Developer reply by Jason Barnabe
Rated 3 out of 5 stars
@RYAN2779
You said:
"YesScript is so much better than NoScript, and so under appreciated. It makes NO SENSE to block all websites from using JavaScript and to have to manually allow each and every address. It got so bad with NoScript that almost every new website I visited, I was temporarily allowing scripts, which can be dangerous."
Some of us disagree - sure I still have to enable some scripts now and then and sometimes even disable them (one IT-blogsite was so heavily scripted that my 1,8Ghz processor was not up to it) but it's not that often and I never had to do too much of it. My biggest reason was not paranoia (I trust that Linux I use is hard enough to exploit badly if someone comes up with a way and that this and low share on desktops make pretty sure that script-kiddies have almost so little interest to spoil my day via XHTML+EcmaScript) even though I do very much like to secure my system where ever I can and exploits via websites have become known on all types of operating systems and browsers long before the thing we call JavaScript had evolved to what it is today (a dangerous tool - if used in exploit - as in powerful script language running in users browser)..
And you go overboard when you say that it was dangerous when you so often temporarily allowed scripts on whole site - well, I still say that mostly even simply keeping scripting on is quite safe - I know NoScript warns that it's dangerous and I can't argue as this is really matter of how we individually define what is danger and levels, etc. of it. What you used anyway was "temporarily allow", this YesScript - a good piece of work most certainly - just turns all on or all off.
So it's either "very dangerous" as you say or no scripts at all - at least with NoScript you can just set the plugin to something you would more likely prefer. NoScript->Options and first leaf, "General" and choose the very first (non-recommended if you are paranoid) option "Temporarily allow top-level sites by default" and of the three options defining what by is the site recognized I chose first: "Full address" - I was just testing, this mode was not for me but this way new sites are by default allowed to run scripts. Naturally if they use, for example, ad-scripts from other server and it has been (with good reason) banned then not all scripts on page naturally work - but you can choose not to ban sites lightly and you can unban them too.
For you NoScript set up like this could be a boosted up YesScript though. Sites allowed by default (but that is not written anywhere: temporarily allowed). Now you can "Revoke temporary permissions" (in noscript menu this is site-specific) and it is like in YesScript turning scripts off. Again select "Temporarily allow all this site" and you have turned scripts on again.
SO HOW IS THIS *BETTER*?
So far I only explained how NoScript can be made do just what YesScript - it might be not as pretty for that as one simple icon (I suppose it uses icon) but it's quite well designed. Also one day you bump into zdnet.com blog site of demons, you'd like to read but blocking all scripts will make the site fail and allowing them all will make it crowl. Riiiighhttt.... But you still have, always had, the option to block sites and allow previously denied sites hosting scripts - if we were living days when JavaScript was kept on the site it was used, rarely a document linked to use many different javascript files, in fact mostly provided simply inline within the html file NoScript would have almost nothing to offer over YesScript and only marginally small amount of people would bother with it.
But cross-site scripting is today and there are sites where you might want, you might *need* to block scripts to be able to use the site - yet stopping all scripts altogether will render some of these sites unusable too.
P.S. I am exaggarating but it's not untrue what I have murmured here ;) YesScript is a fine tool but what I wanted was to try prove wrong the bad image your words (I think) were giving to NoScript and point that, used correctly, it can be just as easy as YesScript but with twist for if you suddenly wan't site-specific script-blockings.
I think YesScript *is* great. But if I must compare I would say that YesScript is to NoScript what Lola is to FireBug :o I really think so.
More quote:
"The worst thing is it would only show part of the web page and sometimes hang on loading others. I only need it to block scripts on a few websites, not the entire Internet. The only thing missing is custom website blacklist, that would make this add-on PERFECT. Thanks."
Code is easy - I would propably prefer to start from NoScript source but why not take YesScript, modify it and offer your patch to the author. And if he don't accept it in his add-on you can always fork the project and release your enhanced version with slightly different name. It's just simple javascript and there is literally loads of example code to see around here....
Or... Was this plugin released under open source license?
YesScript is licensed under GPL3. Patches are welcome.
To create your own collections, you must have a Mozilla Add-ons account.