RSS
DCS-Media provides reviews, techniques, technologies, programming and design tips to help you conduct not just business, but smart business.
Fireday - Firefox extension reviews for November 9, 2007
Friday, November 09, 2007 7:00 AM
Posted by Jonathan Danylko | Tag: Fireday | Comments: 0 | View blog reactions
This week: NoScript
NoScript
Rating: 5/5
If you're a JavaScript developer, you know all about XSS (Cross Site Scripting), but how do you protect yourself from it? I think we have a solution for you today.
Overview
NoScript is a Firefox extension that protects you from external scripts by notifying you of scripts that aren't part of the current domain. If you think the script is safe, you can validate it by approving it.
NoScript only allows JavaScript and Java execution from trusted domains, which is great for you power surfers who venture into unknown territory on the Internet. :-)
Not only is NoScript great for protecting you from XSS, it also won PC World's Top 100 Products of the Year of 2006. The Washington Post and the New York Times also love this extension.
Installation
NoScript installed into Firefox with no problems whatsoever. The download was 223K directly into Firefox.
When Firefox restarts, you'll notice a small 'S' icon in your status bar. Every time you visit a web site, NoScript kicks into gear and shows you the number of scripts loaded and whether or not you want to run them or not.
Features
After visiting a site or two with NoScript, a yellow bar at the bottom of my browser appeared and notified me that Java/JavaScripts were detected.
When you click the options button, a context menu appears with a list of all of the domains where the Java/JavaScripts were loaded. If you notice familiar domains in your list, click on the "Allow <domain name>" option to accept it.
As you visit other web sites, you'll start to create what is called a "whitelist" of trusted domains. This whitelist is generated while you are surfing and can easily be edited in the options of the extension (see below).
While there isn't a lot of features available for this extension, it definitely overcompensates in the configuration department. :-)
Configuration
The configuration for this extension is accessible through the 'S' icon in the status bar. Left-click on the 'S' to get the context menu and select the "Options..." item.
The options are broken into 6 sections: General, WhiteList, Plugins, Appearance, Notification, and Advanced.
On the General tab, you have the ability to control when NoScript should detect any unknown JavaScripts (Is it at the top domain or second-level domains?).
The Whitelist tab was briefly discussed above. Here is where you maintain your whitelist of trusted domains. If you made a mistake of adding a site, simply select the site here and remove it.
The Plugin tab adds additional restrictions to plugins, whether it be Microsoft Silverlight, Java, or Flash.
The Appearance tab gives you the option of making NoScript appear in the status bar as an icon or a label, and allows you to modify the context menu by adding or removing options.
The Notifications tab sets options for when you want to be notified when something happens. Do you want to be notified of an XSS attack as well as <NOSCRIPT> elements? You even have the option to play a sound file to notify you.
The Advanced tab displays additional restrictions and permissions for untrusted, trusted, and XSS sites.
Conclusion
Even though NoScript is small and considered a notification extension, it still shows that one small extension can make a difference in providing better security in your browsing experience, which is why Firefox is so popular among the techies.
NoScript is an extension that I would consider to be an "Iceberg" extension. Above the water, it doesn't look like it does much, but underneath the water, it's doing a lot to protect you from the various XSS threats from Type 0 to Type 2.
Definitely an extension to install immediately.
The rating for NoScript is a solid 5 out of 5.
See ya next week.
If you want your Firefox add-on reviewed, please contact me with the URL and we'll let you know when it's reviewed.
Technorati Tags: Technology, Fireday, Fireday, Firefox, Mozilla Firefox, extensions, addons, NoScript
Digg This
del.icio.us
Ma.gnolia
Reddit
Related Articles:
- Crazy Week!
- Fireday - Firefox extensions for May 26 (on May 29)
- Fireday - Firefox Extension Reviews for November 24, 2006
- Fireday - Firefox Extension Reviews on December 1, 2006
- Top 10 Firefox Web 2.0 Add-Ons
- Fireday - Firefox extension reviews for August 24, 2007
- Fireday Review: Book Burro
- Top 10 Firefox Business Extensions
- Fireday Review: Read it Later!
Chatterbox - 0 Comments
Posting anonymous comments requires approval
and will not appear immediately.
Please Register or Login to post a comment.
-->