JavaScript - NoScript extension (Was: Questions on Security)

Amedee Van Gasse (ub) amedee-ubuntu at
Fri Jun 4 07:41:21 UTC 2010

On Fri, June 4, 2010 03:38, Hal Burgiss wrote:
> On Thu, Jun 3, 2010 at 6:03 PM, Nathan Bahn <nathan.bahn at>
> wrote:
>> Attention all--
>> I have read (at least, insofar as Windows operating systems are
>> concerned) that Java Script should be disabled on web browsers whenever
>> possible because of drive-by infections from infected websites.  Does
>> this also apply to Linux?


> But there are certainly plenty of other ways javascript is capable of
> causing trouble, such as cookie theft.
> I think you'll find most modern website have some javascript so disabling
> it, might have be done pretty selectively.

For Firefox on Linux as well as Windows I strongly recommend the NoScript
plugin. It blocks all JavaScript on a web page, and lets you turn it back
on again per page or domain.

It can be a bit of a nuisance for casual browsing, but if you have a fixed
set of websites that you visit almost every day, then you can allow
JavaScript on those sites. It's very easy.

Sometimes you visit a website with JavaScript that commes from other
websites, like banner ads. If you only allow JavaScript from the site
itself, not from the third-party sites, then you will have a much cleaner
and faster browsing experience. Especially if combined with the AdBlock
Plus extension.
Too bad for websites that rely on those banners for their income: they
should just switch to JavaScript-free banners. It is my firm belief that
any useful website SHOULD render in a reasonable way without JavaScript or
CSS. This also matters for people with visual impairment if I'm not

Some people allow all JavaScript with NoScript, but rely on its cross-site
vulnerability blocking. I don't know how that works, I never configure it
that way. But it seems to be interesting for people who don't want to
allow JavaScript on every site they visit.


More information about the ubuntu-users mailing list