Question
Giorgio Maone, the developer behind the popular Firefox security add-on NoScript, released NoScript 10, the first "pure" WebExtensions version today.
NoScript 10 did not make it in time for the release of Firefox 57, the first version of the web browser that supports only WebExtensions and no longer the legacy add-on system of Firefox 56 and earlier versions.
But, the extension that is compatible with Firefox 57 and newer is out now, and users can finally install it on their devices if they have updated their systems to that version of the browser already.
Note: It won't work on Android right now, and does not work in private browsing mode either.
Giorgio released a hybrid extension of NoScript earlier this year. The main purpose of hybrid extensions was to make the migration from the legacy add-on system to the WebExtensions system as smooth as possible.
Existing NoScript users will have their settings and preferences migrated to the new version; that is good news as you don't have to configure the new version of NoScript after the update to version 10. It is still recommended to go through the preferences once to make sure they are set correctly, and to make adjustments as you see fit.
NoScript 10 is a work in progress. While it is released as a WebExtension so that it can be installed in Firefox 57 and newer versions of the web browser, it is not a complete one-to-one copy of the legacy add-on.
The main reason why that is not the case yet is that APIs are still not available that NoScript requires for some of its functionality.
NoScript 10 supports content blocking and XSS protection just like its legacy counterpart. Some parts come with improved performance thanks to the new WebExtension APIs, others still need to be implemented before they become available in NoScript 10.
The interface looks different to the previous interface, and the options lack most settings right now as well. If you open the options of NoScript 10 right now, you get only a few of them.
You can whitelist or blacklist addresses, allow scripts globally, or clear the XSS whitelist. That's about it. Features such as ClearClick or ABE are missing right now.
NoScript ships with a list of whitelisted (trusted) domains. You cannot remove these anymore, but you can change the state of them. So, setting them all to default will do the trick but it would obviously be better if you could just throw these out instead.
Read more: NoScript 10 WebExtension is out - gHacks Tech News
