Feature to allow scripts by origin

[dhiva]

Test plan

#7272 (comment)

---

The site shield does a good job in blocking all the scripts that are executed on the page but I would like to allow specific scripts to be executed on the page. On certain websites the video player scripts are blocked and there is no way to get the player working without disabling "script block" and "ad block".

I would like to suggest a feature to whitelist and blacklist certain scripts. Or feature similar to Ghostery where I could allow specific domain scripts to be executed.

#3732 #2383 #231

[diracdeltas]

+1 from someone on the internet, perhaps with an option to 'allow first party scripts only'

[Selhar]

Just switched to brave and this is currently my biggest problem in usability.

I'm using lastpass for example, and lastpass injects .js in each form so i can generate or autofill passwords, however if i enable Brave to block all scripts, lastpass breaks on-forms (i can still manually go to the extension and ask for it to autofill, but ain't nobody got time for that).

Whitelisting would go a long way to help in usability, but ideally i think users should be able to list and block specific scripts on each page, like in common noscript extensions. Twitter needs some JS to load the twitter feed properly, but i don't necessarily need all JS from twitter.

[luixxiul]

@gregorygoncalves So do you mean exactly that #7272 should be superseded with another PR with which you could select scripts to be denied/allowed, not based on the origins, right?

[Selhar]

@luixxiul Oh, i hand's seen #7272. And yep, #7272 is pretty good tho, either would be sufficient, but having the ability to block each .js manually comes in handy sometimes.

[diracdeltas]

unfortunately we don't have an easy way to whitelist specific scripts (only scripts by origin), so that will not be done in the near future.

[cndouglas]

Renamed to match the PR (#7272).