Put Allow/Forbid Scripts Globally at the TOP of the menu

[warrenn]

The choice to Allow/Forbid scripts globally is currently at the bottom of the NoScript list. It would be better to have it at the top in a more fixed location for a few reasons:

1. When I need to enable all scripts, it is waaaay at the bottom and I have to sometimes go past a lot of other scripts. It's easy to accidentally click on one of the other menu choices.

2. As the page is loading, it's common for the menu to change dynamically. I have often clicked the wrong button when the menu changed just as I was about to click the button.

The most common issue I have is when I've enabled scripts globally and then go a script heavy page like cnn.com. The rapidly changing menu makes it difficult for me to click on the Forbid button. If the Allow/Forbid button was at the top, it wouldn't change position as the menu changed and I could more easily hit the Forbid button.

[barbaz]

viewtopic.php?f=8&t=20480 is a RFE for the order of the NoScript menu to be customizable.

But first off, why do you need to click that menu item so much? That suggests you're maybe not using NoScript in the most optimal way for what you actually want...

[warrenn]

Usually I have Forbid selected, but I sometimes enable all scripts when I'm going to new, trusted sites and don't want to have their scripts added to the temporary or permanent trusted list. Or sometimes temporarily enabling all on the page will cause new scripts that also have to be enabled and so on. In cases like that I'll do the global allow/forbid selection. It'd be nice if that toggle was at the top so it was in a more consistent place.

[barbaz]

I sometimes enable all scripts when I'm going to new, trusted sites and don't want to have their scripts added to the temporary or permanent trusted list.

This statement makes no sense. NoScript is a security tool; from a security standpoint, either you trust the site or you don't... there is no "I trust this site BUT [...]" because on the Internet, an attacker only needs one chance to do whatever evil they want to do and that would be that.

Why do you not want having site(s) Temporarily Allowed in these cases?

Or sometimes temporarily enabling all on the page will cause new scripts that also have to be enabled and so on. In cases like that I'll do the global allow/forbid selection.

Have you considered cascading permissions mode for these cases? It's somewhat safer - it's equivalent to Allow Scripts Globally only on the domain you're visiting and Temporarily Allowing, while keeping scripts forbidden elsewhere.
NoScript Options > Advanced > Trusted, check Cascade top document's permissions...

[warrenn]

I sometimes enable all scripts when I'm going to new, trusted sites and don't want to have their scripts added to the temporary or permanent trusted list.

This statement makes no sense. NoScript is a security tool; from a security standpoint, either you trust the site or you don't... there is no "I trust this site BUT [...]" because on the Internet, an attacker only needs one chance to do whatever evil they want to do and that would be that.

Why do you not want having site(s) Temporarily Allowed in these cases?

I run my browser in a sandbox environment so the security risk is limited. I primarily use NoScript to speed up sites and to prevent ads/autoplay video/flash/etc. So although it's primary use may be for security, there are other benefits as well. For example, I much prefer going to sites like cnn and yahoo with all scripts disabled since they have so many dynamically loaded components. It's not that I think they are a security risk, rather it's that their scripts slow things down and present things I prefer to suppress.

And because my browser is in a sandboxed environment, NoScript changes aren't permanent for me. When I close the browser, all changes are lost when the sandbox is removed. I set NoScript permissions in the unsandboxed browser if I want them to be permanent, but I'm not going to to that for every random site I come across.

But regardless of how I'm using NoScript, having the forbid/allow toggle in a static location at the top would make it more convenient rather than at a dynamic position in the menu. I could somewhat understand not wanting to have Allow at the top so it's a little harder to find so that users will be less likely to use it. But Forbid should be at the top so that users can easily turn it off if they need. With Forbid being a the bottom of a dynamically changing menu, it can be difficult to select it when going to a site with lots of scripts. The Forbid keeps moving lower and it's easy to mistakenly click a different entry since the menu is changing underneath the mouse pointer. I know I've accidentally clicked a choice like "Allow randomwebsite.com" because the Forbid button moved down just as I was clicking.

[barbaz]

I primarily use NoScript to speed up sites and to prevent ads/autoplay video/flash/etc. So although it's primary use may be for security, there are other benefits as well. For example, I much prefer going to sites like cnn and yahoo with all scripts disabled since they have so many dynamically loaded components. It's not that I think they are a security risk, rather it's that their scripts slow things down and present things I prefer to suppress.

And because my browser is in a sandboxed environment, NoScript changes aren't permanent for me. When I close the browser, all changes are lost when the sandbox is removed. I set NoScript permissions in the unsandboxed browser if I want them to be permanent, but I'm not going to to that for every random site I come across.

Yeah, this isn't NoScript's intended use case at all - you're using NS for one of its beneficial side-effects.
Knowing this, here are some recommendations for you FWIW:
- turn on Cascading Permissions Mode (you can still Mark sites as Untrusted to script-block them even if a top-level site's permission would otherwise cascade to them)
- NoScript Options > Embeddings, check "Apply these restrictions to whitelisted sites too" if you haven't already
- limit NoScript's auto-reloading to the current tab

I'd also suggest you install µMatrix to your browser if you haven't already got that or a similar addon.

But regardless of how I'm using NoScript, having the forbid/allow toggle in a static location at the top would make it more convenient rather than at a dynamic position in the menu. I could somewhat understand not wanting to have Allow at the top so it's a little harder to find so that users will be less likely to use it. But Forbid should be at the top so that users can easily turn it off if they need.

The menu isn't currently ordered "top down", but from the position of the NS icon outward. I do think the menu order should be customizable (see the RFE I linked above). Although with the suggestion in that thread, the Allow/Forbid Scripts Globally menu item wouldn't be the very top in your settings, but at least it wouldn't be such a dynamic position.

Also, Allow Scripts Globally and Forbid Scripts Globally are currently the same menu item, just changing based on that setting, so it'd be confusing and impractical to put Allow Scripts Globally and Forbid Scripts Globally in different positions in the menu.

With Forbid being a the bottom of a dynamically changing menu, it can be difficult to select it when going to a site with lots of scripts. The Forbid keeps moving lower and it's easy to mistakenly click a different entry since the menu is changing underneath the mouse pointer. I know I've accidentally clicked a choice like "Allow randomwebsite.com" because the Forbid button moved down just as I was clicking.

Again, it's not part of intended use of NS to be so often clicking menu items as a site is loading...