An email I received yesterday night:
Hi,
I've been using NoScript with Firefox for a while (recommended by SANS), and today it paid off bigtime.
I got to work, started Firefox, and went to our homepage.
NoScript complained and I checked out the complaint at the bottom of the page. Our webpage had a link on it to sdo.1000mg.cn.
I started looking and found that we had the SQL injection attack currently featured at SANS:http://isc.sans.org/diary.html?storyid=4844
NoScript found it first! You are a hero! Thanks.
Jeff E.
[Anonymized US Educational Site]
Then a quote from Ryan Naraine's Talking Firefox security with Mozilla’s Window Snyder:
There are discussions happening internally at Mozilla around adding NoScript functionality into the core browser.
“It’s a conversation we’re having. I’d love to see it in there.â€
Oh Window, why didn't you tell me these sweet words when we were face to face in the romantic and adventurous land of Whistler?
I guess it's destiny, even Steve Ballmer had been too shy to declare his love ;)
August 10th, 2008 at 4:10 pm
haha
Although the news is great, I loved the writing style (last two lines) more. ;)
August 19th, 2008 at 2:32 am
Great news. I love no script and wonder how I ever browsed without it, even got my Missus onto it. I still think it is too hard for most end users, maybe if it could do like adblock plus or other collaborative systems and have a dynamic web stored whitelist that is updated based on x number of users allowing sites. Of course this feature also needs to be able to be turned off, cause no way I would have it on :P