FAQ addition request

[Aspirant]

The FAQ at http://noscript.net/faq#qa1_10 is very helpful for many people to understand why NoScript is necessary. Some people, however, would not be convinced by this info because they don't understand computer technology or they believe the probability of problems is small. For such people, a demonstration is helpful. I suggest adding to this FAQ a link to http://evil.hackademix.net/annoy/ along with instructions on how to terminate the browser in Windows Task Manager.

From http://forums.informaction.com/viewtopi ... =15#p11809

Script blocking (which you turn off) prevents 3rd party scripts from being included in your whitelisted site if their origins are not whitelisted as well.
This has nothing to do with Anti-XSS, but helps in most persistent XSS / SQL Injection scenarios, because using a remote inclusion is much more practical, and often the only feasible path for an attacker (e.g. if the injectable field has length constraints, see http://ha.ckers.org/blog/20080110/dimin ... st-wrapup/ ).

I suggest adding this info to the FAQ so users understand how NoScript protects them if their financial website gets hacked, and also so users understand the dangers of allowing all scripts on a page.