Saying yes to NoScript is saying no to exploits

Note: This post applies primarily to Mozilla Firefox.

If you’re looking for a safer internet browsing experience, or if you just want to play YouTube videos after a click and not automatically, NoScript is for you. It makes Firefox safer, faster, and is just generally worth your while.

Understanding Scripts

In almost every website, there are little pieces of code that tell your browser to do things. These are called scripts. Scripts are behind things like videos, login screens, and even some drop-down menus. In the right hands, scripts are very powerful and extremely useful. However, scripts do not always come from the right hands. Some scripts are written very poorly and take up lots of your time and bandwidth to load. Videos, especially, are notorious for slowing down webpages. Other scripts may be harmful to your computer or may take your personal information without you (or even the website owner) knowing about it. NoScript is an easy way to control what scripts run on your browser.
NoScript is an add-on for Mozilla Firefox, versions 3 and up. This post about browsers covers installing Firefox if you haven’t already, and if you don’t know what an add-on is, I have a post about add-ons, too.


Installing NoScript

Installing NoScript is extremely easy. Using Firefox, go to NoScript’s page on Firefox’s add-on site. Click on the green “Add to Firefox” button. Click “Install” when the prompt comes up, and NoScript will install itself. You may need to restart Firefox for NoScript to start. (To uninstall NoScript, go to the Add-ons Manager by clicking the puzzle piece in your Firefox menu, click on Extensions on the left, and click “Disable” or “Remove.”)


Using NoScript

Now that your new add-on is, well, on, it’s time to learn how to use it. There should be a blue “S” with a red circle and line through it. That’s your NoScript menu, and it’s the primary way to use NoScript. If your click on it, several options appear. This menu is how you will allow the scripts that are safe.

Generally, you should only allow sites that you trust. However, because scripts are so common, sometimes a website won’t work without allowing their scripts. This is when you can take advantage of the “Temporarily allow” option. When you close your browser, the scripts that are temporarily allowed will stop being allowed for safety.

If you find that a website just won’t work, you can use the option marked “Temporarily allow all this page” to run all the scripts on the page. This is not recommended.

One caveat: NoScript blocks things like videos whether or not the website’s scripts are allowed. To unblock them, click on the yellow rectangle with the NoScript icon in it and click “Ok”.


Hidden Benefits of NoScript

There are several more passive benefits to using NoScript. As mentioned above, it blocks things like video and audio until you allow them, but it also will block cross-site scripts, which are very suspect and can easily be used for ill purposes.

Despite the name, however, NoScript blocks more than just scripts. There is an exploit called clickjacking, where an attacker will hide a malicious button with something you might want to click. NoScript detects this and prevents you from clicking on it. NoScript also tells you about the clickjacking attempt and lets you see what you were really clicking on. If the site is just programmed strangely, you can go ahead and bypass the protection. If it’s something bad, you can leave safely.



NoScript may take a little bit of getting used to. Most sites use, at the least, some Javascript that will be blocked by default with NoScript. Just remember to allow the scripts for sites you trust and they’ll end up working fine.

If you want more information and/or support with this add-on, NoScript’s website is a great place to start. There’s a NoScript FAQ that also might be helpful in answering your questions.



Tip of the Week:
Try turning it off and back on again.

Leave a Comment!

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s