NoScript for Mobile Available For Download
NoScript 3.0a8 for mobile devices hasbeen just released, a popular Firefox addon which basically disables all the executable web content (JavaScript and Java by default, but also Flash and other plugins on demand) and lets the user choose on the fly, with a single click, the "trusted sites" where these potentially dangerous technologies are allowed.
The latest stable version has been tested on Firefox for Android, and it also works on Maemo.
The security add-on provides all the major security features of its desktop counterpart which make sense on a mobile device:
- Per-site active content permissions management.
- Anti-XSS (cross-site scripting) filter.
- ClearClick, the effective client-side protection against Clickjacking available on the client side.
- ABE (App Boundaries Enforcer), a webapp firewall inside your mobile browser to protect your router and web applications against CSRF and DNS rebinding attacks.
Important usability-oriented features - such as Script Surrogates or the ability to emulate JavaScript-only navigation on sites where scripting is blocked - have been ported as well, and other have been developed from scratch. For instance, on first run NoScript offers new users the ability to choose its default configuration among 4 presets which may be changed later:
- Easy Blacklist (you pick untrusted sites where JavaScript and plugins must be blocked)
- Click To Play (plugin a and audiovisual content is blocked until you click a placeholder)
- Classic Whitelist (you pick trusted sites where JavaScript and plugins can run, similar to the default NoScript 2.x setup)
- Full Protection (like "Classic Whitelist", but all the embedded content is blocked until you click, even on trusted sites)
Furthermore, while the in-page permission UI has been simplified and optimized for touchscreen consumption, NoScript for Mobile In-Page Permissions UI the underlying engine has been redesigned to allow deep per-site customization at the single permission level (e.g. making Flash permanently work by default on site X but not on site Y, even if JavaScript is allowed on both, or causing restrictions on a certain embedded object to depend on its parent page?s address). These permissions will be configured through a new desktop UI (under development, slated for inclusion in the first cross-device NoScript 3 beta) and synchronized safely via Firefox Sync across all the PCs, tablets and smartphones where NoScript is installed.
Users can also share their NoScript settings among their mobile devices.
Last but not least, NoScript 3 doesn't require a browser restart on installation and updates.
The security add-on provides all the major security features of its desktop counterpart which make sense on a mobile device:
- Per-site active content permissions management.
- Anti-XSS (cross-site scripting) filter.
- ClearClick, the effective client-side protection against Clickjacking available on the client side.
- ABE (App Boundaries Enforcer), a webapp firewall inside your mobile browser to protect your router and web applications against CSRF and DNS rebinding attacks.
Important usability-oriented features - such as Script Surrogates or the ability to emulate JavaScript-only navigation on sites where scripting is blocked - have been ported as well, and other have been developed from scratch. For instance, on first run NoScript offers new users the ability to choose its default configuration among 4 presets which may be changed later:
- Easy Blacklist (you pick untrusted sites where JavaScript and plugins must be blocked)
- Click To Play (plugin a and audiovisual content is blocked until you click a placeholder)
- Classic Whitelist (you pick trusted sites where JavaScript and plugins can run, similar to the default NoScript 2.x setup)
- Full Protection (like "Classic Whitelist", but all the embedded content is blocked until you click, even on trusted sites)
Furthermore, while the in-page permission UI has been simplified and optimized for touchscreen consumption, NoScript for Mobile In-Page Permissions UI the underlying engine has been redesigned to allow deep per-site customization at the single permission level (e.g. making Flash permanently work by default on site X but not on site Y, even if JavaScript is allowed on both, or causing restrictions on a certain embedded object to depend on its parent page?s address). These permissions will be configured through a new desktop UI (under development, slated for inclusion in the first cross-device NoScript 3 beta) and synchronized safely via Firefox Sync across all the PCs, tablets and smartphones where NoScript is installed.
Users can also share their NoScript settings among their mobile devices.
Last but not least, NoScript 3 doesn't require a browser restart on installation and updates.