Lanny Marcus wrote:
On Fri, Apr 17, 2009 at 6:44 PM, Robert Nichols rnicholsNOSPAM@comcast.net wrote:
<snip> > My problem with NoScript is that there is virtually no site that I visit > that does not require scripting to function properly.
I think there is a mis-understanding of how noscript works.
By default it blocks ALL scripts. Click on the little noscript icon on bottom right corner of firefox to whitelist a host.
Once whitelisted - any scripts (with very few exceptions - scripts that explicitly look like exploits) served from that host will be allowed.
Most sites serve scripts from numerous different hosts - but usually you only have to whitelist the host you are visiting, as most scripts served from other hosts are advertisement scripts.
XSS usually involves a script served from another domain called in the page you are viewing, so noscript is extremely effective at blocking them.