NoScript 安全套件 的评价
NoScript 安全套件 作者: Giorgio Maone
Firefox 用户 13553842 的评价
评分 2 / 5
来自 Firefox 用户 13553842, 8 年前Georgio wrote:
> Unfortunately I cannot do the impossible (recreating legacy NoScript on the new, much more limiting WebExtension platform)
> just because "people" ask for the impossible. And I've the duty to provide the best security NoScript
BUT maybe it is not so much about recreating the old thing, than understanding what the problem with the new thing is. First you need to accept that the current approach is simply not intuitive. As a dev (I am one myself, so I had this problem myself) its hard to understand when that happens, because for you its as familiar as a part of your body, but it is obviously a mistery for everbody else.
Also, about your "duty": Its true what you said, but: if many people now dont use NoScript at all, because they do not get it anymore, you decreased web security by a lot.
So:
- Simpler is better. Simpler might be less safer, but if the alternative is not using it at all, it's still better. Way better.
- get rid of the slider. It looks mhm good(?), but its not recognizable as one.
- there is way to much clickable stuff, one does not get what is a button, what a link and whatnot...
- make it simpler: hide everything exept: domain name, status icon and -depending on the status- two buttons for each entry.
- clear design, dont change font size and font color at any time
- No xss-popups. In fact, never, ever use popups.
Instead:
- a simple list of domains like before, each with a status icon in front of it: your blue "S", for allowed, same with a little clock for temporarily allowd, red crossed "S" for disallowed
- depending on the current status of an entry, two buttons:
- if currently allowed: "disallow" and "temp. disallow"
- if currently disallowed: "allow" and "temp. allow"
- these buttons need to be different than the status icon. I would use red X and green hook/check, each with and without a little clock.
- dont make anything but the buttons clickable! not the text, not the status icon.
Thats it.
You can add a (clearly seperated from the other buttons, clearly different graphic) button behind each list entry to hide all the detailed settings, for the expert. Everybody else gets the simple list.
At the very buttom of the list go -clearly separated - three entries: "temp allow all" and "save permissions for this site" and "deactivate noscript".
No problem to do that in html. And believe me, people will love you again. :)
If you would like me to make a mockup of what Ive just desrcibed, just say so and tell me where to send it.
And btw.: You dont owe us anything. People have no right being rude to you about something you gave us for free. But maybe see their ill-advised passion as a testament to how important NoScript is to us. That is something I think, even if you must hate the internet right now.
I thank you for the old NoScript and that it helped increase my security. But I won't use the current one. So I would thank you again if you make it simple and easy to use again.
> Unfortunately I cannot do the impossible (recreating legacy NoScript on the new, much more limiting WebExtension platform)
> just because "people" ask for the impossible. And I've the duty to provide the best security NoScript
BUT maybe it is not so much about recreating the old thing, than understanding what the problem with the new thing is. First you need to accept that the current approach is simply not intuitive. As a dev (I am one myself, so I had this problem myself) its hard to understand when that happens, because for you its as familiar as a part of your body, but it is obviously a mistery for everbody else.
Also, about your "duty": Its true what you said, but: if many people now dont use NoScript at all, because they do not get it anymore, you decreased web security by a lot.
So:
- Simpler is better. Simpler might be less safer, but if the alternative is not using it at all, it's still better. Way better.
- get rid of the slider. It looks mhm good(?), but its not recognizable as one.
- there is way to much clickable stuff, one does not get what is a button, what a link and whatnot...
- make it simpler: hide everything exept: domain name, status icon and -depending on the status- two buttons for each entry.
- clear design, dont change font size and font color at any time
- No xss-popups. In fact, never, ever use popups.
Instead:
- a simple list of domains like before, each with a status icon in front of it: your blue "S", for allowed, same with a little clock for temporarily allowd, red crossed "S" for disallowed
- depending on the current status of an entry, two buttons:
- if currently allowed: "disallow" and "temp. disallow"
- if currently disallowed: "allow" and "temp. allow"
- these buttons need to be different than the status icon. I would use red X and green hook/check, each with and without a little clock.
- dont make anything but the buttons clickable! not the text, not the status icon.
Thats it.
You can add a (clearly seperated from the other buttons, clearly different graphic) button behind each list entry to hide all the detailed settings, for the expert. Everybody else gets the simple list.
At the very buttom of the list go -clearly separated - three entries: "temp allow all" and "save permissions for this site" and "deactivate noscript".
No problem to do that in html. And believe me, people will love you again. :)
If you would like me to make a mockup of what Ive just desrcibed, just say so and tell me where to send it.
And btw.: You dont owe us anything. People have no right being rude to you about something you gave us for free. But maybe see their ill-advised passion as a testament to how important NoScript is to us. That is something I think, even if you must hate the internet right now.
I thank you for the old NoScript and that it helped increase my security. But I won't use the current one. So I would thank you again if you make it simple and easy to use again.
2,403 条评价
- 评分 1 / 5来自 aedgsegsfvw, 1 天前WARNING! Causes crashes with SEVERE data loss. Since mid 2025, this extension regularly causes the browser to crash. It can even crash the browser so severely that windows freezes irreversibly, with SEVERE data loss as a result. The crashes stopped when I deleted this extension, and re-occurred after reinstalling it. Several others have reported the same issues on user forums.
- 评分 2 / 5来自 Firefox 用户 15990777, 8 天前
- 评分 5 / 5来自 Arman Daneshjoo, 9 天前
- 评分 5 / 5来自 Firefox 用户 19469020, 1 个月前
- 评分 5 / 5来自 Firefox 用户 14500718, 1 个月前
- 评分 5 / 5来自 Firefox 用户 19459487, 1 个月前I'm notified every time WebGL is blocked on each page load. There's no way to disable these notifications and it's very irritating.
Edit: updated to 5 stars as it can be disabled after all but the setting isn't described very clearly.开发者回应
发布于 1 个月前You should not get any notification. Just a little placeholder inside the page, to be able to enable it back. And you can disable it by unchecking "NoScript Options>Appearance>Show synthetic placeholders for invisible capability probes" - it's 5-stars, because it's little time and effort to manage and also Edward Snowden said that noscript is the best protection in the whole internet...(after some Firefox update, noscript does seem to block internet in Firefox,,, but I'm sure there will be a workaround in the next edition ... buona vacanza)
- 评分 1 / 5来自 Firefox 用户 19223232, 2 个月前ok its a good security 4 ur browser but now the web is so slow that i cant even play a game on poki 💀💀
- 评分 5 / 5来自 Tony Klaus, 2 个月前
- 评分 5 / 5来自 Firefox 用户 19311874, 2 个月前
- 评分 2 / 5来自 Michael Rabinovsky, 2 个月前No Script is an incredibly useful add-on. In the past, I'd have given it five stars; it now gets only two (see issues below). All in all, I'd say it's still better to have it than not, but that's only because there is no better alternative, and there is no difference between having to completely disable it on a page versus not having it at all.
First of all, it would have gotten three due to the issues I list further down, but it gets two because of a major functionality problem that makes it obnoxious to use, and by its admission, not private in private windows.
In the past, when you set it to trust top-level domains, it would automatically set them to temp trusted; however, for whatever reason, it now sets them to "custom," for me, which functions the same as untrusted, and changing it doesn't even refresh the page for you.
The default setting handling is a huge inconvenience, but that is not where the problems end. You cannot restore previous functionality by manually setting the top-level domain to temp trust. To enable scripts on the page, you must set it to trust, which makes it permanently trusted, and keeps a log of every page you visit in private windows. If you try to change it to temp trust and refresh the page, it goes back to "custom."
Besides that, the description for the extension is outdated. Not only does it still mention Flash, but it also claims no loss of functionality when you need it, which is not true. In most cases, enabling some scripts will return the functionality you need, but there are several reasons why that's not always the case.
Sometimes, certain scripts you need will be on sub-domains of the top-level domain, and they need to be enabled separately; however, NoScript doesn't show them because it thinks they are part of the main domain, so you have no way to make the site work without completely disabling the addon for the page.
In other instances, sites won't load all the scripts until they load some other domains. For example, a CDN containing vital scripts might not appear on the list because it's called after an analytics script has run. There is no way to know that unless you enable each script on the list, one by one. The domain doesn't need to be related; it's just something about how the page loads. - 评分 5 / 5来自 HunterMirror, 2 个月前He notado en las demás reseñas, que las personas no parecen comprender el propósito de este addon. La idea es que bloquee los scripts, si una página se rompe por ello, es algo perfectamente esperable, no es culpa de la extensión perse, sino de quien desarrolló dicha página web, queda a tu criterio si lo quieres añadir a la lista blanca o no. Lo realmente triste y reprochable, es más bien que hoy en día hayan tantas páginas que quieran que actives los scripts si o si para poder usarlos, incluso páginas que no los necesitan para nada.
El abuso de los scripts y la manía de convertir las páginas web en "aplicaciones", es lo que ha causado que ahora usar el navegador implique un consumo cada vez mayor de RAM, sin contar los riesgos de seguridad innecesarios del uso de scripts, tanto para el usuario como para el webmaster/desarrollador. Así que por mi parte, prefiero que se rompan las páginas que sean, no les voy a activar los scripts si no son páginas que hagan un uso inteligente y justo de ellas. - 评分 5 / 5来自 Firefox 用户 18710229, 2 个月前This add-on works as intended and has saved me from a lot of potential problems and annoying website antics.
- 评分 2 / 5来自 Firefox 用户 19157064, 3 个月前Completely breaks reddit on mobile, site becomes unusable. I only got it for help blocking reddits creepy tracking bs on this browser.
- 评分 1 / 5来自 Cory Sanin, 3 个月前One star for SidebarUtil.tab.js
Disruptive as hell and for what? Why do you need to know if I have a sidebar open? I don't even know what a sidebar is. Remove this nonsense. - 评分 5 / 5来自 Firefox 用户 19145735, 3 个月前