How can I tell NoScript to allow only the sites of my whitelist which are served through HTTPS?
Open NoScript Options|Advanced|HTTPS|Behavior, click under Forbid active web content unless it comes from a secure (HTTPS) connection and choose one among: • Never – every site matching your whitelist gets allowed to run active content. • When using a proxy (recommended with Tor) – only whitelisted sites which are being served through HTTPS are allowed when coming through a proxy. This way, even if an evil node in your proxy chain manages to spoof a site in your whitelist, it won’t be allowed to run active content anyway. • Always – no page loaded by a plain HTTP or FTP connection is allowed.