How do I enable javascript if there is no option to enable javascript - follow-up
I have read the solution on about:config solution in the original post, but when I when there, I found Java is already enabled - the default configuration.
I am running Noscript, yet I am prompted on virtually every page, to allow or forbid scripting for that page. How am I to know whether any particular site has malicious scripts on it? First, I cannot see the scripts, secondly I don't understand or know what the scripts actually DO, and thirdly, I'm not a coder so the whole field is out of my depth (i.e. deciding whether or not a script is "malicious").
One other thing: there are prompts to allow several sites, but how does a user know if any of them is safe or malicious? Any site could be hacked...including YOURS.
One more thing: when I tried to submit this question, I received an "ACCESS DENIED" error and when I returned to my question page, all my typing had been erased. I have had to retype everything. It seems I did not allow google analytics to submit, but why should this be necessary??
I like being protected from myself, but how do I know "MYSELF" is a danger, when Java is enabled by default, in reality every user is exposed to dangers by default.
All Replies (7)
should read: "when I went there..."
hello, if noscript is too complicated, use an addon like quickjava instead which will add toolbar buttons to quickly enable/disable javascript and other stuff: https://addons.mozilla.org/firefox/addon/quickjava/
Thank you for your prompt reply! And the link to quickjava. I will try it.
However, it does not solve the issue of how I determine which sites to allow or block.
Also, if Java is enabled, it implies that Noscript doesn't DISABLE it...I don't understand this. However Noscript is obviously working from the number of discrete pages I have to allow.
I assume I will have the same confusion with quickjava - what to allow of forbid.
Yes, I understand now. I was using shorthand, because I'm a hunt-&-peck type of guy..
Have you tried using the NoScript forum for help with their extension?
http://forums.informaction.com/viewforum.php?f=3
Well, you have me confused as to what you want to block or allow. NoScript is primarily used to disabled Javascript for all domains except for those that you specifically allow, but NoScript can also be used to Forbid Java from running automatically.
NoScript - Options > Embeddings -> Additional restrictions for untrusted websites could be used to Forbid Java and other plugins, one plugin at a time.
Overall, NoScript is a pain in the arse to set up and use until you visit all your commonly viewed websites. And then every time you go to a new website you need to set Temporary or Permanent exceptions domain by domain. The way I see it, you either put in the time to set it up website by website, or you use Allow Scripts Globally! (Dangerous), which the developer of NoScript frowns upon. There's no one correct answer, IMO. But with "Global" selected, at least you would still have the "Advanced" features provided in NoScipt, like blocking of Plugins, Trusted / Untrusted Websites permissions, XSS (cross-site scripting protection), ABE (Application Boundaries Enforcer), and External Filters allowance. Overall, NoScript in itself is more complicated than that whole of Firefox in many ways, (IMO).
Using an extension such as Quick Java and the JS (JavaScript) button allows you to turn off Javascript and then turn it on again when you get to a website that you "trust". Problem with that (IMO) is that there is no fine-grain control; you either allow all Javascript to run or you block it all! And most websites that have been updated in the last 4 or 5 years just don't work completely with Javascript turned off entirely, or important features just won't work.
Bottom line is:
1. Don't use either extension, and hope that your anti-virus application does what it is supposed to do.
2. Use a "toggle" button (provided in QuickJava and a few other extensions) to turn Javascript on / off as you feel is needed.
3a. Use NoScript as intended, and "put in the time" for maximum protection that NoScript provides.
3b. Use NoScript with Javascript Globally Allowed, and hope you are "lucky".
Personally I use a combination of 3a and 3b in different Profiles. One Profile for "safe" websites that I visit on a regular basis, and a 2nd Profile that I use for websites where I may have hand problems in the past, or websites that I don't 'frequent'.
I don't think you can tell for sure whether a site's scripts are "safe" without studying them in detail, which is not very practical. You generally have to make a quick judgment from looking at the site and if appropriate researching it on your favorite search engine. You may also need to allow some of the scripts the site pulls in from other servers, depending on the page design. I think of NoScript as a tool to reduce surprises and annoyances, rather than a failsafe.