NoScript is an open source JavaScript blocker for Firefox.

It allows active content to run only from trusted sites, and protects against cross site scripting and clickjacking attacks. Once installed, open the preferences (Menu button – Add-ons – Extensions – NoScript – Preferences) and tweak as desired. My preferred non-default options are:

  • General – Temporarily allow top-level sites by default: Enabled for base 2nd level domains.
  • General – Allow sites opened through bookmarks: Enabled.
  • Whitelist: I review the sites that are approved by default and delete those I don’t need.
  • Embeddings: Forbid Flash and Silverlight. Don’t forbid @font-face.
  • Notifications: Disable “show message about blocked scripts” and “display the release notes on updates”.

The above settings provide what I find to be a good balance between security and usability, but every use case is different. For additional security, consider:

  • General – Temporarily allow top-level sites by default: Disabled.
  • Embeddings: Forbid @font-face.

For increased usability (e.g. for public access kiosks or to protect irresponsible users from themselves), consider:

  • TODO
  • Appearance – Status bar label: Disable, to discourage end users from monkeying around with the settings

About Warren Post

So far: Customer support guy, jungle guide, IT consultant, beach bum, entrepreneur, teacher, diplomat, over-enthusiastic cyclist. Tomorrow: who knows?
This entry was posted in Uncategorized and tagged , . Bookmark the permalink.

One Response to NoScript

  1. Pingback: Firefox add-ons | A maze of twisty little passages

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s