How to Use the NoScript Add On

List of sections on this page:


4.0 About NoScript

NoScript is a particularly useful Mozilla Add-on that can help protect your computer from malicious websites on the Internet. It operates by implementing a 'white list' of sites that you have determined as acceptable, safe or trusted (like a home-banking site or an on-line journal). All other sites are considered potentially harmful and their functioning is restricted, until you have determined that the content of a particular site presents no harm; at this point, you may add it to the white list.

NoScript will automatically start blocking all banners, pop-up advertisements, JavaScript and Java code, as well as other potentially harmful web site attributes. NoScript cannot differentiate between harmful content and content necessary to correctly display a web site. It is up to you to make exceptions for those sites with content that you think is safe.

4.1 How to Use NoScript

Before you begin using NoScript ensure that it was successfully installed by selecting Tools > Add-ons to activate the Add-ons window and confirm that it has been installed.

Tip: Although NoScript might seem a little frustrating at first (as the websites you have always visited may not display properly), you will immediately profit from the automated object-blocking feature. This will restrict pesky advertisements, pop-up messages and malicious code built (or hacked) into web pages.

NoScript will run silently in the background until it detects the presence of JavaScript, Adobe Flash or other script-like content. At that point NoScript will block this content and status bar will appear on the bottom of the Firefox window as follows:

Figure 1: The NoScript status bar

The NoScript status bar displays information about which objects (for example, advertisements and pop-up messages) and scripts are currently prevented from executing themselves on your system. The following two figures are prime examples of NoScript at work: In Figure 2, NoScript has successfully blocked an advertisement created in Adobe Flash Player on a commercial website.

Figure 2: An example of NoScript blocking a pop-up advertisement in a commercial site

In Figure 3, the Twitter web site notifies you that JavaScript must be enabled (at least temporarily) to view this web site.

Figure 3: The Twitter web site requesting that JavaScript be enabled

Since NoScript does not differentiate between malicious and real code, certain key features and functions (for instance, a tool bar) may be missing. Some web pages present content, including script-like content, from more than one website. For example, a website like www.twitter.com has two sources of scripts (twitter.com and twimg.com):

Figure 4: An example of the NoScript status bar Options menu

To unblock scripts in these circumstances, start by selecting the Temporarily Allow [website name] option (in this instance, Temporarily allow twitter.com). However, if this does not allow you to view the page you may determine, through a process of trial and error, the minimum number of websites required to view your chosen content. For instance, on Twitter, you must select the Temporarily allow twitter.com and Temporarily allow twimg.com options, in order for Twitter to work.

Warning! Under no circumstances should you ever select the Allow Scripts Globally (dangerous) option. As far as possible, avoid selecting the Allow all from this page option. Occasionally, you may have to permit all scripts; in this situation, ensure that you only do this temporarily for sites you really trust, that is, until the end of your on-line session. It only takes a single injection of malicious code to compromise your on-line privacy and safety.

For websites that you trust and frequently visit, select the Allow [website name] option. (In the example above, Allow twitter.com and Allow twimg.com have been selected). Selecting this option permits NoScript to permanently list that website as trusted.