סקירות עבור NoScript Security Suite
NoScript Security Suite Giorgio Maone מאת
סקירה מאת משתמש Firefox 13446037
דירוג 3 מתוך 5
מאת משתמש Firefox 13446037, לפני 8 שניםWebExtension is a big change, so former NoScript is dead and NoScript 10 is just a new extension.
Hopefully the developer will probably recover some advanced features of the XUL version, but it will take time we must be patient.
As today, there is no alternative on Firefox 57.
It seems that developer of the excellent ScriipSafe on Chrome Webstore doesn't want to port it on Firefox.
He could have done this for Microsoft Edge since a long time, and nothing has been done.
And surfing without a script controller is I M P O S S I B L E
.
I just don't understand why Mozilla team has not developed a basic embedded javascript manager as it was in the very good former Opera 16 (presto engine), so it could have let all the time to the third party developers to create a more advanced extension.
This is not acceptable, THIS IS A VERY BIG FAULT from Mozilla.
The main issue I could address now to the developer is :
1) no possibility to grant authorization to a full domain (this is a big difference with ScripSafe which lets the choice to the user)
Example : I want to authorize domain and all subdomain of the CDN provider Akamai, This si possible with scripsafe by using the "trust" option instead of "allow", it is not possible here
I want to authorize all Akamai because due to load balancing process the CDN server may change a lot, and so you still need to allow various subdomain. Maybe the developer could implement very quickly a joker system allowing to enter domains like :
*.akamai.net
*.hd.akamai.net
In first case we allow every subdomain of akamai.net
In the second case we limit to every subdomain of hd.akamai.net
2) No synchornization option
Ideally, NoScript should store the users data in cloud through the Firefox account as ScripSafe does in the Google Account.
But maybe it is not possible according to the Firefox account policy, so the workaround should be to be able to synchronize data to/from a local path on the computer.
One just have to create this path in a OneDrive or Google Drive synchronized directory...and this should be done.
I have several computer, each computer has several users session, this is just annoying to set up NosSript for each repeating always the same process. And when I set up a new computer, I must restart from the beginning.
With ScripSafe, this is very easy... the extension automatically download and upload to Google Accounts (one must activate such option).
If ScripSafe is ever ported to Firefox with the same functionalities, I drop NoScript
3) Slow GUI
As today, the NoScript GUI is I N C R E D I B L Y slow.
As a comparison ScripSafe is incredibly fast to display the distant hosts list
But this version is a kind of quick done dirty version, let's be patient, this will be probably fixed in the future, but developer must know that the situation is as today not acceptable. I also suspect that NoScript 10 slows down the browser
4) Inefficient filtering mechanism
In the former XUL extension, the filtering engine of NoScript was crappy as it was oftenly forgetting a lot of distant host.
So one needed sometimes to switch to "allow all scripts" to see these hosts, and go back to "forbide all scripts", and so we could set rules for theses invisible hosts.
As compared, ScripSafe was far better as there was not such issues.
Finally.... XUL NoScript is dead and this is a very good thing because the filtering engine of NoScript was outdated and the author didn't want to admit that.
Let's see now if this brand new Web Extension addresses such issues, I can't say at this moment.
Hopefully the developer will probably recover some advanced features of the XUL version, but it will take time we must be patient.
As today, there is no alternative on Firefox 57.
It seems that developer of the excellent ScriipSafe on Chrome Webstore doesn't want to port it on Firefox.
He could have done this for Microsoft Edge since a long time, and nothing has been done.
And surfing without a script controller is I M P O S S I B L E
.
I just don't understand why Mozilla team has not developed a basic embedded javascript manager as it was in the very good former Opera 16 (presto engine), so it could have let all the time to the third party developers to create a more advanced extension.
This is not acceptable, THIS IS A VERY BIG FAULT from Mozilla.
The main issue I could address now to the developer is :
1) no possibility to grant authorization to a full domain (this is a big difference with ScripSafe which lets the choice to the user)
Example : I want to authorize domain and all subdomain of the CDN provider Akamai, This si possible with scripsafe by using the "trust" option instead of "allow", it is not possible here
I want to authorize all Akamai because due to load balancing process the CDN server may change a lot, and so you still need to allow various subdomain. Maybe the developer could implement very quickly a joker system allowing to enter domains like :
*.akamai.net
*.hd.akamai.net
In first case we allow every subdomain of akamai.net
In the second case we limit to every subdomain of hd.akamai.net
2) No synchornization option
Ideally, NoScript should store the users data in cloud through the Firefox account as ScripSafe does in the Google Account.
But maybe it is not possible according to the Firefox account policy, so the workaround should be to be able to synchronize data to/from a local path on the computer.
One just have to create this path in a OneDrive or Google Drive synchronized directory...and this should be done.
I have several computer, each computer has several users session, this is just annoying to set up NosSript for each repeating always the same process. And when I set up a new computer, I must restart from the beginning.
With ScripSafe, this is very easy... the extension automatically download and upload to Google Accounts (one must activate such option).
If ScripSafe is ever ported to Firefox with the same functionalities, I drop NoScript
3) Slow GUI
As today, the NoScript GUI is I N C R E D I B L Y slow.
As a comparison ScripSafe is incredibly fast to display the distant hosts list
But this version is a kind of quick done dirty version, let's be patient, this will be probably fixed in the future, but developer must know that the situation is as today not acceptable. I also suspect that NoScript 10 slows down the browser
4) Inefficient filtering mechanism
In the former XUL extension, the filtering engine of NoScript was crappy as it was oftenly forgetting a lot of distant host.
So one needed sometimes to switch to "allow all scripts" to see these hosts, and go back to "forbide all scripts", and so we could set rules for theses invisible hosts.
As compared, ScripSafe was far better as there was not such issues.
Finally.... XUL NoScript is dead and this is a very good thing because the filtering engine of NoScript was outdated and the author didn't want to admit that.
Let's see now if this brand new Web Extension addresses such issues, I can't say at this moment.
2,414 דירוגים
- דירוג 5 מתוך 5מאת Bob, לפני 28 דקות
- דירוג 1 מתוך 5מאת mlatpren, לפני יומייםIt does a great job at blocking, but is regularly frustrating with re-enabling things. It's supposed to show you what it's blocking, but that's extremely hit-or-miss. Occasionally, there'd be something blocked where the only solution is to disable the extension. As in, right-click and disable *from Firefox itself.*
- דירוג 3 מתוך 5מאת zekromVale, לפני 3 ימיםThere needs to be a CPU limit on this extension, using 30% CPU of an intel i7 11th gen laptop CPU on YouTube is ridiculous. Firefox for Ubuntu snap, flatpack, or just .deb are affected. Must disable NoScript to fix it or allow everything fully for all domains on the page. I would like more domains to be added to the global trusted list though (by default) or have a popup at the top when you first visit a page.
- דירוג 5 מתוך 5מאת Hopeavirta, לפני 13 ימים
- דירוג 5 מתוך 5מאת Lazy Cat, לפני 14 ימים
- דירוג 5 מתוך 5מאת sumobunny, לפני 15 ימים
- דירוג 5 מתוך 5מאת Zelgadis-San, לפני 16 ימים
- דירוג 5 מתוך 5מאת Dadou, לפני 19 ימים
- דירוג 3 מתוך 5מאת aq, לפני 20 ימיםUser for at least 15 years, Something is conflicting on Firefox. It is blocking scripts and other add ons such as tampermonkey or violentmonkey with scripts added, but without any listing of what is being blocked. Only option is to shut it off to proceed.
Even blocking games internal scripts without any 'monkey' in use.
Please check and test - דירוג 5 מתוך 5מאת Simon Bünemann, לפני 21 ימים
- דירוג 1 מתוך 5מאת aedgsegsfvw, לפני חודשWARNING! Causes crashes with SEVERE data loss. Since mid 2025, this extension regularly causes the browser to crash. It can even crash the browser so severely that windows freezes irreversibly, with SEVERE data loss as a result. The crashes stopped when I deleted this extension, and re-occurred after reinstalling it. Several others have reported the same issues on user forums.
- דירוג 2 מתוך 5מאת משתמש Firefox 15990777, לפני חודשיים
- דירוג 5 מתוך 5מאת Arman Daneshjoo, לפני חודשיים
- דירוג 5 מתוך 5מאת elmika, לפני חודשיים
- דירוג 5 מתוך 5מאת משתמש Firefox 19469020, לפני 3 חודשים
- דירוג 5 מתוך 5מאת משתמש Firefox 14500718, לפני 3 חודשים
- דירוג 5 מתוך 5מאת משתמש Firefox 19459487, לפני 3 חודשיםI'm notified every time WebGL is blocked on each page load. There's no way to disable these notifications and it's very irritating.
Edit: updated to 5 stars as it can be disabled after all but the setting isn't described very clearly.תגובת המפתח
מועד פרסום: לפני 3 חודשיםYou should not get any notification. Just a little placeholder inside the page, to be able to enable it back. And you can disable it by unchecking "NoScript Options>Appearance>Show synthetic placeholders for invisible capability probes" - דירוג 5 מתוך 5מאת Cello, לפני 3 חודשיםit's 5-stars, because it's little time and effort to manage and also Edward Snowden said that noscript is the best protection in the whole internet...(after some Firefox update, noscript does seem to block internet in Firefox,,, but I'm sure there will be a workaround in the next edition ... buona vacanza)
- דירוג 1 מתוך 5מאת משתמש Firefox 19223232, לפני 3 חודשיםok its a good security 4 ur browser but now the web is so slow that i cant even play a game on poki 💀💀
- דירוג 5 מתוך 5מאת Tony Klaus, לפני 3 חודשים
- דירוג 5 מתוך 5מאת משתמש Firefox 19311874, לפני 3 חודשים
- דירוג 2 מתוך 5מאת Michael Rabinovsky, לפני 3 חודשיםNo Script is an incredibly useful add-on. In the past, I'd have given it five stars; it now gets only two (see issues below). All in all, I'd say it's still better to have it than not, but that's only because there is no better alternative, and there is no difference between having to completely disable it on a page versus not having it at all.
First of all, it would have gotten three due to the issues I list further down, but it gets two because of a major functionality problem that makes it obnoxious to use, and by its admission, not private in private windows.
In the past, when you set it to trust top-level domains, it would automatically set them to temp trusted; however, for whatever reason, it now sets them to "custom," for me, which functions the same as untrusted, and changing it doesn't even refresh the page for you.
The default setting handling is a huge inconvenience, but that is not where the problems end. You cannot restore previous functionality by manually setting the top-level domain to temp trust. To enable scripts on the page, you must set it to trust, which makes it permanently trusted, and keeps a log of every page you visit in private windows. If you try to change it to temp trust and refresh the page, it goes back to "custom."
Besides that, the description for the extension is outdated. Not only does it still mention Flash, but it also claims no loss of functionality when you need it, which is not true. In most cases, enabling some scripts will return the functionality you need, but there are several reasons why that's not always the case.
Sometimes, certain scripts you need will be on sub-domains of the top-level domain, and they need to be enabled separately; however, NoScript doesn't show them because it thinks they are part of the main domain, so you have no way to make the site work without completely disabling the addon for the page.
In other instances, sites won't load all the scripts until they load some other domains. For example, a CDN containing vital scripts might not appear on the list because it's called after an analytics script has run. There is no way to know that unless you enable each script on the list, one by one. The domain doesn't need to be related; it's just something about how the page loads.