NoScript 安全套件 的评价
NoScript 安全套件 作者: Giorgio Maone
Firefox 用户 13446037 的评价
评分 3 / 5
来自 Firefox 用户 13446037,7 年前WebExtension is a big change, so former NoScript is dead and NoScript 10 is just a new extension.
Hopefully the developer will probably recover some advanced features of the XUL version, but it will take time we must be patient.
As today, there is no alternative on Firefox 57.
It seems that developer of the excellent ScriipSafe on Chrome Webstore doesn't want to port it on Firefox.
He could have done this for Microsoft Edge since a long time, and nothing has been done.
And surfing without a script controller is I M P O S S I B L E
.
I just don't understand why Mozilla team has not developed a basic embedded javascript manager as it was in the very good former Opera 16 (presto engine), so it could have let all the time to the third party developers to create a more advanced extension.
This is not acceptable, THIS IS A VERY BIG FAULT from Mozilla.
The main issue I could address now to the developer is :
1) no possibility to grant authorization to a full domain (this is a big difference with ScripSafe which lets the choice to the user)
Example : I want to authorize domain and all subdomain of the CDN provider Akamai, This si possible with scripsafe by using the "trust" option instead of "allow", it is not possible here
I want to authorize all Akamai because due to load balancing process the CDN server may change a lot, and so you still need to allow various subdomain. Maybe the developer could implement very quickly a joker system allowing to enter domains like :
*.akamai.net
*.hd.akamai.net
In first case we allow every subdomain of akamai.net
In the second case we limit to every subdomain of hd.akamai.net
2) No synchornization option
Ideally, NoScript should store the users data in cloud through the Firefox account as ScripSafe does in the Google Account.
But maybe it is not possible according to the Firefox account policy, so the workaround should be to be able to synchronize data to/from a local path on the computer.
One just have to create this path in a OneDrive or Google Drive synchronized directory...and this should be done.
I have several computer, each computer has several users session, this is just annoying to set up NosSript for each repeating always the same process. And when I set up a new computer, I must restart from the beginning.
With ScripSafe, this is very easy... the extension automatically download and upload to Google Accounts (one must activate such option).
If ScripSafe is ever ported to Firefox with the same functionalities, I drop NoScript
3) Slow GUI
As today, the NoScript GUI is I N C R E D I B L Y slow.
As a comparison ScripSafe is incredibly fast to display the distant hosts list
But this version is a kind of quick done dirty version, let's be patient, this will be probably fixed in the future, but developer must know that the situation is as today not acceptable. I also suspect that NoScript 10 slows down the browser
4) Inefficient filtering mechanism
In the former XUL extension, the filtering engine of NoScript was crappy as it was oftenly forgetting a lot of distant host.
So one needed sometimes to switch to "allow all scripts" to see these hosts, and go back to "forbide all scripts", and so we could set rules for theses invisible hosts.
As compared, ScripSafe was far better as there was not such issues.
Finally.... XUL NoScript is dead and this is a very good thing because the filtering engine of NoScript was outdated and the author didn't want to admit that.
Let's see now if this brand new Web Extension addresses such issues, I can't say at this moment.
Hopefully the developer will probably recover some advanced features of the XUL version, but it will take time we must be patient.
As today, there is no alternative on Firefox 57.
It seems that developer of the excellent ScriipSafe on Chrome Webstore doesn't want to port it on Firefox.
He could have done this for Microsoft Edge since a long time, and nothing has been done.
And surfing without a script controller is I M P O S S I B L E
.
I just don't understand why Mozilla team has not developed a basic embedded javascript manager as it was in the very good former Opera 16 (presto engine), so it could have let all the time to the third party developers to create a more advanced extension.
This is not acceptable, THIS IS A VERY BIG FAULT from Mozilla.
The main issue I could address now to the developer is :
1) no possibility to grant authorization to a full domain (this is a big difference with ScripSafe which lets the choice to the user)
Example : I want to authorize domain and all subdomain of the CDN provider Akamai, This si possible with scripsafe by using the "trust" option instead of "allow", it is not possible here
I want to authorize all Akamai because due to load balancing process the CDN server may change a lot, and so you still need to allow various subdomain. Maybe the developer could implement very quickly a joker system allowing to enter domains like :
*.akamai.net
*.hd.akamai.net
In first case we allow every subdomain of akamai.net
In the second case we limit to every subdomain of hd.akamai.net
2) No synchornization option
Ideally, NoScript should store the users data in cloud through the Firefox account as ScripSafe does in the Google Account.
But maybe it is not possible according to the Firefox account policy, so the workaround should be to be able to synchronize data to/from a local path on the computer.
One just have to create this path in a OneDrive or Google Drive synchronized directory...and this should be done.
I have several computer, each computer has several users session, this is just annoying to set up NosSript for each repeating always the same process. And when I set up a new computer, I must restart from the beginning.
With ScripSafe, this is very easy... the extension automatically download and upload to Google Accounts (one must activate such option).
If ScripSafe is ever ported to Firefox with the same functionalities, I drop NoScript
3) Slow GUI
As today, the NoScript GUI is I N C R E D I B L Y slow.
As a comparison ScripSafe is incredibly fast to display the distant hosts list
But this version is a kind of quick done dirty version, let's be patient, this will be probably fixed in the future, but developer must know that the situation is as today not acceptable. I also suspect that NoScript 10 slows down the browser
4) Inefficient filtering mechanism
In the former XUL extension, the filtering engine of NoScript was crappy as it was oftenly forgetting a lot of distant host.
So one needed sometimes to switch to "allow all scripts" to see these hosts, and go back to "forbide all scripts", and so we could set rules for theses invisible hosts.
As compared, ScripSafe was far better as there was not such issues.
Finally.... XUL NoScript is dead and this is a very good thing because the filtering engine of NoScript was outdated and the author didn't want to admit that.
Let's see now if this brand new Web Extension addresses such issues, I can't say at this moment.
2,317 条评价
- 评分 5 / 5来自 DiGiTaL-CORE,5 小时前I've used NoScript for as long as I can remember. I love having such control over what websites can do on my side of the browsing experience. So many unnecessary scripts... Combined with uBlock, I can tell exactly what is not needed.
- 评分 5 / 5来自 Interrupteur,5 天前
- 评分 5 / 5来自 Universe,6 天前
- 评分 4 / 5来自 Firefox 用户 14219946,6 天前Would it be possible to add the user-saved NoScript settings to the user's Firefox account for syncing via the cloud? The "Firefox Multi-Account Containers" extension offers this, for example. I just had to "refresh" Firefox because something was causing it to crash in a loop, and so I lost all of the NoScript site preferences that I had set. It would be great to have these sync automatically when the extension is downloaded from my account. Thanks!
- 评分 4 / 5来自 Firefox 用户 18601515,9 天前хорошее расширение, но минус в том что он иногда блокирует нужные скрипты для работы некотрых сайтов и поэтому приходится вручную врубать, а так расширение отличное, рекомендую!
- 评分 5 / 5来自 ABHIMANYU KHADSE,10 天前
- 评分 5 / 5来自 Firefox 用户 18400659,11 天前
- 评分 5 / 5来自 JCD,13 天前
- 评分 5 / 5来自 sneksarecute,14 天前
- 评分 5 / 5来自 Cattypat,19 天前
- 评分 5 / 5来自 Raptor,24 天前
- 评分 5 / 5来自 Larry,24 天前
- 评分 3 / 5来自 Firefox 用户 18736741,24 天前I think it works well, and I do recommend getting it. Pages load faster, since they don't load much of the bloat and spam, this also helps with security, preventing a lot of code from executing without consent.
It does take a bit of time to customize for all of the sites that are regularly visited. Often time sites load a lot of items, which must be explicitly allowed, then often times when something is allowed, it opens up a lot more items that must also be allowed. Scripts have to be customized for each domain (not each site) to be allowed to run. Which leads me to my next point, and the reason I gave 3 stars instead of 5...
I have spent quite a lot of time getting all of the scripts I like setup, the individual sites and domains configured exactly like I like it. Then something really bad went wrong. On a completely different PC, I logged into my Firefox browser with my Firefox account, and it loaded all of my plugins, and those plugins all reset to their initial default value, not only on the new PC I logged in on, but it reset all of my noscript configuration on my main PC that I've been using for years!!! So much time configuring it exactly like I like it, all gone. It's really quite sad.
Overall, I still recommend getting it, but having lost all of my settings like that is really upsetting. I guess if I would have known this would happen ahead of time, maybe I could have backed up my settings or something, but I had no idea logging into Firefox on a completely different PC would erase all of my noscript settings on my original PC. - 评分 3 / 5来自 MB,24 天前Excellent attempt, but since it *constantly* forgets whatever settings I set the previous day, I end up having to re-allow the same site over and over.
It needs to have something more like uBlock Origin's lists, which seem to work consistently. - 评分 5 / 5来自 pibo06,1 个月前
- 评分 5 / 5来自 Firefox 用户 18729992,1 个月前
- 评分 5 / 5来自 Shogun5362,1 个月前
- 评分 5 / 5来自 Tempdirz,1 个月前
- 评分 3 / 5来自 Pavel,1 个月前It's good to block the scripts, but it started to loose the list of enabled sites every now and then. An to have some sites to work may require enabling several other sites. So I have to resort to "Enable all temporarily" due to my enabled list being lost.
- 评分 3 / 5来自 TDGalea,1 个月前Fantastic plugin to handle all the pathetic popups and tracking of the modern web. Only down two stars because it seems to keep forgetting my trusted sites. It's almost as if it's trying to sync, but instead of syncing my saves to new devices, new devices sync their empty lists to existing devices instead.
- 评分 2 / 5来自 Andy,1 个月前I've disabled restrictions globally in the extension and still get a "NoScript XSS Warning" when using SSO. There's no option to temporarily allow it; It's either allow this one attempt (that got interrupted and will therefore fail) or permenantly allow it forever. How about an "allow for this session" or "allow for x time"? Or even better, when I use the "disable globally" option it completely stops NoScript interfering? I've had to complettely disable the entire extension just to log in to some websites (trust pilot this specific time).nnot
- 评分 5 / 5来自 Blaze Fox,1 个月前
- 评分 5 / 5来自 rimutaka,1 个月前
- 评分 4 / 5来自 Ci3MNiC,1 个月前