Reviews for NoScript Security Suite
NoScript Security Suite by Giorgio Maone
Review by Firefox user 13551289
Rated 2 out of 5
by Firefox user 13551289, 7 years agoOk, I just got the update and have to say I really hate the new version and am considering dumping it completely. There are a lot of reasons why.
Under the old version, when you visit a new website, it shows a popup saying that scripts are disabled and giving you a quick option to temporarily or permanently enable scripts for just that website. Under the new version, you don't even know if the scripts are blocked, and if the website is malfunctioning because it needs its scripts, or what.
Also, the new UI really sucks. Everything is all icons now and I don't have a clue what any of them do. Am I allowing scripts or blocking them? Am I permanently allowing them or just temporarily? You could at least give us the option to go back to the classic interface.
I've also noticed that for every single website I go to, I have to tell it not to allow XSS from that website to facebook.com. It's really annoying. There is no option to just say, don't allow XSS from anywhere to facebook.com. Under the old version, it only gave me an XSS warning for a certain few websites which I could then do an unsafe reload. Now it's like there's cross-scripts everywhere.
Ok so maybe a useful feature would be to allow for example facebook.com (seems to be the main offender here) when I'm ON facebook.com, but disable it when any other website tries to cross-script to it.
Anyway to sum it up, the new version nags me incessantly and isn't clear enough about what's going on for me to figure out how to allow the scripts I want and block the ones I don't. Please go back to the old version.
Under the old version, when you visit a new website, it shows a popup saying that scripts are disabled and giving you a quick option to temporarily or permanently enable scripts for just that website. Under the new version, you don't even know if the scripts are blocked, and if the website is malfunctioning because it needs its scripts, or what.
Also, the new UI really sucks. Everything is all icons now and I don't have a clue what any of them do. Am I allowing scripts or blocking them? Am I permanently allowing them or just temporarily? You could at least give us the option to go back to the classic interface.
I've also noticed that for every single website I go to, I have to tell it not to allow XSS from that website to facebook.com. It's really annoying. There is no option to just say, don't allow XSS from anywhere to facebook.com. Under the old version, it only gave me an XSS warning for a certain few websites which I could then do an unsafe reload. Now it's like there's cross-scripts everywhere.
Ok so maybe a useful feature would be to allow for example facebook.com (seems to be the main offender here) when I'm ON facebook.com, but disable it when any other website tries to cross-script to it.
Anyway to sum it up, the new version nags me incessantly and isn't clear enough about what's going on for me to figure out how to allow the scripts I want and block the ones I don't. Please go back to the old version.
Developer response
posted 7 years ago1) The UI shows you all the domains that are trying to run active content, just like before, but more compact. You can allow them individually (by assigning the TRUSTED preset), leave them not running (DEFAULT), blacklisting (UNTRUSTED) or even assign CUSTOM permissions. Not just that, but better than before if you can modify each preset on the fly and even see the minimum permissions needed for the site to work (they've got a pink background).
2) To assign the TRUSTED preset temporarily, you just click it once. To make it permanent, you click the clock icon and make it fade away (temporary->permanent).
3) The XSS filter now has a "Always block requests from a.com to b.com" option, that you can use exactly the way you say you want.
2) To assign the TRUSTED preset temporarily, you just click it once. To make it permanent, you click the clock icon and make it fade away (temporary->permanent).
3) The XSS filter now has a "Always block requests from a.com to b.com" option, that you can use exactly the way you say you want.