In a previous post I discussed how to combine NoScript with co.mments.com As I later discovered the main problem was that the bookmarklet worked by inserting a script tag in the document, which, if scripting was disabled for the given page, could not be evaluated. I worked around this problem by using the temporary enable
feature, however I felt uneasy allowing wildcard domains like *.blogspot.com or *.googlepages.com because of the plethora of diverse content available on the subpages, some of which is surely malicious. Fortunately there is an option to make the control much more fine-grained: it can be accesses by going to the NoScript options -> Apperance and checking Full Domains
. After that you can white-list hype-free.blogspot.com separately not just blogspot.com in bulk ;).
This whole process illustrates very well the problem of the security aristocracy
, the haves and have-nots in the field of security. While NoScript is a nifty little tool, it requires understanding of different aspects like HTML / browsers / scripting at a level which most people would consider rather deep and over their had
. This means that there is (and probably will be) a layer of people who will be using these tools and think that the tools can solve all our problems.