Talk:NoScript: Difference between revisions

This is not a forum for technical support of NoScript. Try NoScript home page for help and forums.

This article has not yet been rated on Wikipedia's content assessment scale. It is of interest to the following WikiProjects:

Please add the quality rating to the {{WikiProject banner shell}} template instead of this project banner. See WP:PIQA for details. Computer Security: Computing Mid‑importance This article is within the scope of WikiProject Computer Security, a collaborative effort to improve the coverage of computer security on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.Computer SecurityWikipedia:WikiProject Computer SecurityTemplate:WikiProject Computer SecurityComputer Security Mid This article has been rated as Mid-importance on the project's importance scale. This article is supported by WikiProject Computing (assessed as Mid-importance). Things you can help WikiProject Computer Security with: Article alerts will be generated shortly by AAlertBot. Please allow some days for processing. More information... Review importance and quality of existing articles Identify categories related to Computer Security Tag related articles Identify articles for creation (see also: Article requests) Identify articles for improvement Create the Project Navigation Box including lists of adopted articles, requested articles, reviewed articles, etc. Find editors who have shown interest in this subject and ask them to take a look here. Please add the quality rating to the {{WikiProject banner shell}} template instead of this project banner. See WP:PIQA for details. Software: Computing Mid‑importance This article is within the scope of WikiProject Software, a collaborative effort to improve the coverage of software on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.SoftwareWikipedia:WikiProject SoftwareTemplate:WikiProject Softwaresoftware Mid This article has been rated as Mid-importance on the project's importance scale. This article is supported by WikiProject Computing. Please add the quality rating to the {{WikiProject banner shell}} template instead of this project banner. See WP:PIQA for details. Marketing & Advertising Low‑importance This article is within the scope of WikiProject Marketing & Advertising, a collaborative effort to improve the coverage of Marketing on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.Marketing & AdvertisingWikipedia:WikiProject Marketing & AdvertisingTemplate:WikiProject Marketing & AdvertisingMarketing & Advertising Low This article has been rated as Low-importance on the importance scale.

Archives (Index)

2013 2014 2015 2016 2020 2021

This page is archived by ClueBot III.

Can a knowledgeable person please discuss the similarities and differences between ABE and CSP? From what I can gather, they seem to have the same motivation and design goals. Is there a clear answer that one is stronger than the other? Are they compatible? Do they interfere with one another? Has either been widely deployed? — Preceding unsigned comment added by 128.112.139.195 (talk) 15:42, 21 February 2012 (UTC)[reply]

Though I'm not an expert, guess Maone specializes on scripts, a most common way of hackers attacking a user [1], while the Mozilla team is better on writing, very well, rendering things.

This is a question best raised on the NoScript support forums. However, I can comment on a few of the differences:

• CSP is server-side (has to be configured at each server, sends reports to the server), while ABE is client-side (configured in browser, logs results in error console).
• CSP just allows or blocks content, whereas ABE can take other actions like stripping authentication.
• CSP was primarily designed to stop cross-site scripting and other injections, while ABE was primarily designed to stop cross-site request forgery (but can defeat XSS/injections too).
• CSP allows wildcards, ABE allows either wildcards or regular expressions.
• CSP specifies only hostnames, ABE can specify full addresses including protocol and path.
• ABE knows about intranet vs internet addresses and can control traffic between them (in fact, it does this by default).
• CSP doesn't try to control requests originating from privileged code eg browser extensions. ABE can, although it is always possible for privileged code to defeat this, so it cannot be relied on to protect against malicious addons.
• ABE can distinguish between different types of object inclusions and different HTTP methods.
• They can work independently; if either blocks something, it will be blocked.
• I don't know of any metrics on how widely CSP is deployed, nor do I have any idea how many NoScript users take the time to configure ABE (which doesn't do very much out-of-the-box).

Carl.antuar (talk) 00:10, 12 February 2014 (UTC)[reply]

Now that "NoScript Security Suite" is the name listed on Mozilla [2] and the extension filename, presumably the name is changing or at least for the purposes of finding it amongst other extensions. As the changelog, website, etc have no mention of the name change, I've reverted the move of this article back to the original (and common name) in the meantime. Widefox; talk 09:54, 3 July 2013 (UTC)[reply]

It is mentioned on the NoScript support forums: http://forums.informaction.com/viewtopic.php?f=8&t=14220 Carl.antuar (talk) 01:52, 3 February 2014 (UTC)[reply]

I notice that a phrase in the 'Unintended benefits' section was removed, referring to NoScript extending the useful life of old hardware by lowering resource usage. This phrase was probably not a claim that the hardware actually lasts longer, but rather that otherwise-outmoded hardware can still perform at a usable speed due to the lower overheads. Perhaps it could be restored with a clearer wording? — Preceding unsigned comment added by Carl.antuar (talk • contribs) 04:52, 7 July 2015 (UTC)[reply]

Of course if you shut off all the scripting you lower resource uses. However, web developers continue to design sights which use extensive scripting for even the most mundane functions. Websites often will fail to function at all without their (often bloated) javascript "eye candy" (which is often tested in only a few browsers and may fail to load even if javascript is enabled because of assumptions about operating system, failure to recognize that there are dozens of browsers for nearly every operating system, including text-only browsers and screen readers/HTML-to-Braille needed by individual with limited vision. NoScript may have the same effect--rendering a website unreadable or unusable, albeit it consuming very few system resources. As long as website developers remain enamored with every script they can find on the web to add yet-another "gee-wiz" (or load yet another intrusive add) effect, eschewing normal (X)HTML, NoScript users will be faced with the choice of non-functioning websites v. having to decide on whether or not to let some script (which may be identified only by a shortened URI) from an obscure website run. So touting this as a feature, rather than a perennial pain in the butt is pretty shady. NoScript needs to provide some default whitelist options, provide some research/look-up about the blocked scripts (e.g. how many web sites use it, number of reported problems, what it does, etc.--all information which can be looked up by a user (who would rather be looking at the page they just tried to load rather than tracking down details of a handful of javascripts from just as many websites).

There's now version 2.7 since 26. Nov 2015 and has "Application Boundaries Enforcer"(ABE) and extended HTTPS-Management.

changelog — Preceding unsigned comment added by 176.127.14.58 (talk) 21:35, 18 December 2015 (UTC)[reply]

Hello fellow Wikipedians,

I have just modified one external link on NoScript. Please take a moment to review my edit. If you have any questions, or need the bot to ignore the links, or the page altogether, please visit this simple FaQ for additional information. I made the following changes:

• Corrected formatting/usage for http://www.mozilla.org/projects/security/secgrouplist.html

When you have finished reviewing my changes, please set the checked parameter below to true or failed to let others know (documentation at {{Sourcecheck}}).

This message was posted before February 2018. After February 2018, "External links modified" talk page sections are no longer generated or monitored by InternetArchiveBot. No special action is required regarding these talk page notices, other than regular verification using the archive tool instructions below. Editors have permission to delete these "External links modified" talk page sections if they want to de-clutter talk pages, but see the RfC before doing mass systematic removals. This message is updated dynamically through the template {{source check}} (last update: 5 June 2024).

• If you have discovered URLs which were erroneously considered dead by the bot, you can report them with this tool.
• If you found an error with any archives or the URLs themselves, you can fix them with this tool.

Cheers.—^{cyberbot II}_{Talk to my owner:Online} 05:48, 1 April 2016 (UTC)[reply]