The NoScript Firefox extension provides extra protection for Firefox, Seamonkey and other mozilla-based browsers: this free, open source add-on allows JavaScript, Java, Flash and other plugins to be executed only by trusted web sites of your choice (e.g. your online bank).
NoScript also provides the most powerful anti-XSS and anti-Clickjacking protection ever available in a browser.
NoScript's unique whitelist based pre-emptive script blocking approach prevents exploitation of security vulnerabilities (known and even not known yet!) with no loss of functionality...
You can enable JavaScript, Java and plugin execution for sites you trust with a simple left-click on the NoScript status bar icon (look at the picture), or using the contextual menu, for easier operation in popup statusbar-less windows.
Watch the "Block scripts in Firefox" video by cnet.
For Android:
NoScript Anywhere (NSA) is the nickname for the next major iteration of the NoScript security add-on (NoScript 3.x), whose guts have been turned upside down in order to match Mozilla's Electrolysis multiprocessing architecture and implement a porting for Firefox Mobile, available on Android smartphones and tablets.
This open source (GPL) effort has started in the very beginning of 2011, and has been partially funded by the NLnet Foundation.
NoScript 3 alpha, available on Firefox 4 Mobile for the Android and Maemo operating systems, offers all the the major security features of "classic" NoScript:
- Easy per-site active content permissions management.
- The first and most powerful anti-XSS (cross-site scripting) filter available in a web browser.
- ClearClick, the one and only effective client-side protection against Clickjackings available on the client side.*
- ABE (App Boundaries Enforcer), a true webapp firewall inside your mobile browser to protect your router and web applications against CSRF and DNS rebinding attacks.**
Comments and Reviews
Makes you aware of what websites are doing and to disable their excesses.
Works well at what it does. If you are using Firefox, it's fairly unnecessary, because uBlock Origins already does everything this does basically, while also have robust anti-advertising and being able to fine-tune elements allowed simply.
That being said, NoScript is what is trusted by the Tor project. It is the only extension that comes pre-equipped in the Tor Browser, and the only one they recommend using.
And if you aren't using Firefox or other non-Chromium, the functionality of uBlock is becoming very limited (thanks Google) due to Manifest v3 (people are having to switch over to uBlock lite).
Can aid to hide completely unwanted information!
NoScript will break 100% of javascript-based websites like Gmail.
Users can enable scripts back per site...
Developers don't provide better options than this...
What every Browser knows about you
NoScript is great browser protection and If I could convince everyone to use it I would. But there's one downside, and that is that casual computer users are often befuddled by NoScript. Nevertheless, once you understand it, it can be an excellent help with security.
This is an add-on is something anyone should use before they open the browser to surf the web.
It protects your "trust boundaries" against cross-site scripting attacks (XSS), cross-zone DNS rebinding / CSRF attacks (router hacking), and Clickjacking attempts, thanks to its unique ClearClick technology.
I find NoScript to be an absolute necessity. That said, it's not for the faint of heart, whether it's twiddling with what it's going to take to get a site to work sometimes, or having your mind blown to smithereens by just HOW MUCH intrusive cross site scripting there is on some popular websites.
If security is your biggest concern, NoScript is a good add-on. You can set it to allow or deny websites access to your computer as you see fit.
The downside is that it is in no way convenient. You have to manually white list basically every website when you first try to access them. There can be half a dozen web address choices (or more) that come up and some of them could be necessary for functions of the website to work properly or they could be crap that you actually want to block. The domain names may be helpful in deciding which are which, but there isn't always a way of knowing which ones to white list or deny without some trial and error.
I used NoScript for a good while, but finally got tired of messing with it whenever I visited a new website, so I removed it. It just wasn't worth the aggravation to me.