NoScript is a highly acclaimed Firefox security add-on that protects the user from scripts that are executed on websites. The approach is to block all scripts on a website unless the website gets whitelisted by the user. While that is certainly the best security approach it does require lots of manual whitelisting in the beginning and when visiting new websites.
Most users on the other hand prefer simplicity and no user interaction and that’s where YesScript comes into play. Its approach is the complete opposite of NoScript. YesScript allows all scripts on all websites unless they are blacklisted by the user.
The advantage of this method is that less user interaction is required. It does however undermine the security aspect because scripts will be executed normally as long as the website is not in the blacklist.
It comes down to an evaluation of the advantages and disadvantages of both methods. NoScript provides enhanced security while YesScript less work and vice versa. Installing YesScript from a security standpoint does not make that much sense but it is quite capable of removing scripts from websites that make extensive use of them.
Enjoyed the article?: Then sign-up for our free newsletter or RSS feed to kick off your day with the latest technology news and tips, or share the article with your friends and contacts on Facebook or Twitter.Related Articles:
NotScripts Brings Firefox NoScript Protection To OperaMy Firefox Security Profile
Feature-Complete NoScript Add-on Now Available For Firefox Mobile
NoScript Might Come To Google Chrome: Eventually
Block NoScript From Opening Homepage After Update
This looks useful.
The tool I have been searching for is a CPU Usage Meter that indicates the processor load imposed by each tabbed web page. It can display the average/max cpu load in a tool-tip box when the mouse hovers the tab. Then I can take more informed action on the offending site.
In NoScript’s options, you can enable that any 1st level domain (i.e. ghacks.net) has scripting allowed by default.
(and then you can ban some page, if you want)
it’s totally useless! :D
I agree with Tony, NoScript has that option and it works really good. It’s between “block all” and “allow all”, we can say “block extra”. I find it is a good approach
I use YesScript and QuickJava, the latter being a quick Java/script on-off button for when I wander in red light zone districts :)
I never liked NoScript, too heavy but above all, participates to a negative approach of the Web as a whole. So many sites use java nowadays, even to load a page, to download a file. Better off with Java on — besides exceptions — within a very good if not sophisticated system security overall.
er, how is that useful? Isnt it MORE of a hassle to manually blacklist bad scripts (by which time the script would already have run anyway)?! Besides, this doesn’t protect you against cross site scripting either..
This is an interesting…but totally useless idea. It’s like having a house with NoKeys enabled. All doors are left unlocked unless you blacklist them for a particular person…a burglar say…but how would you know in advance that a particular person is not trustworthy?
I have to agree that blacklisting is bad. I assume you’ve never read “The Six Dumbest Ideas in Computer Security”? Enumerating badness is always doomed to failure.
http://www.ranum.com/security/computer_security/editorials/dumb/index.html
Old post but still relevant today. The replies are obviously from NoScript fans, stuck in mindless “NoScript is a panacea” mode.
YesScript isn’t meant as a security solution, and it isn’t useless. It lets you block scripting on sites that have problematic scripts, and allow everything else. It’s really not hard to understand. Unless you’re mindless.
I’m with Pietzki…there’s so much to block that it would be a lot more work to do that than just to unblock selected sites. And NoScript in Allow Scripts Globally mode will behave the same way as YesScript, except that it adds silent protection against XSS, CSRF, etc.
“there’s so much to block that it would be a lot more work to do that than just to unblock selected sites”
LOL, Are you crazy?
The web is not a jungle where you’ll be raped in any corner with the “cock Javascript”. Thanks NoScript for creating users paranoid.
@x +1
Actually, the web is a jungle – or, at least, parts of it are, and until you visit a page, you don’t know whether it’s safe or not. But since YesScript isn’t a security addon, that’s not the key point.
YesScript is redundant when NoScript can be easily configured to do the same job, only better.