Comment by wtallis
5 years ago
The full name as shown on addons.mozilla.org is "NoScript Security Suite", which more accurately conveys its purpose. Some of the features it provided really had nothing to do with JavaScript, such as NoScript's implementation of Strict Transport Security about 1.5 years before Firefox itself implemented that feature.
> "NoScript Security Suite", which more accurately conveys its purpose.
No, that just makes the name more confusing!
Still sounds like a JavaScript blocker, that doesn't clarify anything for me. I've never even looked at it as I've somehow associated it with "block all Javascript", seems like I missed out.
"Block all JavaScript" never required an extension. All the browsers have an option to turn JavaScript off entirely. NoScript started out as a way to provide an easy UI for selective blocking of scripts.
But it experienced the best kind of scope creep: it gained the ability to block other dangerous web features (eg. Flash and other plugin objects, web fonts, etc.), gained features to make life easier when blocking scripts (ie. the surrogate scripts feature), gained other security features for blocking evil actions by the scripts that are permitted (XSS blocking, clickjacking protection), and helped pioneer some security measures that weren't related to scripting (HSTS, ABE as a precursor to and superset of CORS).
IIRC if you turn JS off in the browser, the "noscript" blocks on sites get executed. But if you turn NoScript on, the "noscript" blocks aren't executed.
3 replies →