ClearClick anti-Clickjacking on Android

NoScript 3.0a3 for Firefox Mobile is out, bringing three of the major "classic" NoScript features to your Android smartphones:

  1. Easy per-site active content permissions management.
  2. The first and most powerful anti-XSS (cross-site scripting) filter available in a web browser.
  3. ClearClick, the one and only effective client-side protection against Clickjackings available on the client side.

Still some road ahead for convergence between the desktop and the mobile versions, but we're already past the biggest challenges...

A huge thanks to the NLNet foundation, and to many individuals, institutions and companies using NoScript, for their generous support to this project.

2 Responses to “XSS and Clickjacking Protection for Android”

  1. #1 Zirro says:

    I think it's great that you're doing a full rewrite of the NoScript code. Sometimes that is a much better option than modifying what exists. I would like to know though, will there be any loss of current functionality/options or will everything available in 2.x be present in 3.0 as well?

  2. #2 Giorgio says:

    The aim is feature parity with current desktop version, except for legacy Firefox compatibility (it certainly won't be compatible with Fx 3.6, maybe not even with Fx 4/5) and for features which have been implemented in the core browser over the years, even if anticipated by NoScript (e.g. X-Frame-Options or HSTS).

Bad Behavior has blocked 729 access attempts in the last 7 days.