Really noscript is better than nothing, but, imo, its not flexible enough.
In fact ns allows to block things than its authors consider as unsafe.
Hello! No, NoScript allows *You* to block things that *You* consider unsafe.
Which means a considerable amount of knowledge of coding by the user, who must write a considerable amount of code. Note:
"Caveat: Some Properties Have Multiple Access Paths", "Figuring out the correct object name to use is sometimes tricky"
and the extensive and varied examples, from which you must write your own lines for each site and element and policy.
Authors can say that ABE is what we need, nut its not correct. We cant define policies we need.
ABE is still a work in progress, and does not have an official stable release yet. It will, when Giorgio and the beta testers feel that it is mature and stable. Do you care to experiment with it in defining your own policies, or were you not aware that you could do that? We can point you to the directions for writing your own ABE rules if you are interested.
May we suggest NS (in near future) to transform to GUI for Mozz CAPS with set of template to block XSS, ckickfool etc ?
NoScript already provides substantial XSS and Clickjack protection, *even if scripting is allowed globally*. For the discussion on site-specific policies, a feature that has been requested and discussed extensively, please see http://forums.informaction.com/viewtopic.php?f=10&t=415
I think you will find that NoScript with the stable release of ABE, and perhaps with separate site-specific policies, will meet your needs, and permit all the flexibility you require. It is being developed actively. You can help by beta-testing ABE, or, of course, you are free to write all of your own coding under the CAPS procedure.
thanx in advance
You're very welcome. Thanks for taking the time to share your thoughts.