Are script surrogates practical ?
I'm just trying to figure out how to use the surrogate about config function. No Scripts is a great tool. When you have to constantly permit scripts on so many web sites though, it seems as if the purpose is defeated. This permits JavaScript to be executed with out leaving you vulnerable in the way allowing scripts does ?
All Replies (3)
You can also look at extensions like these:
- QuickJava: https://addons.mozilla.org/firefox/addon/quickjava/
- Tab Permissions: https://addons.mozilla.org/firefox/addon/tab-permissions/
- YesScript: https://addons.mozilla.org/firefox/addon/yesscript/
Unless I'm missing something, those addons seem to essentially provide you with a site white list and/or black list for No Scripts. It seems that the no scripts tool bar essentially gives you those options any way by clicking " allow all this page " or " untrusted". What I'm trying to figure out is: if and how scripts surrogates:
http://hackademix.net/2011/09/29/script-surrogates-quick-reference/
permit you to use a site that requires java scripts, using the surrogates so you do not open your self to the vulnerability of allowing scripts. Do the Surrogates provide some defense?
When I say that you have to constantly allow scripts on sites, I'm not complaining about the act of clicking on allow each time. I just mean that you are no longer provided the protection of disallowing scripts and are surrogates a way around this ?