NoScript in Tor-Browser allows all third party domains

Tor-Browser 5.0.4 comes with NoScript installed by default. However, the NoScript is either defective or misconfigured by default. When I allow script execution for the top-level domain, then NoScript automatically allows execution of script of all third party domains for this page. This is a huge security risk. The user should be able to decide which additional domains he wants to allow.

Trac:
Username: ctbu