My reason for installing NoScript was for the Anti-XSS protection, ClearClick, etc.
For this reason I have allowed scripts globally. After reading 4.1 of the FAQs, it reads like I am not actually being protected against XSS attacks.
What of the mitigations are not functional or only partly functional when scripts are globally allowed?
Am I benefiting from Anti-XSS protection?
Am I benefiting from Anti-XSS protection?
Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:9.0) Gecko/20111220 Firefox/9.0
Re: Am I benefiting from Anti-XSS protection?
None. NoScript's XSS and ClearClick protection function independently of script permissions.anitac wrote:My reason for installing NoScript was for the Anti-XSS protection, ClearClick, etc.
For this reason I have allowed scripts globally. After reading 4.1 of the FAQs, it reads like I am not actually being protected against XSS attacks.
What of the mitigations are not functional or only partly functional when scripts are globally allowed?
Even if you choose to allow all scripting globally, NoScript uses different mechanisms to check for hidden elements (Clickjacking/ClearClick protection);
and for XSS, NoScript determines that some portion of goodsite.com's scripting has actually been injected by evilsite.com, as opposed to allowing evilsite.com in the menu as a third party.
That's a gross over-simplification, but I hope it suffices to reassure you that even if you choose not to avail yourself of the valuable script permissions feature, the others that you mentioned, as well as ABE, Force HTTPS, etc., will still work.
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.25) Gecko/20111212 Firefox/3.6.25