Lanny Marcus wrote: > On Fri, Apr 17, 2009 at 6:44 PM, Robert Nichols > <rnicholsNOSPAM at comcast.net> wrote: > <snip> >> My problem with NoScript is that there is virtually no site that I visit >> that does not require scripting to function properly. I think there is a mis-understanding of how noscript works. By default it blocks ALL scripts. Click on the little noscript icon on bottom right corner of firefox to whitelist a host. Once whitelisted - any scripts (with very few exceptions - scripts that explicitly look like exploits) served from that host will be allowed. Most sites serve scripts from numerous different hosts - but usually you only have to whitelist the host you are visiting, as most scripts served from other hosts are advertisement scripts. XSS usually involves a script served from another domain called in the page you are viewing, so noscript is extremely effective at blocking them.