Glad i never used it, it always appeared fishy to me.

And not only because of the fact that 90% of its users had barely a idea what the extension was supposed to do other than magically deciding what bad and what good JS is.

NoScript blocks all JS by default. At least, that's what it does on my browser. The only pages that load JS here are the ones I have explicitely added to the whitelist. The rest gets no JS (or Flash or Java for that matter), unless I add it (most of the times this is temporary).

It claims it can detect XSS attacks but that's not the main reason I have it installed. I've used NoScript for the past 5 years or so. I've tried disabling it and running only with uBlock (AdBlockPlus previously), but the truth is that in my case it simply doesn't work. At any given time, I have 20+ tabs loaded (more than 100 just sitting there), and there's just way too much JavaScript cruft on most sites out there. NoScript is the middle ground between completely disabling JS and having Firefox consume too much RAM for no apparent reason. If a site requires more than 2-3 external sources of JS to display any useful information then I usually just close the tab (and then I yell at the kids playing on my lawn).

More on topic though, I'm not affected because I run on Linux, and uBlock catches the ad anyway. Has anyone notified the author that his site serves malware ?

good point. i did not.

also you are clearly part of the 10% that know why. most installations ive seen did not use the whitelist approach and assumedbit ships with a good blacklist.

btw: chrome unloads tabs. especially pinned ones seem to be WAY less ram heavy when unused. i dont know about firefox tho.

The scary part is that it is bundled with Tor browser!

The author really is shady. There are plenty of alternatives around.

Damn you are right, i forgot about that. Makes the whole situation a little more serious i guess. Gonna check if they already discussed this and otherwise file a report.

Edit:// Reported, if someone wants to add their 5c: https://trac.torproject.org/projects/tor/ticket/19280

Any good alternatives for NoScript?

If you just want to block javascript and you use Chrome, you can use the dev tools. Open dev tools, click the three-bullets menu icon, click settings, then in General click Disable Javascript. You don't get a whitelist, but it's something.

Actually you can whitelist. Right click the lock next to the url you want to whitelist, you'll see all KINDS of things to allow or block.

Usually, people suggest uMatrix. But it's a lot more than just NoScript and probably takes longer to make it work the way you want. In general, it gives you total control what your browser is doing.

uMatrix looks heavy duty but effective. I'd never heard of it before--it looks like it could replace my user-string randomizer extension as well as Noscript and uBlock, which makes it worth a strong look. I've already found some tutorials that make it look a little less intimidating. An upvote didn't seem like enough of a thank you for posting.

uMatrix is amazing, but does takes more time to set up. It pays off though - page load times and page sizes are on average ~50% less.

ScriptSafe for Chrome. DisConnect or Ghostery maybe? Not quite the same, but they do break web pages just as well as NoScript. :)

I'm hoping someone else posts some reasonably user-friendly alternatives. Adblockers can be manageable for technically less-savvy users, but I'd never have considered putting NoScript or even Disconnect on my parents' computers for fear of how often I'd get help desk calls from them.

For what most people use NoScript a simple uBlock should already do the job.