
NoScript
Allow active content to run only from sites you trust, and protect yourself against XSS and Clickjacking attacks.
What is NoScript?
The NoScript Firefox extension provides extra protection for Firefox, Seamonkey and other mozilla-based browsers: this free, open source add-on allows JavaScript, Java, Flash and other plugins to be executed only by trusted web sites of your choice (e.g. your online bank).
NoScript also provides the most powerful anti-XSS and anti-Clickjacking protection ever available in a browser.
NoScript's unique whitelist based pre-emptive script blocking approach prevents exploitation of security vulnerabilities (known and even not known yet!) with no loss of functionality...
You can enable JavaScript, Java and plugin execution for sites you trust with a simple left-click on the NoScript status bar icon (look at the picture), or using the contextual menu, for easier operation in popup statusbar-less windows. Watch the "Block scripts in Firefox" video by cnet.
For Android: NoScript Anywhere (NSA) is the nickname for the next major iteration of the NoScript security add-on (NoScript 3.x), whose guts have been turned upside down in order to match Mozilla's Electrolysis multiprocessing architecture and implement a porting for Firefox Mobile, available on Android smartphones and tablets.
This open source (GPL) effort has started in the very beginning of 2011, and has been partially funded by the NLnet Foundation.
NoScript 3 alpha, available on Firefox 4 Mobile for the Android and Maemo operating systems, offers all the the major security features of "classic" NoScript:
- Easy per-site active content permissions management.
- The first and most powerful anti-XSS (cross-site scripting) filter available in a web browser.
- ClearClick, the one and only effective client-side protection against Clickjackings available on the client side.*
- ABE (App Boundaries Enforcer), a true webapp firewall inside your mobile browser to protect your router and web applications against CSRF and DNS rebinding attacks.**
NoScript Screenshots
NoScript Features
NoScript information
Supported Languages
- English
GitHub repository
- 622 Stars
- 81 Forks
- 167 Open Issues
- Updated
Comments and Reviews
Tags
- Firefox Extension
- Anonymity
- Privacy Tool
- Ad Blocker
- Javascript
- flash
- scripts
- xss
Recent user activities on NoScript
einabyss thinks uBlock Origin is an alternative to NoScript
- jmawebqqhtsjwqlttb liked NoScriptjm
- einabyss added No Tracking as a feature to NoScriptei
Makes you aware of what websites are doing and to disable their excesses.
Can aid to hide completely unwanted information!
NoScript will break 100% of javascript-based websites like Gmail.
Users can enable scripts back per site...
Developers don't provide better options than this...
What every Browser knows about you
NoScript is great browser protection and If I could convince everyone to use it I would. But there's one downside, and that is that casual computer users are often befuddled by NoScript. Nevertheless, once you understand it, it can be an excellent help with security.
This is an add-on is something anyone should use before they open the browser to surf the web.
It protects your "trust boundaries" against cross-site scripting attacks (XSS), cross-zone DNS rebinding / CSRF attacks (router hacking), and Clickjacking attempts, thanks to its unique ClearClick technology.
I find NoScript to be an absolute necessity. That said, it's not for the faint of heart, whether it's twiddling with what it's going to take to get a site to work sometimes, or having your mind blown to smithereens by just HOW MUCH intrusive cross site scripting there is on some popular websites.
If security is your biggest concern, NoScript is a good add-on. You can set it to allow or deny websites access to your computer as you see fit.
The downside is that it is in no way convenient. You have to manually white list basically every website when you first try to access them. There can be half a dozen web address choices (or more) that come up and some of them could be necessary for functions of the website to work properly or they could be crap that you actually want to block. The domain names may be helpful in deciding which are which, but there isn't always a way of knowing which ones to white list or deny without some trial and error.
I used NoScript for a good while, but finally got tired of messing with it whenever I visited a new website, so I removed it. It just wasn't worth the aggravation to me.
This script may protect you from bad things on the internet, but it also breaks every single site you visit. If you want to manually "Allow" 3-4 different domains on every site you visit just to allow things to work correctly, this is the extension for you. It really should operate on a domain whitelist that's updated from a central source, instead, like Adblock Plus. Forcing every user to create their own whitelist, which is 99% the same as every other user's, is a huge waste of everyone's time.
Additionally, the NoScript authors used malware techniques to disable Adblock Plus on their own sites, purely to make money. I wouldn't trust them, and I'd like to find an alternative. https://adblockplus.org/blog/attention-noscript-users
[Edited by endolith, July 16]