"Many of the threats NoScript is currently capable of handling, such as XSS, CSRF or ClickJacking, have one common evil root: lack of proper isolation at the web application level." "Living inside the browser, the ABE component can take advantage of its privileged placement for enforcing web application boundaries, because it always knows the real origin of each HTTP request" * A pretty sophisticated firewall in your browser, Application Boundaries Enforcer (ABE), where you can even write your own policies: * Clearclick: Detects invisible elements which cover clicked visible elements * Filters WebGL, XSLT, Sophisticated XSS protection: Look up XSS on these pages: * Shift+click on host name, and pull up info on trustability from database NoScript provides many features that uMatrix does not: That would greatly reduce the learning curve. I have yet to find a good tutorial for uMatrix yet on how to make some pre-defined rules for common sites. But you should be able to whitelist those once then add them to your permanent whitelist. Anything which needs to reach out to jquery, ajax, etc. This is particularly irritating if there's a captcha on a form. Any page with a Google Captcha on it will take several refreshes to completely let them through. First youtube, then s., then, THEN you might finally get a video. It will take about three or four refreshes before you can whitelist everything necessary to get Youtube working. There are some growing pains associated with it, as there are with NS. I switched awhile back and found it somewhat more usable than NoScript, insofar as it usually allows Javascript on the local site by default, while automatically blocking JS on third-party domains. Made by the same developer of uBlock Origin, allows blocking of Javascript and other aspects of the site.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |