Lets assume paypal.com has an XSS vulnerability, like the one announced yesterday: http://praetorianprefect.com/archives/2 ... 60cdc715,0
If I go to paypal.com and temporarily allow javascript access on it with noscript, as I understand it, I have to hope that none of the other websites that I have opened in other tabs will then attempt to exploit the Paypal XSS by dynamically adding an <iframe src="http://paypal.com/xssuri?evilpayload"></iframe> to their own dom? The only currently safe way to do this then is to close all your other tabs before allowing paypal.com to use javascript, and then make sure you log out before visiting any other websites?
It would be nice if there was a "Temporarily allow paypal.com in this tab only" option.
Temporarily allow example.com in this tab only
Temporarily allow example.com in this tab only
Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2.10) Gecko/20100914 Firefox/3.6.10