You do realize that NoScript is not "block all scripts", right?
I see so many people criticizing it with no apparent experience or use of it, and this is the primary misconception I see. It is not block all scripts. Why would anyone need an extension for that? You just turn off Javascript in the preferences for that. What it is is a domain-by-domain whitelister.
I can't use Chrome because it doesn't have NoScript, and I end up routinely visiting domains that I didn't even realize have some foreign-loaded script that pops up some crappy survey over the page ("please give us your private info under the guise of providing site feedback we intend to ignore!"), or pops up a flash ad, or who knows what. The web is too irritating to use anymore without it. (And Flashblock.)
Also, NoScripts does have heuristics, but they can't catch already-in-the-page XSS without firing too many false positives. They do have some decent protection against hostile links that have XSS-inducing strings in a query string or something. You can in fact download NoScript and configure it just for that. Personally, I've never had anything but a false positive from that check, but I don't cruise fora where such links are common.
It isn't anywhere near as hard to use as the critics say it is. I know this because I use it on three systems and I don't even bother trying to synchronize the settings somehow; it's more work to synchronize the settings that just use it in all three places.
> I can't use Chrome because it doesn't have NoScript, and I end up routinely visiting domains that I didn't even realize have some foreign-loaded script that pops up some crappy survey over the page ("please give us your private info under the guise of providing site feedback we intend to ignore!"), or pops up a flash ad, or who knows what. The web is too irritating to use anymore without it. (And Flashblock.)
> You do realize that NoScript is not "block all scripts", right?
Actually, I didn't. You do realize that the name "NoScript" implies NO SCRIPTS, right? It shouldn't be surprising that many people think it makes your browser execute "no scripts".
I see so many people criticizing it with no apparent experience or use of it, and this is the primary misconception I see. It is not block all scripts. Why would anyone need an extension for that? You just turn off Javascript in the preferences for that. What it is is a domain-by-domain whitelister.
I can't use Chrome because it doesn't have NoScript, and I end up routinely visiting domains that I didn't even realize have some foreign-loaded script that pops up some crappy survey over the page ("please give us your private info under the guise of providing site feedback we intend to ignore!"), or pops up a flash ad, or who knows what. The web is too irritating to use anymore without it. (And Flashblock.)
Also, NoScripts does have heuristics, but they can't catch already-in-the-page XSS without firing too many false positives. They do have some decent protection against hostile links that have XSS-inducing strings in a query string or something. You can in fact download NoScript and configure it just for that. Personally, I've never had anything but a false positive from that check, but I don't cruise fora where such links are common.
It isn't anywhere near as hard to use as the critics say it is. I know this because I use it on three systems and I don't even bother trying to synchronize the settings somehow; it's more work to synchronize the settings that just use it in all three places.