Adblock Plus and NoScript = Security Issue?

Discussion in 'Windows Applications' started by Dark Atheist, May 2, 2009.

  1. Dark Atheist

    Dark Atheist Moderator Political User Folding Team

    In The Void
    It seems as if the two script authors have had a little bother with each other lately and harsh words have been said by either side. Here is a little from the adblock site

    And here is NoScripts response

    So i dont know about you but i havent used NoScript in a while, and after this maybe with good reason, It appears the damage maybe already done for NoScript as there are a lot of one star reviews of the addon on the mozilla addon site -
  2. tdinc

    tdinc █▄█ ▀█▄ █ Political User

    Sterling Heights, MICHIGAN
    That was complete BS by the No script devs. I will not trust them. sounds fishy.

    adblock+ FTW!
  3. Gigabot

    Gigabot OSNN Senior Addict

    I don't mind the ads that the author of No Script puts on his extension but I do mind if he modifies other extensions like Adblock to make it corrupt. That is very shady and wrong to do!
  4. X-Istence

    X-Istence * Political User

    I love people that use NoScript and other solutions, they get to see my pages without the proper mark-up (making it useful and easy to read), without the usability's and other things I have programmed into many of my websites since they don't want to run JavaScript.

    In Google Chrome there is not even an setting you can use to turn of JavaScript, you have to manually add a command line argument.

    JavaScript is going to become even bigger in HTML 5, with Canvas support, SVG support and CSS 3, the ability to store data client side in a database using SQL like syntax will allow developers to build bigger applications that rely less on storing the data on their servers but instead stores it locally, and all the transforming of data is done locally.

    One cool service that does this:, they allow you to manage your financial accounts and watch them and whatnot, but all of the data is stored client side as much as possible using Google Gears.

    NoScript is supposed to make it harder for XSS to work, and while it accomplishes this, at the same time it is the wrong solution to a problem that lies elsewhere. Developers of websites need to make sure they do proper input handling. Users disabling JavaScript makes it that much harder for us other developers that won't to use JavaScript to do good, or add certain services to our websites that are not possible without scripting.
  5. bmclaughlin807

    bmclaughlin807 Let's blow something up. Political User

    It's not that I don't want to run Javascript... it's that I don't trust EVERY web developer out there to not only not code their site maliciously, but to code it expertly and with the best security practices.

    If I'm going to visit a site regularly, it goes on the whitelist. If I'm visiting a site for a one-time visit, and it doesn't work properly, then I make a decision about whether to temporarily allow scripts.

    I very much prefer that -I- have the choice in the matter... it's the one thing that I really dislike about Chrome... no plugins and no way to turn scripts on and off. :(