NoScript's unique whitelist based pre-emptive script blocking approach prevents exploitation of security vulnerabilities (known and even not known yet!) with no loss of functionality...
Operating NoScript is really simple.
When you browse a site containing blocked scripts a notification, similar to those issued by popup blocker, is shown.
For each site you can decide to allow the exact address, or the exact domain, or a parent domain. If you enable a domain (e.g. mozilla.org), you're implicitly enabling all its subdomains (e.g. www.mozilla.org, addons.mozilla.org and so on) with every possible protocol (e.g. http and https). If you enable an address (protocol://host, e.g. http://www.mozilla.org, you're enabling its subdirectories (e.g. http://www.mozilla.org/firefox and http://www.mozilla.org/thunderbird), but not its domain ancestors nor its siblings, i.e. mozilla.org and addons.mozilla.org will not be automatically enabled.
By default only the 2nd level (base) domain is shown (e.g. mozilla.org) is shown in the menus, but you can configure appearance to show full domains and full addresses as well.
Java, Silverlight, Flash and other plugins
- Fixed feed subscription broken on sites implementing X-Frame-Policy (regression from 22.214.171.124, thanks al_9x for reporting)
- Included js.wlxrs.com in default whitelist in order to make Hotmail login work out-of-the-box for new users