NoScript 10.1.2 update fixes major issues

Martin Brinkmann
Nov 23, 2017
Firefox
|
34

The first WebExtensions version of NoScript arrived Sunday night, five days after the release of Firefox 57, the first WebExtensions exclusive version of the web browser.

The initial reception was not the greatest, with users criticizing the new user interface of the extension, and the lack of functionality.

While NoScript 10.x supports the blocking of connections, some features did not make it in the initial WebExtensions release because of missing APIs.

The new version of NoScript had some issues as well. It did not work in private browsing mode for instance, and nice to have features such as the options to temporarily allow all on the page were not available either.

Giorgio Maone released an update yesterday that addresses several of these issues. The update is already available on Mozilla AMO, and updates should be pushed out to user systems today. You can download and install the update from Mozilla AMO directly if you want to have it right away.

The new version of NoScript, NoScript 10.1.2 comes with several improvements and fixes.

noscript webextension update

The interface of the extension features two new buttons when you open it. One allows all connections temporarily on the active page, the other revokes these temporary permissions again.  This was a much requested feature, and it is finally available again.

If you used the previous version, you will notice that the display of connections has changed as well. NoScript 10.x shows base domains only in the connection dialog in order to "simplify things".

You only get the base domain, e.g. google.com and not subdomains listed there by default. This gives users less control in the UI, as it is now no longer possible to allow a subdomain in the UI.

Giorgio notes that you can still do so in the options, but that is hardly sufficient in my opinion. While the simplification may make it easier for inexperienced users, Giorgio should consider adding a preference to NoScript to restore the full frontend listing.

The new version of NoScript fixes several issues of the first WebExtensions release. NoScript 10.x will run in private browsing mode now for instance, and the user interface is usable in high contrast mode as well.

Other fixes include making sure that requests of other WebExtensions are not blocked, and that live bookmarks feeds are not blocked.

Last but not least, Giorgio fixed an issue which caused custom preset permissions affecting default permissions sometimes.

Closing Words

It is clear that NoScript 10.x is a work in progress, and that it will take time before the WebExtensions version of the add-on will match most of the functionality of the legacy add-on version.

The new version suffers from design decisions as well, for instance how the interface looks like and what options users get when they click on the NoScript icon.

Summary
NoScript 10.1.2 update fixes major issues
Article Name
NoScript 10.1.2 update fixes major issues
Description
Giorgio Maone released NoScript 10.1.2, a new version of the WebExtensions version of the Firefox add-on that fixes issues and adds features.
Author
Publisher
Ghacks Technology News
Logo
Advertisement

Tutorials & Tips


Previous Post: «
Next Post: «

Comments

  1. blank said on November 24, 2017 at 9:42 am
    Reply

    This Cross site pop up is absurd, it cannot be disabled. It’s comical how they call the options page “options” there are 3 and they are useless. If it isn’t broke, absolutely and completely ruin it.

  2. Stefan said on November 24, 2017 at 5:50 am
    Reply

    The UI sux !

  3. LMAA said on November 24, 2017 at 3:52 am
    Reply

    Seems like a big mess has been created and this is probably just the top of the ice berg. So many good & useful add ons are not working anymore and guess who is left standing in the rain ? A good product ruined, a job well done by a committee which tried to create a race horse and ended up with an elephant on poodle legs.

  4. JJed said on November 23, 2017 at 11:26 pm
    Reply

    ….my Pale Moon 27.6 with basic Noscript enabled only connects automatically to the ISP.

    What does Pale Moon do differently from Firefox regarding auto-connections, or is it Noscript doing the work?

    1. gitninja said on November 27, 2017 at 1:14 am
      Reply

      That’s Palemoon versus Firefox. Look at about:config on both browsers

  5. Kubrick said on November 23, 2017 at 7:51 pm
    Reply

    With the advent of ublock origin and umatrix i find noscript has become irrelevant and defunct.You spend half of your browsing time wondering which scripts to allow and which to block,its tiresome,
    the so -called usefulness has gone to the developers head.

  6. InGSoC said on November 23, 2017 at 7:09 pm
    Reply

    Hello everybody,

    this,…. erm…. “Firefox Addon” is as useless as usual. Blocking a script NEVER provides infectious malware coming to ur PC.

    Its always thee old way, download an exe or zip or whatever, do NOT scan it with protection programs, there u go.

    So, the fault is as usual Brain.exe, which obviously sits infront of Monitors with a lack of experience,eh?

    Got it?

    Greets, InGSoC.

    P.S.: Thee ultimate protection is, as usual, disconnect Pc, hahaha :)

    1. Clairvaux said on November 23, 2017 at 8:18 pm
      Reply

      It seems you haven’t kept up with the changing nature of cyber threats for a long time.

  7. KeZa said on November 23, 2017 at 6:52 pm
    Reply
  8. Clairvaux said on November 23, 2017 at 6:27 pm
    Reply

    I have switched to uMatrix + old No Script set to allow everything (allegedly this still provides XSS protection that uMatrix does not have).

    While I’m far from being able to understand everything uMatrix does, or even its interface, I find the visual metaphor a stroke of genius. The more you use it, the more you learn about it, and about the way the Web works. Also, you can use it even if you don’t understand much of it.

    On the other hand, No Script alone with maximum protection allowed for very comfortable browsing of most sites, with all the useless cruft taken out, and valuable stuff left available. Authorizing the primary domain was all that was needed in the majority of cases where something was missing.

    With uMatrix, there are often missing bits, especially videos. Also, strangely enough, there’s a thorough Wiki for uBlock Origin, but the more advanced and difficult uMatrix has much less help available.

    And I’m flabbergasted that the author himself would say that he does not use the more advanced of his two main blockers, but prefers the more entry-level one ! That must be pretty unique…

    1. gorhill said on November 23, 2017 at 8:02 pm
      Reply

      I have been spending more time working on uMatrix lately, including adding a bit of documentation (“Scope selector”, “How to ‘allow all’ in uMatrix”) — I had no clue uMatrix was offered as a replacement of NoScript, this took me by surprise.

      1. Clairvaux said on November 23, 2017 at 8:11 pm
        Reply

        Thanks for replying, gorhill. Yes, I’ve seen “Scope selector” and “How to ‘allow all’ in uMatrix”. Very helpful. I’m aware that uMatrix is supposed to be a different beast from No Script, but for the vulgum pecus, it’s not easy to understand why. Or what practical choices that should lead one to.

  9. Anonymous said on November 23, 2017 at 5:39 pm
    Reply

    Hostsman + uBlock Origin in medium mode (with additional rules) is my choice.

  10. Remy said on November 23, 2017 at 4:39 pm
    Reply

    Firefox 57.0 looks good, but I am wary of seriously using it without extra protection. Glad the updated NoScript is now available.

    I disabled all the standard privacy leaks in my vanilla copy of Firefox 57 portable… and set it to open to about:blank. But as soon as I open FF it automatically connects to two Google servers and two Amazon servers, as well as my ISP.

    Any easy way to block FF 57 from automatic connection to Google and Amazon ?

    (does uMatrix solve this problem ?)

    1. Anonymous said on November 23, 2017 at 5:55 pm
      Reply

      Assuming you have no add-on, it should be solved by one of these:
      https://support.mozilla.org/en-US/kb/how-stop-firefox-making-automatic-connections
      https://www.mozilla.org/en/privacy/firefox/

      I would also delete Firefox\browser\features\followonsearch@mozilla.com.xpi if none of this works.

    2. TelV said on November 23, 2017 at 5:40 pm
      Reply

      See: https://support.mozilla.org/en-US/kb/how-stop-firefox-making-automatic-connections?redirectlocale=en-US&redirectslug=Firefox+makes+unrequested+connections

      You can set browser.safebrowsing.malware.enabled to false in about:config since the malware scan sends a unique identifier for each downloaded file to Google.

  11. Former user said on November 23, 2017 at 3:18 pm
    Reply

    Well, looks like Noscript is dead.

    1. Anonymous said on November 23, 2017 at 5:55 pm
      Reply

      Like, no.

      1. gitninja said on November 27, 2017 at 1:10 am
        Reply

        Exactly, dismissing any of these addon… WHUPPS Webextensions is like having masochistic intents.

  12. chromeFOX said on November 23, 2017 at 12:35 pm
    Reply

    Still spikes CPU to 100% for like 10 or more secs, even crashes on sites with lots of background scripts running.

    Ugly interface, and lost powerful functions that Gecko Noscript had and mostlikely impossible to implement on chromifiedFOX.

    Just like everone else says, either move to uMatrix or use uBlock’s Advanced Mode w/c is mature and developed on WebExtensions far longer than the dumb down Noscript.

  13. Gavin said on November 23, 2017 at 10:55 am
    Reply

    I suspect if he doesn’t sort these things out (the UI especially) more advanced users will move to uMatrix.

    1. Ayy said on November 23, 2017 at 11:16 am
      Reply

      I’ say a lot of advanced users have already moved on to umatrix, its simply better in every way and outside of a few dated protection schemes (A.B.E, xss, and so on) noscript doesn’t offer much, especially with how shit webExtensions are. I much prefer umatrix because its scopes are awesome, and its very straightforward to setup.

      1. gorhill said on November 23, 2017 at 7:53 pm
        Reply

        > uMatrix has no security protection at all

        Yet another eager dismissal of uMatrix. Blocking scripts/plugins/frames/etc. *is* a security protection.

        I know there are faithful NoScript users out there who have long tried and still try to dismiss uMatrix’s approach as not being a serious tool (including with false information sometimes), but it turns out that many of the features the new NoScript is announcing have been part of uMatrix since it was born, they are a natural consequence of the matrix UI, so they are seamless. It does appear that many users who are willing to look into uMatrix with an open mind do end up liking it after a short trial after all — many of them had no idea uMatrix even existed.

        I remember how uMatrix’s and uBO’s approach of per-site permissions was often dismissed on NoScript forum, because one had to trust or not trust a remote server, so apparently wanting to allow a script only on one site was dismissed as not making sense. Suddenly, no more such argument is being made now that the new NoScript also supports per-site permissions. Lately, the new argument to steer users away from even considering trying uMatrix is “steep learning curve”, and yet many who do gives it a try end up “getting” it within a very short time.

      2. Clairvaux said on November 23, 2017 at 6:30 pm
        Reply

        What’s the difference ?

      3. Anonymous said on November 23, 2017 at 5:49 pm
        Reply

        uMatrix has no security protection at all, it’s just a content blocker. A great one.

        NoScript has it all. That’s why you have NoScript on Tor Browser and not uMatrix.

    2. crambie said on November 23, 2017 at 10:59 am
      Reply

      Or just stick to ublock in medium or hard mode. Probably enough for many.

      1. Rick A. said on November 27, 2017 at 4:27 pm
        Reply
      2. gitninja said on November 27, 2017 at 1:08 am
        Reply

        @ WhatMode

        uBo is ‘ublock origin’ by Gorhill. The mode is explained on github site.

      3. WhatMode said on November 23, 2017 at 6:10 pm
        Reply

        Help ! What is ublock medium or hard mode ? How can I set it up ? Can someone please explain this me and maybe to others, too ? Thanks and have a nice holiday.

      4. Donkeyfumbler said on November 23, 2017 at 1:38 pm
        Reply

        ublock is what I’m trying out now as well – seems OK and certainly better than Noscript as it stands (on Firefox 57 anyway). The dev of both umatrix and ublock says that all he uses these days is ublock in medium mode but I prefer to block all scripts (even 1st party) by default.

      5. Cloudman said on November 23, 2017 at 12:45 pm
        Reply

        After trying Noscript and Umatrix, I decided uBlock in medium mode was enough for me.

      6. Gavin said on November 23, 2017 at 12:00 pm
        Reply

        uBlock in medium mode is my method of choice.

  14. Anonymous said on November 23, 2017 at 9:19 am
    Reply

    I don’t much mind the interface change, it’s the functionality as a whole that I’m concerned wit.

    1. Anonymous said on November 23, 2017 at 5:46 pm
      Reply

      At this point it must be considered a beta product. NS 10 has had no beta whatsoever, so of course it needs work.

      In the end (1st half of 2018) the functionality will be equal to legacy NoScript plus more features such as per-site permissions (already in) and perhaps leveraging the containers API, I can’t remember what was said exactly on that last one.

      In the coming weeks NoScript will be good enough even in my book, and I have the toughest legacy NoScript configuration possible. The lack of per-site permissions feature was the main weakness of legacy NoScript and it’s finally there in the WebExtension.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.