InformAction Forums

Hello. I have created an account her to ask this one question. When you remove No script it asks if you want to disable script blocking. I want to know, what is and is not being protected if you disable script blocking? What will change when it is disabled? Will I still have XSS, clickjacking, and CSRF protection? Please be specific and detailed as possible as it helps me better understand this process. Thank you for your help.

I think that disabling script blocking from that warning is equivalent to going NoScript menu > Allow Scripts Globally (dangerous)
So the only change is that sites are default-allowed, not default-denied

Thanks for your response, but you didn't answer my other questions. You said "the only change is that sites are default-allowed, not default-denied". I want to know if I am still getting XSS, CSRF, and clickjacking protection even if it is disabled and how it is protecting those areas if script blocking is disabled?

If you didn't turn those protections off manually you still have them. They are separate from script blocking (but XSS protection is stricter from non-allowed site to allowed site than between two allowed sites) and are designed to work regardless the script enabled state of the page.

Thank you. That answer my questions. I am glad it is like this because I find the script blocking to be an annoyance.