Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Browsers
Brave
Using NoScript for fun, just to see how ridiculous effective the Brave shields are (for add blocking and limiting third-party exposure)
Message
<blockquote data-quote="ForgottenSeer 107474" data-source="post: 1083110"><p>Yes, you got that right, NoScript it is only used for showing me how good Brave Shields are <img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite109" alt=":)" title="Smile :)" loading="lazy" data-shortname=":)" /> .</p><p></p><p>In daily practise the unselected options in NoScript DEFAULT settings (for 3P) probably don't block anything. I disabled them solely out of good hardening practise:</p><p>- OBJECT are obsolete plugins like flash or pdf</p><p>- WEBGL (mostly used for gaming, has its problems, that is why it is often disabled in Firefox advanced profiles, chromium browsers have its successor WebGPU build-in)</p><p>- PING (mostly used for tracking, so most people are better without it)</p><p>- UNRESTRICTED CSS (has its problems, remember the advanced CSS vulnability bypass in uBlockOrigin, most websites using third-party CSS will still work with unrestricted CSS disabled)</p><p>- LAN, Brave has an option to block access to host, Chromium browsers also have a flag to block insecure private IP requests, disabling LAN acces <a href="https://nlnet.nl/project/NoScriptABE-Quantum/" target="_blank">(link)</a> adds some additional protection</p><p>- OTHER are seldomly used as third-party for home use and consumer applications</p><p></p><p>Thanks good tip: <img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite130" alt="(y)" title="Thumbs up (y)" loading="lazy" data-shortname="(y)" /> I always enable XSS-protection in NoScript. Although CSP reduces XSS risks <a href="https://portswigger.net/web-security/cross-site-scripting" target="_blank">(link)</a>, enabling this NoScript XSS-filtter seems to raise the bar for malware writers <a href="https://portswigger.net/research/noscript-xss-filter-bypass" target="_blank">(link)</a>, but filters and interceptors have a limited use against XSS vulnabilities created by sloppy programming (see final quote <a href="https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html" target="_blank">link</a>).</p></blockquote><p></p>
[QUOTE="ForgottenSeer 107474, post: 1083110"] Yes, you got that right, NoScript it is only used for showing me how good Brave Shields are :) . In daily practise the unselected options in NoScript DEFAULT settings (for 3P) probably don't block anything. I disabled them solely out of good hardening practise: - OBJECT are obsolete plugins like flash or pdf - WEBGL (mostly used for gaming, has its problems, that is why it is often disabled in Firefox advanced profiles, chromium browsers have its successor WebGPU build-in) - PING (mostly used for tracking, so most people are better without it) - UNRESTRICTED CSS (has its problems, remember the advanced CSS vulnability bypass in uBlockOrigin, most websites using third-party CSS will still work with unrestricted CSS disabled) - LAN, Brave has an option to block access to host, Chromium browsers also have a flag to block insecure private IP requests, disabling LAN acces [URL='https://nlnet.nl/project/NoScriptABE-Quantum/'](link)[/URL] adds some additional protection - OTHER are seldomly used as third-party for home use and consumer applications Thanks good tip: (y) I always enable XSS-protection in NoScript. Although CSP reduces XSS risks [URL='https://portswigger.net/web-security/cross-site-scripting'](link)[/URL], enabling this NoScript XSS-filtter seems to raise the bar for malware writers [URL='https://portswigger.net/research/noscript-xss-filter-bypass'](link)[/URL], but filters and interceptors have a limited use against XSS vulnabilities created by sloppy programming (see final quote [URL='https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html']link[/URL]). [/QUOTE]
Insert quotes…
Verification
Post reply
Top