[skgoa]

Overall I agree, but NoScript not working anymore directly resulted in me having to kill all Firefox processes when an ad stopped me from closing a tab by constantly opening new alert windows.

[clouddrover]

NoScript has been released for Firefox 57:

https://hackademix.net/2017/11/21/noscript-1011-quantum-powe...

https://addons.mozilla.org/en-US/firefox/addon/noscript/

[wtallis]

Late, and very incomplete, despite the best efforts of the extension's author. It'll be months at a minimum before the missing features are restored.

[minitech]

You can just close the tab regardless of whether it’s showing an alert nowadays. (I also recommend µMatrix – it’s pretty much a better version of NoScript.)

[wtallis]

> I also recommend µMatrix – it’s pretty much a better version of NoScript.

No, it isn't. uMatrix is a replacement only for the shallowest feature of NoScript. There's a ton of stuff that classic NoScript does that nothing else provides (including the new WebExtensions NoScript, so far).

[minitech]

The shallowest feature of NoScript – content blocking – is the only useful thing it provides. The rest of it, like the XSS filter, is poorly-written misfeatures, or stuff that’s available in about:config. (To be fair, µMatrix has its own misfeatures – looking at you, UA switching.)

[gorhill]

> looking at you, UA switching

Agreed, I plan to remove this. See: https://github.com/gorhill/uMatrix/issues/771#issuecomment-2...

[wtallis]

> The rest of it, like the XSS filter, is poorly-written misfeatures, or stuff that’s available in about:config.

NoScript classic has a lot of functionality that helps you keep sites usable when scripts are blocked, or to help you stay secure when you have to allow some scripts. Some of the latter features are protections that will occasionally get in the way of sites that are fucked up in non-malicious ways, but that doesn't make them misfeatures. In my experience, the only XSS filter false positive has been Wolfram Alpha, and I've only encountered the clickjacking protection with advertisements that are getting in the way of the content I'm trying to interact with.

[minitech]

> NoScript classic has a lot of functionality that helps you keep sites usable when scripts are blocked

Sounds good, but have you looked at the code behind this? The XSS filter is the same way – a giant mess that only protects against the most trivial of XSS anyway.

I forgot about its clickjacking feature, though. You’re right, that one is valuable.

[notzorbo3]

Is there uMatrix for the new Firefox? Are there even plans? Because I refuse to use a browser without uMatrix.

edit: I see it's there. Released yesterday. Yay! Now if only Firefox could add a "Add to desktop" option, I could really switch!

[nasredin]

You can do click-to-play HTML5 videos with NoScript.

Can't do that with UMatrix.

FYI you can actually use both NoScript and UMatrix at the same time.

[user5994461]

You don't need an extension for that. Go to about:config and set media.autoplay.enabled to false.

[nasredin]

Spent a lot of time on this, so:

NoScript ("allow first-party scripts" and block everything in "Embeddings" tab) + FlashBlock seem to be the only way to block all autoplaying crap in Firefox for me.

You can also add uMatrix, uBlock & RequestPolicy and surprisingly they don't conflict with each other!