve added this rule to my list of static filters in uBlock Origin to block any script or other objects served by http. Some pages load 3rd party scripts over a http connection, posing a risk of a man-in-the-middle attack.</p> <p>I&rsquo;ve explicitly excluded the .onion domain as the communication with a hidden service is always encrypted.</p> <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-fallback" data-lang="fallback"><span class="line"><span class="cl">|http:$script,inline-script,subdocument,object,font,inline-font,domain=~onion </span></span></code></pre></div><p>To see the list of objects available to filter, you can consult the uBlock Origin wiki and the Adblock Plus documentation:</p>