Beoordelingen voor NoScript Security Suite
NoScript Security Suite door Giorgio Maone
Beoordeling door Firefox-gebruiker 13553842
Waardering: 2 van 5
door Firefox-gebruiker 13553842, 8 jaar geledenGeorgio wrote:
> Unfortunately I cannot do the impossible (recreating legacy NoScript on the new, much more limiting WebExtension platform)
> just because "people" ask for the impossible. And I've the duty to provide the best security NoScript
BUT maybe it is not so much about recreating the old thing, than understanding what the problem with the new thing is. First you need to accept that the current approach is simply not intuitive. As a dev (I am one myself, so I had this problem myself) its hard to understand when that happens, because for you its as familiar as a part of your body, but it is obviously a mistery for everbody else.
Also, about your "duty": Its true what you said, but: if many people now dont use NoScript at all, because they do not get it anymore, you decreased web security by a lot.
So:
- Simpler is better. Simpler might be less safer, but if the alternative is not using it at all, it's still better. Way better.
- get rid of the slider. It looks mhm good(?), but its not recognizable as one.
- there is way to much clickable stuff, one does not get what is a button, what a link and whatnot...
- make it simpler: hide everything exept: domain name, status icon and -depending on the status- two buttons for each entry.
- clear design, dont change font size and font color at any time
- No xss-popups. In fact, never, ever use popups.
Instead:
- a simple list of domains like before, each with a status icon in front of it: your blue "S", for allowed, same with a little clock for temporarily allowd, red crossed "S" for disallowed
- depending on the current status of an entry, two buttons:
- if currently allowed: "disallow" and "temp. disallow"
- if currently disallowed: "allow" and "temp. allow"
- these buttons need to be different than the status icon. I would use red X and green hook/check, each with and without a little clock.
- dont make anything but the buttons clickable! not the text, not the status icon.
Thats it.
You can add a (clearly seperated from the other buttons, clearly different graphic) button behind each list entry to hide all the detailed settings, for the expert. Everybody else gets the simple list.
At the very buttom of the list go -clearly separated - three entries: "temp allow all" and "save permissions for this site" and "deactivate noscript".
No problem to do that in html. And believe me, people will love you again. :)
If you would like me to make a mockup of what Ive just desrcibed, just say so and tell me where to send it.
And btw.: You dont owe us anything. People have no right being rude to you about something you gave us for free. But maybe see their ill-advised passion as a testament to how important NoScript is to us. That is something I think, even if you must hate the internet right now.
I thank you for the old NoScript and that it helped increase my security. But I won't use the current one. So I would thank you again if you make it simple and easy to use again.
> Unfortunately I cannot do the impossible (recreating legacy NoScript on the new, much more limiting WebExtension platform)
> just because "people" ask for the impossible. And I've the duty to provide the best security NoScript
BUT maybe it is not so much about recreating the old thing, than understanding what the problem with the new thing is. First you need to accept that the current approach is simply not intuitive. As a dev (I am one myself, so I had this problem myself) its hard to understand when that happens, because for you its as familiar as a part of your body, but it is obviously a mistery for everbody else.
Also, about your "duty": Its true what you said, but: if many people now dont use NoScript at all, because they do not get it anymore, you decreased web security by a lot.
So:
- Simpler is better. Simpler might be less safer, but if the alternative is not using it at all, it's still better. Way better.
- get rid of the slider. It looks mhm good(?), but its not recognizable as one.
- there is way to much clickable stuff, one does not get what is a button, what a link and whatnot...
- make it simpler: hide everything exept: domain name, status icon and -depending on the status- two buttons for each entry.
- clear design, dont change font size and font color at any time
- No xss-popups. In fact, never, ever use popups.
Instead:
- a simple list of domains like before, each with a status icon in front of it: your blue "S", for allowed, same with a little clock for temporarily allowd, red crossed "S" for disallowed
- depending on the current status of an entry, two buttons:
- if currently allowed: "disallow" and "temp. disallow"
- if currently disallowed: "allow" and "temp. allow"
- these buttons need to be different than the status icon. I would use red X and green hook/check, each with and without a little clock.
- dont make anything but the buttons clickable! not the text, not the status icon.
Thats it.
You can add a (clearly seperated from the other buttons, clearly different graphic) button behind each list entry to hide all the detailed settings, for the expert. Everybody else gets the simple list.
At the very buttom of the list go -clearly separated - three entries: "temp allow all" and "save permissions for this site" and "deactivate noscript".
No problem to do that in html. And believe me, people will love you again. :)
If you would like me to make a mockup of what Ive just desrcibed, just say so and tell me where to send it.
And btw.: You dont owe us anything. People have no right being rude to you about something you gave us for free. But maybe see their ill-advised passion as a testament to how important NoScript is to us. That is something I think, even if you must hate the internet right now.
I thank you for the old NoScript and that it helped increase my security. But I won't use the current one. So I would thank you again if you make it simple and easy to use again.
2.411 beoordelingen
- Waardering: 5 van 5door Hopeavirta, 9 dagen geleden
- Waardering: 5 van 5door Lazy Cat, 10 dagen geleden
- Waardering: 5 van 5door sumobunny, 11 dagen geleden
- Waardering: 5 van 5door Zelgadis-San, 12 dagen geleden
- Waardering: 5 van 5door Dadou, 15 dagen geleden
- Waardering: 3 van 5door aq, 16 dagen geledenUser for at least 15 years, Something is conflicting on Firefox. It is blocking scripts and other add ons such as tampermonkey or violentmonkey with scripts added, but without any listing of what is being blocked. Only option is to shut it off to proceed.
Even blocking games internal scripts without any 'monkey' in use.
Please check and test - Waardering: 5 van 5door Simon Bünemann, 17 dagen geleden
- Waardering: 5 van 5door ADKFZ8O, 22 dagen geleden
- Waardering: 5 van 5door Marw, 25 dagen geleden
- Waardering: 1 van 5door aedgsegsfvw, één maand geledenWARNING! Causes crashes with SEVERE data loss. Since mid 2025, this extension regularly causes the browser to crash. It can even crash the browser so severely that windows freezes irreversibly, with SEVERE data loss as a result. The crashes stopped when I deleted this extension, and re-occurred after reinstalling it. Several others have reported the same issues on user forums.
- Waardering: 2 van 5door Firefox-gebruiker 15990777, één maand geleden
- Waardering: 5 van 5door Arman Daneshjoo, 2 maanden geleden
- Waardering: 5 van 5door elmika, 2 maanden geleden
- Waardering: 5 van 5door Firefox-gebruiker 19469020, 2 maanden geleden
- Waardering: 5 van 5door Firefox-gebruiker 14500718, 2 maanden geleden
- Waardering: 5 van 5door Firefox-gebruiker 19459487, 3 maanden geledenI'm notified every time WebGL is blocked on each page load. There's no way to disable these notifications and it's very irritating.
Edit: updated to 5 stars as it can be disabled after all but the setting isn't described very clearly.Antwoord van ontwikkelaar
3 maanden geleden geplaatstYou should not get any notification. Just a little placeholder inside the page, to be able to enable it back. And you can disable it by unchecking "NoScript Options>Appearance>Show synthetic placeholders for invisible capability probes" - Waardering: 5 van 5door Cello, 3 maanden geledenit's 5-stars, because it's little time and effort to manage and also Edward Snowden said that noscript is the best protection in the whole internet...(after some Firefox update, noscript does seem to block internet in Firefox,,, but I'm sure there will be a workaround in the next edition ... buona vacanza)
- Waardering: 1 van 5door Firefox-gebruiker 19223232, 3 maanden geledenok its a good security 4 ur browser but now the web is so slow that i cant even play a game on poki 💀💀
- Waardering: 5 van 5door Tony Klaus, 3 maanden geleden
- Waardering: 5 van 5door Firefox-gebruiker 19311874, 3 maanden geleden
- Waardering: 2 van 5door Michael Rabinovsky, 3 maanden geledenNo Script is an incredibly useful add-on. In the past, I'd have given it five stars; it now gets only two (see issues below). All in all, I'd say it's still better to have it than not, but that's only because there is no better alternative, and there is no difference between having to completely disable it on a page versus not having it at all.
First of all, it would have gotten three due to the issues I list further down, but it gets two because of a major functionality problem that makes it obnoxious to use, and by its admission, not private in private windows.
In the past, when you set it to trust top-level domains, it would automatically set them to temp trusted; however, for whatever reason, it now sets them to "custom," for me, which functions the same as untrusted, and changing it doesn't even refresh the page for you.
The default setting handling is a huge inconvenience, but that is not where the problems end. You cannot restore previous functionality by manually setting the top-level domain to temp trust. To enable scripts on the page, you must set it to trust, which makes it permanently trusted, and keeps a log of every page you visit in private windows. If you try to change it to temp trust and refresh the page, it goes back to "custom."
Besides that, the description for the extension is outdated. Not only does it still mention Flash, but it also claims no loss of functionality when you need it, which is not true. In most cases, enabling some scripts will return the functionality you need, but there are several reasons why that's not always the case.
Sometimes, certain scripts you need will be on sub-domains of the top-level domain, and they need to be enabled separately; however, NoScript doesn't show them because it thinks they are part of the main domain, so you have no way to make the site work without completely disabling the addon for the page.
In other instances, sites won't load all the scripts until they load some other domains. For example, a CDN containing vital scripts might not appear on the list because it's called after an analytics script has run. There is no way to know that unless you enable each script on the list, one by one. The domain doesn't need to be related; it's just something about how the page loads. - Waardering: 1 van 5door Angel, 3 maanden geledenEsta vaina debería tener un modo automático para aquellos que no saben de programación.
- Waardering: 5 van 5door whatever, 3 maanden geleden
- Waardering: 5 van 5door HunterMirror, 3 maanden geledenHe notado en las demás reseñas, que las personas no parecen comprender el propósito de este addon. La idea es que bloquee los scripts, si una página se rompe por ello, es algo perfectamente esperable, no es culpa de la extensión perse, sino de quien desarrolló dicha página web, queda a tu criterio si lo quieres añadir a la lista blanca o no. Lo realmente triste y reprochable, es más bien que hoy en día hayan tantas páginas que quieran que actives los scripts si o si para poder usarlos, incluso páginas que no los necesitan para nada.
El abuso de los scripts y la manía de convertir las páginas web en "aplicaciones", es lo que ha causado que ahora usar el navegador implique un consumo cada vez mayor de RAM, sin contar los riesgos de seguridad innecesarios del uso de scripts, tanto para el usuario como para el webmaster/desarrollador. Así que por mi parte, prefiero que se rompan las páginas que sean, no les voy a activar los scripts si no son páginas que hagan un uso inteligente y justo de ellas.