Jump to content


NoScript Updates / / 4-15-2014

  • This topic is locked This topic is locked
2 replies to this topic

#1 ShyWriter


    The pencil is mightier than the bite..

  • Software Updaters
  • PipPipPipPipPipPip
  • 7,504 posts
  • Gender:Male

Posted 02 February 2011 - 10:33 PM


The NoScript Firefox extension provides extra protection for Firefox, Seamonkey and other mozilla-based browsers: this free, open source add-on allows JavaScript, Java and Flash and other plugins to be executed only by trusted web sites of your choice (e.g. your online bank), and provides the most powerful Anti-XSS protection available in a browser.

NoScript's unique whitelist based pre-emptive script blocking approach prevents exploitation of security vulnerabilities (known and even not known yet!) with no loss of functionality...

  • You can enable JavaScript, Java and plugin execution for sites you trust with a simple left-click on the NoScript status bar icon ScreenHunter_01Feb052134.jpg, or using the contextual menu, for easier operation in popup statusbar-less windows.
  • Watch the "Block scripts in Firefox" video by CNET.
  • Features
  • Screen Shots
  • FAQ

News.gifProduct Info: NoScript


#2 ShyWriter


    The pencil is mightier than the bite..

  • Software Updaters
  • PipPipPipPipPipPip
  • 7,504 posts
  • Gender:Male

Posted 10 January 2012 - 11:59 PM



Script Surrogates Quick Reference

Posted by: Giorgio

Since their introduction, NoScript’s Script Surrogates (or “Surrogate Scripts”) have grown both in reliability and flexibility. NoScript 2.1.3 introduced two new types of surrogates (“Before script” and “After script”), so it’s a good time to recap.

Script Surrogates replace a blocked script or complements existing scripts which would not work as expected because of NoScript.

A Script Surrogate is defined by a pair about:config string entries:

  • “noscript.surrogate.surrogate_name.replacement” contains the JavaScript code to be executed.
  • “noscript.surrogate.surrogate_name.sources” is a URL pattern matching the origin(s) of the scripts to be replaced or complemented.

Various built-in surrogates can be looked up for reference by opening about:config and typing noscript.surrogate. inside the filter box.

Source URL patterns may be prefixed with one or more special characters (<, >, @ and !), which determine the type and behavior of the matching surrogate.

Here’s a quick reference of the available surrogate types grouped by source prefix, courtesy of long time contributor al_9x:

  • no prefix
    - blocked script surrogate
    • matches blocked scripts
    • runs only if page is script allowed
    • runs when the blocked matched script would have
  • ‘<’
    - before script surrogate
    • matches allowed scripts
    • runs only if page and script are allowed
    • runs just before the matched script executes
  • ‘>’
    - after script surrogate.
    • matches allowed scripts
    • runs only if page and script are allowed
    • runs just after (load event) the matched script executes
  • ‘@’
    - script allowed page (html document) surrogate
    • matches script allowed pages
    • runs only if the page is script allowed
    • runs before HTML parsing starts
  • ‘!’
    - script blocked page surrogate
    • matches script blocked pages
    • runs only if the page is script blocked
    • runs on DOMContentLoaded
  • ‘!@’
    - page surrogate
    • matches pages
    • runs on both script allowed and script blocked pages
    • runs on DOMContentLoaded

Source: http://hackademix.net/2011/09/29/script-surrogates-quick-reference/


#3 ShyWriter


    The pencil is mightier than the bite..

  • Software Updaters
  • PipPipPipPipPipPip
  • 7,504 posts
  • Gender:Male

Posted 14 April 2014 - 09:29 PM



April 15th, 2014




The secure download link here is directly from the author's website

and always available immediately before Mozilla's Extension site

has vetted, and then posted, the newest version.




V. - Friendly Security


If you find any bug or you'd like an enhancement, please report here or here. Many thanks!


Main good news

  • CAPS-independent, finer-tuned version of the "Allow local links" feature.
  • Stricter XSS filterchecks for HTTPS requests from a same domain origin with different scheme (thanks LouiseRBaldwin for report
  • Better ClearClick compatibility with recent Youtube changes.
  • New Script Surrogate for addthis.com scripts emulation.
  • Fixed bugs in regexp-based embed blocking exceptions (thanks barbaz for reporting)
  • Fixed ClearClick incompatibility with latest Google+ based Youtube comments system.
  • No Google Analytics, because NoScript blocks every cross-site request to GA, no matter the type or the file name).
  • Mark as untrusted button on the site info page (thanks SwissBIT for RFE)
  • Allow/Forbid/Mark as untrusted icons on the site info buttons.
  • Several XSS filter enhancements, thanks to Masato Kinugawa's research.
  • New "Security Downgrade Warning" suggests blacklist mode as a better option than uninstalling, in order to retain scripting-unrelated protections.
  • Improved Google Analytics Surrogate, makes more sites work correctly with google-analytics.com blocked.
  • Added navigator.doNotTrack property support.
  • Added new fake mimetype placeholder "FRAME" to match FRAMEs and IFRAMES with the noscript.allowedMimeRegExp preference
  • for selecting blocking exceptions.
  • Holding the left mouse button down on an absolutely positioned page element and hitting the DEL key will remove it if scripts are disabled (useful to forcibly kill in-page popups). This feature can be disabled by setting the noscript.eraseFloatingElements about:config preference to false.
  • Right-clicking on NoScript menu items copy site domains to the clipboard (useful for reporting and investigating sites, thanks Tom T. for RFE)
  • Browserid.org has been added to the default whitelist.
  • "Click to play" protection against WebGL exploitation, now also on whitelisted sites (can be enabled in NoScript Options|Embeddings)
  • Security and Privacy Info page is shown whenever you middle-click on sites exposed by NoScript's UI, either in the menus or in the Whitelist options tab.
  • Middle clicking NoScript's toolbar button temporarily allows all on current page.

More in the changelog...


If you find something wrong about NoScript, read the FAQ page and/or let me know: I'll try to fix it as soon as I can.
You can also discuss about NoScript on this Forum. Have your safest browsing experience! ~~ Giorgio Maone




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users