Comment by dividedbyzero
5 years ago
Still sounds like a JavaScript blocker, that doesn't clarify anything for me. I've never even looked at it as I've somehow associated it with "block all Javascript", seems like I missed out.
5 years ago
Still sounds like a JavaScript blocker, that doesn't clarify anything for me. I've never even looked at it as I've somehow associated it with "block all Javascript", seems like I missed out.
"Block all JavaScript" never required an extension. All the browsers have an option to turn JavaScript off entirely. NoScript started out as a way to provide an easy UI for selective blocking of scripts.
But it experienced the best kind of scope creep: it gained the ability to block other dangerous web features (eg. Flash and other plugin objects, web fonts, etc.), gained features to make life easier when blocking scripts (ie. the surrogate scripts feature), gained other security features for blocking evil actions by the scripts that are permitted (XSS blocking, clickjacking protection), and helped pioneer some security measures that weren't related to scripting (HSTS, ABE as a precursor to and superset of CORS).
IIRC if you turn JS off in the browser, the "noscript" blocks on sites get executed. But if you turn NoScript on, the "noscript" blocks aren't executed.
They are not "executed". They are displayed to user.
2 replies →