01
07
2011
XSS and Clickjacking Protection for Android
Posted by: Giorgio in Clickjacking, XSS, Mozilla, Security, NoScript
NoScript 3.0a3 for Firefox Mobile is out, bringing three of the major "classic" NoScript features to your Android smartphones:
- Easy per-site active content permissions management.
- The first and most powerful anti-XSS (cross-site scripting) filter available in a web browser.
- ClearClick, the one and only effective client-side protection against Clickjackings available on the client side.
Still some road ahead for convergence between the desktop and the mobile versions, but we're already past the biggest challenges...
A huge thanks to the NLNet foundation, and to many individuals, institutions and companies using NoScript, for their generous support to this project.
July 3rd, 2011 at 9:16 pm
I think it's great that you're doing a full rewrite of the NoScript code. Sometimes that is a much better option than modifying what exists. I would like to know though, will there be any loss of current functionality/options or will everything available in 2.x be present in 3.0 as well?
July 3rd, 2011 at 11:35 pm
@Zirro:
The aim is feature parity with current desktop version, except for legacy Firefox compatibility (it certainly won't be compatible with Fx 3.6, maybe not even with Fx 4/5) and for features which have been implemented in the core browser over the years, even if anticipated by NoScript (e.g. X-Frame-Options or HSTS).