Loading…
feature - xss, csrf, click-jacking protection #1276
6 participants
Don't forget the Application Boundaries Enforcer (ABE).
I second this. While overkill for an adblocker, uBlock is not advertised as such but rather as an all-purpose blocker so I believe this would be in line with the extension's goal. But can it be implemented without affecting uBlock's low footprint?
It'd help immensely if anyone could write brief descriptions/specifications of how these features actually behave. I understand one could simply look at NoScript, but it'd help development greatly if we had a closed-form specifications for them.
Does that make sense?
Some of those buzzword features are already easy to mimic with uBlock alone. "Click-jacking protection," for instance, can be replicated by globally blocking 3rd-party frames.
uBlock is very much in line with the ABE module of NoScript. However, the various other filters in NoScript are not really suited to a general-purpose content blocker (and @CrisBRM: no, the clickjacking protection is not about blocking third-party frames. It's much more advanced than that.)
Perhaps you could achieve what you want by setting NoScript to global-allow mode and managing site permissions using uBlock.
since uB can filter JS, it seems to make NoScript largely obsolete, but not completely
i don't know how tall of a request this is, but i'm wondering if the most important features of NS could be incorporated into uB such as, perhaps, XSS, CSRF and click-jacking protection?