Hacker News new | ask | show | jobs
by INTPenis 3232 days ago
One thing I learned several years ago when I decided to jump on the bandwagon and try Chrome was that Chrome was unable to safely block javascript the way NoScript does because the plugin framework doesn't allow a plugin to block Javascript before it's loaded.

So all the noscript equivalent for Chrome could offer was to block Javascript after it had loaded. Which seemed unreal and pointless.

So I stayed on Firefox. Because I've been convinced for many years now that Javascript plays a major role in malware delivery through the browser.

And along with email the browser is the major delivery platform for malware.
4 comments
user5994461 3232 days ago
NoScript block all three: javascript, java and flash.

Javascript can be used to deliver/encode/decode exploit payload. Usually the exploit itself is java or flash.

At least, that's what I noticed for the zero day RCE that made it up to the first page of Google.

link
notgood 3232 days ago
Chrome can block JavaScript before it's loaded, its what uBlock Origin does and others as well (using the WebRequest API available to Chrome extensions)
link
transposed 3232 days ago
I found uMatrix to be an adequate substitute once figured out (http://adamantine.me/index.php/2015/11/18/umatrix-desperatel...)
link
forapurpose 3232 days ago
It's important to know that NoScript does far more than block JavaScript; just look up its ABE component, for example.

For technical users, uMatrix' interface is an amazing achievement in, effectively, managing application firewall rules. It's breathtakingly efficient in both communicating active settings to the user and in configuring new rules. I wish my actual firewalls used that interface.

link
uwu 3232 days ago
chrome has a setting to block scripts and it lets you add exceptions for sites

it's also easy to access: http://cdn2.ubergizmo.com/wp-content/uploads/2012/11/site-in...

i wish firefox came with something similar

link
bo1024 3232 days ago
The advantage of Firefox's NoScript plugin is that it can be selective.

Say you randomly visit a site and want to temporarily allow the javascript it uses to do its thing, but you don't want to allow any other javascript on the page such as facebook's and google's. The built-in chrome javascript blocker doesn't let you pick and choose temporary permissions at that moment.

link
jamiek88 3232 days ago
I didn't know the firefox version could do that, it's something I've wanted for sometime.
link