I'm pleased to announce the availability of NoScript 3.0a8 for mobile devices. Tested on Firefox for Android, it should work on Maemo too.
This is the first feature-complete mobile version of NoScript. In other words, it provides all the major security features of its desktop counterpart which make sense on a mobile device:
- Easy per-site active content permissions management.
- The first and most powerful anti-XSS (cross-site scripting) filter available in a web browser.
- ClearClick, the one and only effective client-side protection against Clickjacking available on the client side.
- ABE (App Boundaries Enforcer), a true webapp firewall inside your mobile browser to protect your router and web applications against CSRF and DNS rebinding attacks.
Important usability-oriented features -- such as Script Surrogates or the ability to emulate JavaScript-only navigation on sites where scripting is blocked -- have been ported as well, and other have been developed from scratch. For instance, on first run NoScript offers new users the ability to choose its default configuration among 4 presets which may be changed later:
- Easy Blacklist (you pick untrusted sites where JavaScript and plugins must be blocked)
- Click To Play (plugin a and audiovisual content is blocked until you click a placeholder)
- Classic Whitelist (you pick trusted sites where JavaScript and plugins can run, similar to the default NoScript 2.x setup)
- Full Protection (like "Classic Whitelist", but all the embedded content is blocked until you click, even on trusted sites)
Furthermore, while the in-page permission UI has been greatly simplified and optimized for touchscreen consumption, the underlying engine has been redesigned to allow deep per-site customization at the single permission level (e.g. making Flash permanently work by default on site X but not on site Y, even if JavaScript is allowed on both, or causing restrictions on a certain embedded object to depend on its parent page's address). These fine grained permissions will be configured through a new desktop UI (under development, slated for inclusion in the first cross-device NoScript 3 beta) and synchronized safely via Firefox Sync across all the PCs, tablets and smartphones where NoScript is installed.
Talking about synchronization, you can already share your NoScript settings among your mobile devices (just check the "Enable Remote Sync" option), but you'll need to wait for the aforementioned cross-device beta to include your PC in the synchronization pool.
Last but not least, NoScript 3 doesn't require a browser restart on installation and updates, which means that hot fixes for new security threats can be deployed in a more effective, timely and convenient way.
And here we are: NoScript users can now bring to their smartphones and tablets the same secure browsing experience they enjoy on the desktop.
It's not been easy, and there's still a lot of work ahead to merge into the desktop version the many under the hood enhancements that this full rewrite of NoScript's internals brought us as a welcome side effect, but this is probably the most important milestone in NoScript development since the XSS filter invention. So let's celebrate and thank from the bottom of our heart the people who made it possible: the NLNet foundation which believed in this project since the beginning, and all those individuals, institutions and companies relying on and contributing back to NoScript.
October 15th, 2011 at 4:00 pm
Thank you for the ongoing work on NoScript :)
October 15th, 2011 at 5:19 pm
that's a good job :)
October 15th, 2011 at 6:23 pm
Thank you for putting so much into this, noscript is amazing software
October 15th, 2011 at 8:26 pm
Wow, that's fantastic! Great job on making it restart-less as well :)
October 16th, 2011 at 1:00 am
Though I do not use a mobile device - CONGRATULATIONS and thank you fo noscript.
October 17th, 2011 at 2:43 pm
Great job, Giorgio! What do you think when will the desktop version be available?
October 17th, 2011 at 9:21 pm
@tlu:
It'll be ready when it's ready (which I hope is in one month or so, and anyway before the end of this year).
October 18th, 2011 at 12:12 am
What about some kind of plugin for Dophin HD which many of us use?
October 18th, 2011 at 10:05 am
Will this be a problem for NoScript mobile?
http://news.cnet.com/8301-30685_3-20120877-264/new-firefox-interface-to-speed-up-firefox-on-android/
October 18th, 2011 at 10:15 am
@HOW ABOUT DOLPHIN HD:
Not possible yet.
@Hunder:
A problem (more work yet) yes, a showstopper, no: https://wiki.mozilla.org/Fennec/NativeUI/addons
November 3rd, 2011 at 11:31 am
Awesome. I don't have a Firefox-capable phone, but I'm impressed just by "doesn’t require a browser restart on installation and updates".
Note: On the NSA page, the link for ABE just goes straight back to the NSA page. I think it's supposed to go here:
http://noscript.net/abe/
November 6th, 2011 at 9:37 am
Hi, thx for your perfect addon. I can translate this to Czech or Slovak language.
November 11th, 2011 at 12:37 am
it'll be great to have auto updating blacklist similar to adblockplus.
or perhaps even using the same list from adblockplus?
tnx!
December 6th, 2011 at 5:17 am
My phone runs Symbian OS, which doesn't support Firefox, and my wife's is Android, but with an ARM processor, so it also doesn't support Firefox! Argh! However - congratulations and thanks :).
I'm looking forward to the fine-grained permissions in the desktop version; it should make the 'Full Protection' mode (blocking plugins even on trusted sites) much more usable, providing a full FlashBlock replacement.
Now, if only there were an easier ABE interface...for the moment, I'm sticking with RequestPolicy for my cross-site blocking needs, but it's just not as powerful as I know ABE can be.
December 18th, 2011 at 8:36 am
Noscript for mobile! ur just awesome man!