The Noscript extension for FireFox

[giza]

Don't you just love those websites that use malicious Javascript to steal users' cookie data? Yeah, me neither.

So I recommend the Noscript extension for FireFox. It disables Javascript on all sites by default, and lets you enable it only on sites that you trust. This keeps Javascript from being executed "behind your back". Also, I discovered that an interesting side effect is that ads from Doubleclick are not displayed anymore.

I've been using Noscript for a few weeks now, and find that I interact with it more than any other extension. And, the amount of sites that have hidden Javascript is mindboggling.

Comments

[rebelsheart]

Educate me. How is this different from disabling/blocking JavaScript in firefox itself andthen setting trusted sites?

Oh, and you might be interested in a recent post in lj_biz about changes to soem backend stuff and in that dduane is switching her site to Drupal.

[giza.livejournal.com]

> How is this different from disabling/blocking JavaScript in firefox itself
> andthen setting trusted sites?

It's less of a pain in the ass. Also, you can enable Javascript for a specific site "temporarily".

That's awesome that Diane is switching to Drupal. :-)

[balinares.livejournal.com]

Yup, and it's only going to becoming worse with the whole AJAX basket of lovecraftian kittens.

Basically, any big-company site can be almost guaranteed to have some audience metrics measure script. A lot of ad-loading happens with Javascript too. Heck, a huge number of sites use Javascript to have small bits of contents get displayed on click.

In fact, I gave up on disabling JS by default. It breaks too many sites, and re-adding the whole lot of them to the whitelist kind of defeats the purpose. :/

[giza.livejournal.com]

That's why this plugin kicks so much ass. It's very easy to enable Javascript on an as-needed basis. I've been using it for a few weeks haven't had any major problems.

[balinares.livejournal.com]

I know; I've been doing that for years in $BROWSER; as said, when the whitelist started growing longer than a horsecock and I still came across sites where I couldn't tell whether they didn't work because of lack of JS or because of non-IE browser, I gave up on it. Might give it another go though, now that the Web at large is a little more non-IE friendly.

Replacing all Flash embeds with a "click to display" button is still damn useful though.

[unciaa.livejournal.com]

It's a shame I use Opera...


...oh wait, Opera's had that built in for ages.
;D

[sagejackal.livejournal.com]

Yummilicious!

[jonesybunny.livejournal.com]

Been using this for months now and it saved me alot of headaches. Especially when forced to delve into those infested sites.

[drzarron.livejournal.com]

Very cool.. instantly installed.

Have you loaded "Unplug"? Lets you grab copies of media from sites, like YouTube and save them.

[taral.livejournal.com]

I'd much prefer an upgraded security model for Javascript that limited information flow across sites. Then I could "whitelist" information flows.

[simbab.livejournal.com]

Welcome to the club! I've had this one on my Firefoxes Iceweasels for almost as long as I've been using Linux full-time.

[pyesetz]

Greetings, fellow Opera user!

can't use it

[nightwind292.livejournal.com]

or rather I have it and i have to keep it globaly disabeled

aparently some of the sites I go to refuse to work nomatter how I configure it or tell it to let the site run safely...

no amount of chaning authorisations or adding to the whitelist makes things run right, so it stays off...

Re: can't use it

[giza.livejournal.com]

That's weird. What version of FireFox are you using, and what site was this on? I'd like to try an reproduce the problem.

Re: can't use it

[nightwind292.livejournal.com]

neoquest one or neowuest two on neopets as well as MOST of the javascript powered pop up's that they use to run the other games.

It comes to 90% of the functionality of the site is unable to function even with the site whitelisted.

If your going to try, let me refer you?

http://www.neopets.com/refer.phtml?username=nightwind_292

Re: can't use it

[giza.livejournal.com]

I can't believe I just signed up on Neopets. Anyway...

I signed up, tried palying Neoquest 2, whitelisted Neopets.com, and had no difficulties playing the game. I even killed a Plains Lupe!

This was in FireFox 2 on Windows XP. Do you have any other blocking software or firewalls set up on your computer?

Re: can't use it

[nightwind292.livejournal.com]

disabeled for testing,
it could be that I've got win98

or it could be one of the additional settings?

"automaticaly reload affected pages when permissions change" is clicked

on the appearance tab I've got
"base 2nd level"
"full domains"
"full adresses"
and
"temporaraly allow"
checked

on advanced I have
under additional for trusted
"allow rich text copy and paste"
and
"allow 'a ping'"

under additional restrictions
"forbid java"
"forbid flash"
"truncate document"
"attempt to fix javascript links"
"forbid a ping"
and
"forbid bookmarklets"

and you've not quite joined neopets (thought you would make a good looking spotted kougra) because you never sent the confirmation code back in

Re: can't use it

[giza.livejournal.com]

Hmm. Well, I've just about run out of ideas at this point as to what the problem could be. Sorry. The only thing I can suggest would be to contact the author of the extension and let them know.

And I know I sent in the confirmation code for NeoPets, because I needed to confirm my account before I could play a game. :-)

Re: can't use it

[nightwind292.livejournal.com]

are your settings the exact same as mine, or differnt, I'll try matching yours.

And I did send e-mail to the author, offered to send copies of the scripts and everything, if they would tell me the format they wanted them in. And recived no reply

found it

[nightwind292.livejournal.com]

aparently you don't use the setting that I thought was a convience ... the one about seccond level domains so that www.abc and all it's subdomains are authorised instead of just abc. .. excetera. I had to authorise specificaly the server where the scripts are (and it's not where you THINK it is, looking at the page source...)

The tip off was that when I fobid the site, and then unchecked "block java on forbiden sites" it started to WORK... and then it worked better when i told it to stop trying to fix the links.

That'll teach me to not trust default settings

Re: found it

[giza.livejournal.com]

Huh, that's weird. Oh well, glad it worked out for you.