NoScript is a free, open source, extension for Mozilla Firefox, Flock, SeaMonkey, and other Mozilla based browsers. NoScript allows JavaScript, Java, Flash and other plugins and scripted content to be executed only by web sites that the user permits. NoScript's preemptive script blocking approach and its frequent updates give it a reputation for safety.


Security and usage

Operating NoScript is relatively simple. After installation, JavaScript, Java, Flash, Silverlight and other executable contents are blocked by default in Firefox. This content can later be allowed to execute when given explicit permission by the user, rather than doing so by default. This whitelist based, preemptive blocking approach helps to prevent exploitation of security vulnerabilities.

NoScript takes the form of a toolbar in Firefox. It will display every site whose content is being both blocked and allowed for the current page being viewed, with options to either allow the blocked content or forbid the allowed content. Additional options can also be modified through this toolbar.

Site matching and whitelisting

For each site, the exact address, exact domain, or parent domain can be allowed, and subsequently, its content will be executed. By enabling a domain, (e.g., all its subdomains are implicitly enabled (e.g., and so on) with every possible protocol (e.g. http and https). By enabling an address (protocol://host, e.g., its subdirectories are enabled (e.g. and, but not its domain ancestors nor its siblings. Therefore, and will not be automatically enabled.

Untrusted blacklist

Sites can also be blacklisted with NoScript. Blacklisting a site not only blocks it from executing scripted content, but also removes the option of allowing it to execute said content, unless it is removed from the blacklist.

Anti-XSS protection

NoScript's XSS notification and its menu features unique Anti-XSS counter-measures, even against XSS Type 1 attacks targeted to whitelisted sites. Whenever a non-trusted site tries to inject JavaScript code inside a trusted (whitelisted and JavaScript enabled) site, NoScript filters the malicious request neutralizing its dangerous load. By default, Anti-XSS protection filters all requests from untrusted origins to trusted destinations, considering trusted either "Allow"ed or "Temporary allow"ed sites. Furthermore, since version NoScript also checks requests started from whitelisted origins for specific suspicious URL patterns landing on other trusted sites: if a potential XSS attack is detected, even if coming from a trusted source, filters are promptly triggered.


NoScript is very popular, often topping Mozilla's most popular extension list

NoScript has also received numerous awards and recommendations, and is often recommended by the media. It has received critical acclaim, winning a PC world 2006 world class award.


NoScript is sometimes viewed as overkill, unnecessary, and tedious.

Since NoScript's default behavior is to block all scripts that are not whitelisted, this may prevent a large number of sites from working correctly due to their reliance on JavaScript technologies such as AJAX. However, this is mitigated by allowing users to temporarily or permanently enable scripting for individual domains.


External links

Search another word or see NoScripton Dictionary | Thesaurus |Spanish
Copyright © 2015, LLC. All rights reserved.
  • Please Login or Sign Up to use the Recent Searches feature