A primer on whitelisting subdomains in Firefox NoScript

In Firefox or GNU IceCat, go to about:config, look for the

extensions.nsa.policy

settings string. Search for nsa.po to get the correct match.

This configuration line is only one line in JSON format, so it must be edited in VIM Touch.

Vim Touch (stylised as VIMTouch) is a port of VIM to Android, available from the F-Droid repository of FOSS apps for Android. You do need experience with vi/VIM.

First copy the line by long-pressing the setting in about:config and selecting 'copy value'. Paste it into VIM with <"*P>.

(Hereonafter to avoid ambiguity: In places, where other punctuation is also used, I use < > with Vim commands that must be typed with the virtual keyboard. These are not to be typed.)

Save the line for backup:

:w /sdcard/yourfolder/NoScript_Firefox_whitelist_backup.txt

Always be careful with JSON syntax for that line, because a typo might bork it. That's why it's useful to save the original (working) line first as backup.

Then, in order to separate the domains part of the JSON line, break the line where the domains begin, and add a linebreak to separate the right wavy bracket } at the end of that line into a new line.

Then copy the domains line into a new window: <Shift+V> to select the entire line in visual mode, then press <y> to copy (y = yank). To copy outside Vim, use <"*y>.

Then create a new window with <:sp new> in the Vim command line. Tap into the newly-created window, and paste the copied text with <p> or <P>. I usually use the lower-case p (paste) command to save time.

Then break this one long line to separate all the domains each into their own line:

:s/\&,/&^M/g

:s — substitute. This is the find and replace command in Vi/Vim. The basics on how it works here.
\&, — search for commas
&^M — Add a newline. The ampersand & is for adding text, then press Ctrl+V and Enter/Return on the virtual keyboard to get ^M. Use Hacker's Keyboard, because it has the function keys of normal keyboard, such as Ctrl and Alt. Hacker's Keyboard is also available on F-Droid.
g — search through the entire current line

Screenshot:

NoScript Anywhere does not have many domains built in, but there are some added by its developer. The domains, each now in their own line, are formatted like this:

"https://web.skype.com":1,
"https://www.skype.com":1

The very last domain must never have a comma at the end. Upon pasting it into the original file, the wavy right bracket } goes there.

You add subdomains that you like into each new line:

"www.website.com":1,
"ads.website.com":0,

1 is to allow, 0 to forbid. This means, that the website you add has its www part working, but not its ads subdomain.

Generally, you only need to whitelist the www part, and all the other subdomains (such as ads.website.com) are not accepted for running scripts.

That's the entire soup of subdomain-based whitelisting, in that one can whitelist only the subdomains needed for scripting. Suppose m.website.com is script-heavy, but you want to visit www.website.com with scripts allowed, and m.website.com with scripts specifically disallowed:

"www.website.com":1,
"m.website.com":0,

As you add more and more domains, you need to sort the list, too. In Vim, use the

:sort

command. This sorts all the domains alphabetically.

Suppose you have the right expanded collection of subdomains you want to accept:

"ads.website.com":0,
"https://web.skype.com":1,
"https://www.skype.com":1,
"www.website.com":1

Note again, that the last line must be without a comma at the end.

To join the domains into one line, select all text with ggVG and key in gJ to join all text. Note, that case is important.

ggVG — gg goes to document start, V selects the entire (first) line, G goes to the very last line, and thus expands the selection to there in conjunction with V.

Select all text again with <ggVG>, then copy it with <y>. Tap into the original Vim window with the pasted JSON settings line. Make sure the text cursor is in the domains list.

Select the entire domains line with <V>, and paste over it with <p>. Join all three lines with <gJ>.

Save the expanded line into a new file:

:w /sdcard/yourfolder/NoScript_new_whitelist_for_Firefox.txt

I usually add the date, and in one word also what I added:

:w /sdcard/yourfolder/20170705_NoScript_whitelist_for_Firefox_(Skype).txt

Copy the expanded settings line to use outside Vim (to be pasted into Firefox) by selecting it with <V>, and use <"*y> to copy it into the external buffer.

Go to Firefox (or IceCat's) about:config page. It should still be open. If it's not, it may reload on its own.

Locate the extensions.nsa.policy setting by using nsa.po to search.

* Tap on the setting to select it.
* Tap into the setting value to focus the text cursor in it.
* Tap into the line again, to get Firefox text editing tools:
* tap the select all (window-like) button to select the entire line,
* tap the paste button to paste the copied line,
* press Enter on the virtual keyboard.
* Go to about:blank in the address bar.

That should do it, and the added configuration line takes effect right away. Go to a website to test it, and the NoScript menu item should reflect the results.

Note, that Firefox/IceCat have a tendency to reload the about:config page from time-to-time, so it's more useful to copy and paste settings names and values instead of separately typing them, as occasional about:config page reloads break the new setting creation.