InformAction Forums

This 'advanced' feature of NoScript version 5 is very valuable and I use it with Firefox ESR 45.9 and 52.9 with Windows XP. I can browse without the possibility of an HTTP script executing. Unfortunately NoScript 10 lacks this feature and NoScript 5 is incompatible with Firefox Quantum. I realised this lack of functionality when I exported the NoScript configuration file to NoScript 10. I would wish to be able to set an additional check box for 'Allow HTTPS scripts globally on HTTPS documents' in NoScript 10 defaults. The now nearly universal adoption of HTTPS by websites makes this highly desirable to avoid tripping over scam websites with dangerous scripts.

It would be much appreciated if this functionality could be restored to NoScript 10.

Well, you can do that, if you want. Just add "http:" in the site permissions tab (with a red padlock) and set it to UNTRUSTED. Yes indeed, it's just as simple as that.

Do you want to allow first party HTTPS only or third party HTTPS as well?

In the first case configure the DEFAULT preset as you like it for the third party and check the checkbox "Temporary set top-level sites to TRUSTED".

In the second case just allow JavaScript in the DEFAULT preset.

Thank you musonius. I would never have guessed that. Your greater knowledge is much appreciated. I will try it tomorrow.

Thank you again musonius. Your post was the key which unlocked my understanding of NoScript 10. I am now achieving my security aims with Firefox Quantum and NoScript. HTTPS Everywhere is also a component in my schemings. The two extensions do complement each other.

You're welcome! This, unfortunately, is no well documented feature, but it is used by the Tor Browser in the safer configuration and that's why I know it. I have set "http:" to UNTRUSTED myself and the possibility to do so is a major reason why I prefer NoScript to other blockers. As far as I know, no other blocker makes that possible. It is reasonable to allow HTTP less than HTTPS as default.