uMatrix & uBlock to Replace NoScript
I always slightly hated noscript because if I wanted to add a site exception to enable ONLY javascript, I was forced to risk allowing, for example, cross-site scripting or XHR for that site along with any others that I wanted to keep blocked.
If I wanted to allow ONLY a function of a 3rd party site required to make the 1st party site run, I had to allow unlimited access to the 3rd party site instead of just what I wanted.
Of course, I could go into noscript preferences and disable "block javascript" but that was GLOBAL and a pain to have to go back in settings to re-enable before browsing another site. Worse, it would be a risk if the current site threw a 3rd-party popup while I had the Global temporarily off...... you get the idea!
The makers of NoScript, in parallel, have been developing_ HTTP Switchboard_ for a long time_._ It is the exact same as NoScript but extremely better, allowing FULL flexibility. You can set, per Site, each domain's ability to manipulate the site in EITHER OR ALL categories of cookie(s), css, images, plugins, scripts, XHR, and "others".
This means if I go to yahoo.com, I can allow, either by default or individual site basis, yahoo.com to ONLY push images, css, and images. Then I can allow ONLY any subdomain required for certain functionality to ONLY run those elements needed for that functionality.
If I need to allow a third party, it's all the same and, unless I choose to make that exception global, that 3rd party domain's element will ONLY be allowed on THAT site!
If I want to allow a certain domain's element on ALL sites, by default, that's an option but, unlike noscript, I don't have to allow a global exception just to get a local exception for that one site's functionality.
They have now went even further to make uBlock and _uMatrix_, two addons that work together. The only difference between uMatrix and HTTP Switchboard is they took the checkbox on the option pages of HTTP Switchboard, to allow all 1st party elements, and put it on the main switchboard/matrix, allowing specific elements on ALL first party sites by default instead of having to either allow ALL elements on first party sites OR manually selecting on each new 1st party domain visited (see pictures).
uBlock, along with either uMatrix or Http Switchboard, are even better now by having auto-updating malicious (uMatrix) and privacy lists (uBlock),__ with the ability to add custom ones to block scripts/xhr on sites that would leak the ip, track you, or be malicious! __ If I choose to unblock an entire subdomain instead of specific elements on that 1st/3rd party (sub)domain, they will still block portions of those domains appearing on the self-updating block lists, unless I go further to override that.
The BEST PART OF ALL: I've worried about extensions I've installed and what sites they can connect to; with uMatrix, you can choose to have a separate set of permissions to apply to the extensions. Finally, I can restrict extensions that shouldn't connect to anywhere to not being able to :) This is the ONLY and FIRST noscript-like element manager, afaik, that can do this! You can use uMatrix to block uMatrix itself from getting blocklist updates, as I've accidentally done :)
The abilities to customize what to SAFELY allow and what to keep blocked, no matter what domain or what site, are ENDLESS; this will really help people use Tor more safely! PLEASE TAKE NOSCRIPT TO THE 21st CENTURY BY REPLACING IT WITH UMATRIX AND UBLOCK!
Trac:
Username: johnakabean