Loading…
Can uBlock act as a complete replacement of NoScript? #1323
4 participants
No.
@gorhill How can NoScript be useful in combination with uBlock 0.8.7.0 then?
NoScript implements ClickJacking protection and an Application Boundaries Enforcer, I know that.
@lewisje Thanks.
@davidhedlund that version number is old, and I've just updated the wiki page. The functionality is still there though. Install an updated release from your browser's extension repository.
uBlock is even better than NoScript for handling scripts because it lets you easily allow connections to certain JS hosts based on the origin domain, which can only be achieved with NoScript if you meddle with its complex advanced preferences. For example, if you want only example.net to access twitter.com scripts, you can easily do that with the dynamic filtering panel of uBlock.
I used to use NoScript on Firefox, but the only times I saw its ClickJacking notifications were for false positives. As for "Application Boundaries", I don't need them anymore either because I haven't been been using Flash and other plugins for a long time. I use another browser for the rare occasions when I need to access some website that hasn't moved away from Flash yet.
The one extra extension I recommend you to have is HTTPS Everywhere.
@davidhedlund I just meant that I've deleted the "0.8.7.0" bit from the page you linked to because that's an old version. As I said before, all versions since it have this feature. Install and use the current one. It's going to be updated automatically.
We've already talked about the main differences between NoScript and uBlock, and I've said why I'm fine with only uBlock (I run no plugins on Firefox etc.). If you feel that you're at risk, take @gorhill's word as your guideline concerning this issue.
@anewuser I use IcedTea-Web Plugin for Java. Don't you think NoScript is useful for that?
Issues should not be opened for such questions. Apparently there are places on reddit to address such questions where users can share experience and insights, this is where this should go. This is just creating noise which drowns real issues with uBlock and make it much more difficult for developers to use their limited time productively.
@anewuser I've concluded that: The Application Boundaries Enforcer (ABE) and ClearClick (anti-clickjacking) protect web browser plugins from being exploited, uBlock lack those features. However, in most cases plugins are unnecessary in web browsers, and security experts recommend that it not be run in a browser unless absolutely necessary. It was suggested that, if plugins are required by a few Web sites, users should have a separate browser installation specifically for those sites. Note that frame-based clickjacking is still possible even if you don't use plugins.
@davidhedlund the places on Reddit where you can ask such questions are: https://www.reddit.com/r/ublock+ublockorigin+firefox
@anewuser Thanks.
“Dynamic filtering is available to advanced users. As of version 0.8.7.0, dynamic filtering in uBlock can act as a complete replacement of RequestPolicy, or similar add-ons.” - https://github.com/chrisaljoudi/uBlock/wiki/Dynamic-filtering