When?

FUD

not even trolling:
adblockplus.org/blog/attention-noscript-users
hackademix.net/2009/05/04/dear-adblock-plus-and-noscript-users-dear-mozilla-community/

the latter link is Giorgio's blog

Dear fucking God, 8 years later there are still Palant shills shilling the "shady past". For real.
shoo shoo ABP shill, no one cares about your product any more

NoScript will not be ready in the near future (next few days).

However, ff it was released nevertheless, then it would be servely limited in its capabilities.

It will not deactive/shut off JS as it used, it will only block it (just like uBlock and uMatrix).

This is a very different thing. For example: pages with blocked JS do not render -elements. Pages with JS turned off do.

The APIs needed are still missing.

Mark my words.

what about
addons.mozilla.org/en-US/firefox/addon/javascript-control/
does it block or off?

>addons.mozilla.org/en-US/firefox/addon/javascript-control/
Blocks, like every WebExtension based addon.

The API is simply missing. WebExtensions (at this point) cannot disable JS.

NoScript CANNOT be released at this point in time.

>Blocks, like every WebExtension based addon.
is this bad? security wise?

IMO for security it should not matter.

But you do not need another addon for this, you can use uMatrix or uBlock. They do exactly the same thing.

You can use uMatrix and block all scripts or uBlock and block inline-scripts, 1st-party and 3rd-party. You can apply these rules to all domains -> there is your noscript.

However, this will make you run into problems and you problem will not get it, why you run into these problems. If you are a NoScript user (or any other legacy addon that actually disabled JS) then you are used to everything you get via -elements. You just don't know it.

>what keeps happening that is so unexpected
he hasn't started yet, topkek

THAT SPAGHETTI LIED TO US

>It will not deactive/shut off JS as it used, it will only block it (just like uBlock and uMatrix).
>This is a very different thing. For example: pages with blocked JS do not render -elements. Pages with JS turned off do

What's the threat here -- that tracking/exploit code could be inside a tag? I dont't think that's been a thing ever.

I fail to see why blocking alone is considered so inferior. Please enlighten me

>inb4 something about how the JS takes up CPU cycles that don't amount to anything

The threat is that pages break completely because they don't know you disabled scripts.

I don't think many sites utilize these days, and if they do it's just a blank page with a message saying "this site requires javascript"

If I block scripts with uMatrix and visit a new site, it will undoubtedly be extremely broken. imo this is a sign that the site requires javascript, which serves the same purpose as a message

There is no threat.

See this There may not have been an exploit yet, but it sure helps fingerprinting: You can have people without JS, with JS blocked and with JS running instead of simply JSoff/JSon.

Also many sites rely on -tags if you turned JS off. You may not notice them (as they have no native look).

Even Google uses them to redirect you to a page that works without JS.

Also, JS is a major killer for everyone who uses any sort of accessebility features. These people, whether they are just old or maybe because they are handicapped, got totally by Mozilla (an organisation that claims to create a free web for everyone...)

Nope, many sites use as an appropriate to deliver their content to users without JS.

Therefore, blocking EVERYTHING with either uBlock or uMatrix is totally different from what NoScript did in the past. NoScript never blocked images or css. NoScript turned JS off.

Even chromium is more user friendly in this regard: You can disable JS on the settings page and then enable it on each site (if you want). This is exactly what NoScript did. FF pseudo SJW (as explained) should have just implemented it this way (as they implement almost every other feature of chromium in the same way...)

There probably is no security threat. This is true.

>Nope, many sites use as an appropriate to deliver their content to users without JS.

Agree to disagree. I've been running "Block all scripts" mode with uBO/uMatrix for a long time now and have probably seen (seriously) only a handful of sites that deliver a secondary, javascript-free experience without any page breaking. We probably just visit different sites.

Anyways, I can tell you're pretty entrenched on your NoScript loyalty, so again we'll just agree to disagree.

Well it is the eternal problem of security vs privacy, you will be 1000x times more unique the moment you block/disable JS so if privacy is a concern there is a tradeoff when it comes to privacy if you want to be more secure on the clearnet.

You got me on the different pages stuff. But really, I am not even close to NoScript.

I used a self written fork of "JS blacklist" (or whatever it was called) that was actually the opposite: a JS whitelist. It was kind of like NoScript with way less features (I did not need the NoScript features as I always use uBlock0).

But I do need a simple way to really disable/enable JS as I work with lots of people with accessibility needs. Going to about:config everytime is no option. Therefore I looked up the WebExtension API and realized: There is no way to write NoScript at this point in time. Only if it only blocks JS (or maybe if there is a hidden, NoScript specifc API or maybe if NoScript gets a legacy exception).

But, yeah, you are right. The web without JS at this point in time is already so broken... (which is a shame, because it really is not needed in MOST cases!)

Actually, there may only be 3ish or something % of all desktop internet useres that completly disable JS. In numbers these are million. You are not at all unique that way. Also, as several API used for fingerprinting get blocked this way, almost everybody who disabled JS looked the same (in the past). Now, there is one more difference among those people: Blocking vs. turning off. This is bad and Mozilla should feel bad about allowing this. They could have easily prevented this situation.

Also, would there be any disadvantage for you (as a JS blocker) if was part of the DOM? Serious question.

>Therefore I looked up the WebExtension API and realized: There is no way to write NoScript at this point in time

Hopefully Mozilla will add it in the future. Their API is still young and a work in progress. Example AFAIK you still can't clear localStorage with an addon, although it's on Mozilla's "to do" list in a bug tracker. There's lots of stuff like that which hasn't been implemented yet, but is on the radar.

I almost forget about localStorage...

I totally get why they wanted to get rid off the old addon API. But it sure as hell was not the right way to do it like this. There are so many things missing.

IMO the whole concept is flawed: WebExtensions are way to page-centric. E.g. treeStyleTabs has to deal with an API that was written to insert JS in specifc webpages. That is just plain stupid.

> I've been running "Block all scripts" mode with uBO/uMatrix for a long time now and have probably seen (seriously) only a handful of sites that deliver a secondary, javascript-free experience without any page breaking

Isn't that what he was saying though? uBO / uMatrix with all scripts blocked do not do the same thing NoScript does. Thus when using them, you will always have broken sites and you then have to allow certain scripts for them to work again whereis with NoScript, even if you didn't allow any sites, they were often times still usable.

Your wording is excellent, I could not have explained it myself this way.

How do people with uBO or uMatrix handle sites where you aren't exactly sure if they are 100% trustworthy? Unless you allow 1st party scripts and inline scripts, the sites are always broken. With NoScript you could go to filehoster sites, search for shit and get the download urls no problem without having to allow anything on the site itself. How do you do that with uBlock or uMatrix? If you allow inline scripts and 1st party scripts just to get the site to display correctly and the site happens to have some malicious shit in those, aren't you already fucked?

I'm using it on ESR 52.5.0 but if I look for it in "search all available addons" it doesn't come up. guess they must of took it out in one of the most recent updates.You might be able to download the Version 1.0.1b2 of it here addons.mozilla.org/en-US/firefox/addon/umatrix/versions/beta

This can't be right. Giorgio has been working on the port for months and his last update post was 2 days ago, saying it is almost done. Why would he have so much problems now in the final phase if he was just turning it into a blocker? Also, wouldn't he basically have to do all this work again and completely rewrite everything once more once the APIs for shutting off Javascript are made available?

I've switched to uMatrix

It took me a few minutes to figure out how to make it behave like NoScript but I'm liking it so far

I really don't know. All I can tell you is that there is no API in the offical Mozilla docs (developer.mozilla.org/en-US/Add-ons/WebExtensions) that would allow turning JS off. You can only block it via CSP (google!) and this is what he has done in his hybrid-webextension.

Maybe there is an API that is hidden and therefore only he knows about or maybe he gets a "legacy exception".

But there simply is no API (published) that would allow an extension to disable JS for a domain, site or the whole browser or via changing the about:config setting.

So how does uMatrix do it?

>You can only block it via CSP (google!) and this is what he has done in his hybrid-webextension.

Well, doesn't that work just fine then? Everyone has been using the webextension hybrid NoScript version for a while now before FF 57. If the full Webextension version does the same thing, I don't see the problem.

blog.mozilla.org/addons/2017/08/01/noscripts-migration-to-webextensions-apis/

They are using CSP same as ublock/umatrix.

Please, read the thread. Disabled JS is not the same as blocked JS.

>webextension hybrid NoScript version
The purpose of the hybrid was to migrate settings. Actually, I don't know why he included the script-src:"none" thing. Maybe it was nothing but a test.

Poorfags like you are not our main target audience anyway

But the hybrid-webextension version of NoScript didn't work the same as uBlock/uMatrix. Up until the very day of the FF57 update, I had no trouble accessing sites that were completely blocked in Noscript, whereis these same sites are completely broken in uBlock unless I allow inline and first party scripts. So whatever the Noscript webextension-hybrid was doing was working in that it allowed you to access the no-javascript version of a site instead of breaking it.

This is true. I don't know where I read it, but I am also very sure that he is aware of the issue because I somehow remember him writing about injecting the addon before the DOM tree is finished (which is needed for support but not possible with WebExtensions)

Yes, because it contained A LOT of old code. The majority was in the legacy part of the addon.

Hybrid version is still XUL at heart, it works on pale moon etc,

look thru bugzilla and noscript's release notes i guess

Wait, so is it a matter of old noscript functionality not being possible at all in webextensions or it's not possible right now because the needed APIs are not published yet? Mozilla DID say they are going to release new APIs over the course of the next months.

i wonder how tor feels about this

now :D

>use umatrix
kek, people actually do this

>v 10.1.1rc99
>=============================================================
>+ First pure WebExtension release
>+ CSP-based first-party script script blocking
>+ Active content blocking with DEFAULT, TRUSTED, UNTRUSTED and CUSTOM (per site) presets
>+ Extremely responsive XSS filter leveraging the asynchronous webRequest API
>+ On-the-fly cross-site requests whitelisting
addons.mozilla.org/en-GB/firefox/addon/noscript/

Is there a point to using both Ublock Origin and Noscript now?

IMO as I said in it is not possible to get the exact same functionality

proves this because
>+ CSP-based first-party script script blocking

NO use uBlock0.
Block all inline-scripts, first-party and third-party on all domains.
in my rules add these:

* * 1p-script block
* * 3p-script block
* * inline-script block

NoScript has lost its purpose.

Let me illustrate this by an example.

Before NoScript 10 (or any other addon that disabled JS) the page enable-javascript.com/ would have shown you a red box that said something like "Please enable JS".

Now, with the new "blocking" NoScript 10, this does not happen whenever you block JS.

However, there will be a green box if JS not blocked.

This is important for the whole functionality of the web as explained in this thread. Even if someone thinks that the modern web should not be used without JS at all, this is simply annoying because there used to be a standard that was fully working and accepted and many people relied on this standard.

>would have shown you a red box that said something like "Please enable JS".
but this sucks
right now with js-control the page is readable but im comfy with disabled js because safe

>use umatrix
umatrix does some of the things that noscript does, but not all. It is not a replacement.

Actually, this used to be true. But it is not at all true anymore. The new NoScript 10 uses the same crippled API as uMatrix and uBlock. uMatrix and uBlock can already do the exact same stuff that NoScript does now. See and I was proven right... Yes, he would need to change stuff (not much probably). However, I think Mozilla (because they don't give a shit) will not release any new API soon and therefore NoScript will continue to be another blocker.

>umatrix does some of the things that noscript does, but not all
not anymore lel

>not anymore
All the more reason to stick with ESR or similar.

The new interface looks like trash. Overlapping text, pointless scroll bars, half English and half local language setting. Maybe the English version is not broken like this, but still: What was wrong with the old interface that gave you a clean list of clickable text entries that worked well with any language setting and was completely self explanatory at the first glance? This feels like a step back.

I would very much like to jump ship to Palemoon, Waterfox, FF ESR or Seamonkey. They are all really good in their own ways.

Admittedly, they will not survive Mozilla fuck up.
The Palemoon team is too small to maintain a browser. Let alone the Waterfox guy. The cannot maintain XUL after Mozilla has left. It will be impossible. Same for Seamonkey.

FF ESR will only recieve updates until */2018, won't it?

At this point, users have lost. Organisations have taken the full power over the web. The last stronghold of the free web has fallen.

Oh boy, this looks like complete garbage.

I was hoping for something better, but I am not surprised at all. It is a fucking WebExtension after all. Of course it does not have a good interface, how could it? There is no native look anymore.

I don't think the point is to find a solution that will last forever, it's just to have a reasonable solution until something better pops up.

Waterfox/Palemoon/ESR won't last, but I think there will be something alright that pops up before they all die.

Hopefully. But where should this solution come from? I have no reason to assume that one is already on its way.

At this point, I am considering

1) chromium with JS disabled and using the browsers native security settings thing to allow JS on certain pages only

or

2) FF ESR 52 until next year.

This way I could keep DTA a bit longer.

The only extensions I use are my personal JS whitelist, DTA, uBlock/uMatrix, Decentraleyes, Disable Ctrl-Q Shortcut and Brief.

With FF 57 DTA, Disable Ctrl-Q, Brief and EVERY JS deactivating (as opposed to blocking) addon will not work.

Brief may have a replacement.
DTAlite will be severely limited (just like NoScript).

IT'S FINALLY HERE
BASED MA1
(only 24hrs past the self-declared deadline)

>FF ESR will only recieve updates until */2018, won't it?
mozilla.org/en-US/firefox/organizations/faq/

ok. March 2018. You know, I was talking about the old, compatible ESR, not the Quantum based one that will suck as much as Quantum.

.... oh wait, it's currently shit
it's nowhere near the previous version
I've read in the blog that it will reach the old functionality when TBB will be based on a Quantum-ESR browser in 2018, right?
If it's so, I'm going to downgrade noscript to noscript classic and keep firefox developer edition

Quantum doesn't suck, at all.

just use esr jeez

Palemoon has been around since 2009, and has already lasted way longer than I would have expected.

Waterfox has been around since 2011, and I don't see any reason to believe that it can't stay as strong enough for another 5-10 years.

I'm not too worried about not seeing a solution immediately.

not edgy enough

As far as I know the Palemoon guys have started working on a new browser that is beyond Mozilla's XUL. In the past (in the last year or so), they also considered reforking FF with a newer base because they could not keep up anymore...

Waterfox is also strongly tied to the FF codebase. The guy who maintains it will not be able to keep up. I am very sure. Basically until 57 he only needed to add patches. Now he needs to keep everything running. It will not be possible.

mmm, what a hell?
it's broken.
I guess I should give up, I don't even want sorozilla without noscript.

WHAT IN THE FUCK IS THIS SHIT? That's it, I'm switching to uMatrix.

Ok

NoScript + uBlock Origin (beginner mode) is enough?
Privacy Badger is irrelevant with NoScript?

Privacy Badger is irrelevant with uBlock Origin itself.

DON'T INSTALL UMATRIX BAD GOY

Even on beginner's mode?

Privacy Badger is irrelevant. But so it NoScript 10.
Read the thread and especially There is nothing it can do that uBlock Origin cannot.

have you donated? will you?

Yeah, what the fuck happened here? Noscript used to have an extensive options menu with loads of customization, and now all we get is this? Is this just temporary until more features get ported over from the old version or is this how it's going to be like forever?

Yes.

I prefer noscript interface for that.

Even though this new one still sucks

The dev said it himself, a lot of shit is missing because the way new extensions work is hilariously gimped. He plans to add everything back in as Mozilla gets off their ass and actually adds functionality.

>>There is nothing it can do that uBlock Origin cannot.
Currently this holds true, but this wasn't the case for NoScript classic. Hopefully Maone will slowly re-implement features.OTOH, ruling out 1p/3p/inline-scripts using uBlock Origin's interface whilst maintaining a default-deny approach is huge PITA.

>as Mozilla gets off their ass and actually adds functionality

But they won't.

By the way,
why the fuck development doesn't happen in public? It's not required to keep a github repo, he has different websites where he could pop up some gitlab/gogs and even accept contributions/patches (!)

damn I force to use old version of firefox

This, they do it on purpose, they don't want people to choose what to load, remember who we are dealing with, they probably get paid to screw us.
Damn this shit.

I know, I have already written this. Should have used a trip.

Agreed. This is on purpose.

>hurr durr umatrix
why do these braindead retards even join this thread?

NOW

Edge, here I go.

This is so sad.

I'm seriously considering giving up on the Internet and computers and becoming a normie.
Between companies fucking up things I rely on (like Mozilla), the spying, the security risks, and all the routine maintenance, there's just too much stress and stuff to actively care about.

I wonder if living in the woods or becoming an Amish would improve my quality of life.

>I wonder if living in the woods or becoming an Amish would improve my quality of life.
There's no need to go full Amish, but honestly most people don't give a flying fuck about these gory details and seem to live a comfy life

>Use inferior add on
>Call other people retarded