NoScript 10.1.2 update fixes major issues
The first WebExtensions version of NoScript arrived Sunday night, five days after the release of Firefox 57, the first WebExtensions exclusive version of the web browser.
The initial reception was not the greatest, with users criticizing the new user interface of the extension, and the lack of functionality.
While NoScript 10.x supports the blocking of connections, some features did not make it in the initial WebExtensions release because of missing APIs.
The new version of NoScript had some issues as well. It did not work in private browsing mode for instance, and nice to have features such as the options to temporarily allow all on the page were not available either.
Giorgio Maone released an update yesterday that addresses several of these issues. The update is already available on Mozilla AMO, and updates should be pushed out to user systems today. You can download and install the update from Mozilla AMO directly if you want to have it right away.
The new version of NoScript, NoScript 10.1.2 comes with several improvements and fixes.
The interface of the extension features two new buttons when you open it. One allows all connections temporarily on the active page, the other revokes these temporary permissions again.Â This was a much requested feature, and it is finally available again.
If you used the previous version, you will notice that the display of connections has changed as well. NoScript 10.x shows base domains only in the connection dialog in order to "simplify things".
You only get the base domain, e.g. google.com and not subdomains listed there by default. This gives users less control in the UI, as it is now no longer possible to allow a subdomain in the UI.
Giorgio notes that you can still do so in the options, but that is hardly sufficient in my opinion. While the simplification may make it easier for inexperienced users, Giorgio should consider adding a preference to NoScript to restore the full frontend listing.
The new version of NoScript fixes several issues of the first WebExtensions release. NoScript 10.x will run in private browsing mode now for instance, and the user interface is usable in high contrast mode as well.
Other fixes include making sure that requests of other WebExtensions are not blocked, and that live bookmarks feeds are not blocked.
Last but not least, Giorgio fixed an issue which caused custom preset permissions affecting default permissions sometimes.
It is clear that NoScript 10.x is a work in progress, and that it will take time before the WebExtensions version of the add-on will match most of the functionality of the legacy add-on version.
The new version suffers from design decisions as well, for instance how the interface looks like and what options users get when they click on the NoScript icon.
I don’t much mind the interface change, it’s the functionality as a whole that I’m concerned wit.
At this point it must be considered a beta product. NS 10 has had no beta whatsoever, so of course it needs work.
In the end (1st half of 2018) the functionality will be equal to legacy NoScript plus more features such as per-site permissions (already in) and perhaps leveraging the containers API, I can’t remember what was said exactly on that last one.
In the coming weeks NoScript will be good enough even in my book, and I have the toughest legacy NoScript configuration possible. The lack of per-site permissions feature was the main weakness of legacy NoScript and it’s finally there in the WebExtension.
I suspect if he doesn’t sort these things out (the UI especially) more advanced users will move to uMatrix.
Or just stick to ublock in medium or hard mode. Probably enough for many.
uBlock in medium mode is my method of choice.
After trying Noscript and Umatrix, I decided uBlock in medium mode was enough for me.
ublock is what I’m trying out now as well – seems OK and certainly better than Noscript as it stands (on Firefox 57 anyway). The dev of both umatrix and ublock says that all he uses these days is ublock in medium mode but I prefer to block all scripts (even 1st party) by default.
Help ! What is ublock medium or hard mode ? How can I set it up ? Can someone please explain this me and maybe to others, too ? Thanks and have a nice holiday.
uBo is ‘ublock origin’ by Gorhill. The mode is explained on github site.
@WhatMode – Here You go. – https://github.com/gorhill/uBlock/wiki/Blocking-mode
I’ say a lot of advanced users have already moved on to umatrix, its simply better in every way and outside of a few dated protection schemes (A.B.E, xss, and so on) noscript doesn’t offer much, especially with how shit webExtensions are. I much prefer umatrix because its scopes are awesome, and its very straightforward to setup.
uMatrix has no security protection at all, it’s just a content blocker. A great one.
NoScript has it all. That’s why you have NoScript on Tor Browser and not uMatrix.
What’s the difference ?
> uMatrix has no security protection at all
Yet another eager dismissal of uMatrix. Blocking scripts/plugins/frames/etc. *is* a security protection.
I know there are faithful NoScript users out there who have long tried and still try to dismiss uMatrix’s approach as not being a serious tool (including with false information sometimes), but it turns out that many of the features the new NoScript is announcing have been part of uMatrix since it was born, they are a natural consequence of the matrix UI, so they are seamless. It does appear that many users who are willing to look into uMatrix with an open mind do end up liking it after a short trial after all — many of them had no idea uMatrix even existed.
I remember how uMatrix’s and uBO’s approach of per-site permissions was often dismissed on NoScript forum, because one had to trust or not trust a remote server, so apparently wanting to allow a script only on one site was dismissed as not making sense. Suddenly, no more such argument is being made now that the new NoScript also supports per-site permissions. Lately, the new argument to steer users away from even considering trying uMatrix is “steep learning curve”, and yet many who do gives it a try end up “getting” it within a very short time.
Still spikes CPU to 100% for like 10 or more secs, even crashes on sites with lots of background scripts running.
Ugly interface, and lost powerful functions that Gecko Noscript had and mostlikely impossible to implement on chromifiedFOX.
Just like everone else says, either move to uMatrix or use uBlock’s Advanced Mode w/c is mature and developed on WebExtensions far longer than the dumb down Noscript.
Well, looks like Noscript is dead.
Exactly, dismissing any of these addon… WHUPPS Webextensions is like having masochistic intents.
Firefox 57.0 looks good, but I am wary of seriously using it without extra protection. Glad the updated NoScript is now available.
I disabled all the standard privacy leaks in my vanilla copy of Firefox 57 portable… and set it to open to about:blank. But as soon as I open FF it automatically connects to two Google servers and two Amazon servers, as well as my ISP.
Any easy way to block FF 57 from automatic connection to Google and Amazon ?
(does uMatrix solve this problem ?)
You can set browser.safebrowsing.malware.enabled to false in about:config since the malware scan sends a unique identifier for each downloaded file to Google.
Assuming you have no add-on, it should be solved by one of these:
I would also delete Firefox\browser\features\[email protected] if none of this works.
Hostsman + uBlock Origin in medium mode (with additional rules) is my choice.
I have switched to uMatrix + old No Script set to allow everything (allegedly this still provides XSS protection that uMatrix does not have).
While I’m far from being able to understand everything uMatrix does, or even its interface, I find the visual metaphor a stroke of genius. The more you use it, the more you learn about it, and about the way the Web works. Also, you can use it even if you don’t understand much of it.
On the other hand, No Script alone with maximum protection allowed for very comfortable browsing of most sites, with all the useless cruft taken out, and valuable stuff left available. Authorizing the primary domain was all that was needed in the majority of cases where something was missing.
With uMatrix, there are often missing bits, especially videos. Also, strangely enough, there’s a thorough Wiki for uBlock Origin, but the more advanced and difficult uMatrix has much less help available.
And I’m flabbergasted that the author himself would say that he does not use the more advanced of his two main blockers, but prefers the more entry-level one ! That must be pretty unique…
I have been spending more time working on uMatrix lately, including adding a bit of documentation (“Scope selector”, “How to ‘allow all’ in uMatrix”) — I had no clue uMatrix was offered as a replacement of NoScript, this took me by surprise.
Thanks for replying, gorhill. Yes, I’ve seen “Scope selector” and “How to ‘allow all’ in uMatrix”. Very helpful. I’m aware that uMatrix is supposed to be a different beast from No Script, but for the vulgum pecus, it’s not easy to understand why. Or what practical choices that should lead one to.
Firefox 57 & Noscript 10 usage guide
this,…. erm…. “Firefox Addon” is as useless as usual. Blocking a script NEVER provides infectious malware coming to ur PC.
Its always thee old way, download an exe or zip or whatever, do NOT scan it with protection programs, there u go.
So, the fault is as usual Brain.exe, which obviously sits infront of Monitors with a lack of experience,eh?
P.S.: Thee ultimate protection is, as usual, disconnect Pc, hahaha :)
It seems you haven’t kept up with the changing nature of cyber threats for a long time.
With the advent of ublock origin and umatrix i find noscript has become irrelevant and defunct.You spend half of your browsing time wondering which scripts to allow and which to block,its tiresome,
the so -called usefulness has gone to the developers head.
….my Pale Moon 27.6 with basic Noscript enabled only connects automatically to the ISP.
What does Pale Moon do differently from Firefox regarding auto-connections, or is it Noscript doing the work?
That’s Palemoon versus Firefox. Look at about:config on both browsers
Seems like a big mess has been created and this is probably just the top of the ice berg. So many good & useful add ons are not working anymore and guess who is left standing in the rain ? A good product ruined, a job well done by a committee which tried to create a race horse and ended up with an elephant on poodle legs.
The UI sux !
This Cross site pop up is absurd, it cannot be disabled. It’s comical how they call the options page “options” there are 3 and they are useless. If it isn’t broke, absolutely and completely ruin it.