NoScript trick

In a previous post I discussed how to combine NoScript with As I later discovered the main problem was that the bookmarklet worked by inserting a script tag in the document, which, if scripting was disabled for the given page, could not be evaluated. I worked around this problem by using the temporary enable feature, however I felt uneasy allowing wildcard domains like * or * because of the plethora of diverse content available on the subpages, some of which is surely malicious. Fortunately there is an option to make the control much more fine-grained: it can be accesses by going to the NoScript options -> Apperance and checking Full Domains. After that you can white-list separately not just in bulk ;).

This whole process illustrates very well the problem of the security aristocracy, the haves and have-nots in the field of security. While NoScript is a nifty little tool, it requires understanding of different aspects like HTML / browsers / scripting at a level which most people would consider rather deep and over their had. This means that there is (and probably will be) a layer of people who will be using these tools and think that the tools can solve all our problems.

Leave a Reply

Your email address will not be published.