v 10.1.1
+ First pure WebExtension release
+ CSP-based first-party script script blocking
+ Active content blocking with DEFAULT, TRUSTED, UNTRUSTED
  and CUSTOM (per site) presets
+ Extremely responsive XSS filter leveraging the asynchronous
  webRequest  API
+ On-the-fly cross-site requests whitelisting

Thanks to the Mozilla WebExtensions team, and especially to Andy, Kris and Luca, for providing the best Browser Extensions API available on any current browser, and most importantly for the awesome tools around it (like the Add-on debugger).

Thanks to the OTF and to all the users who supported and are supporting this effort financially, morally and otherwise.

Coming soon, in the next few weeks: ClearClick, ABE and a public code repository on Github.

Did I say that we've got a chance to reshape the user experience for the best after more than a dozen years of "Classic" NoScript?
Make your craziest ideas rain, please.

Long Live Firefox Quantum, long live NoScript Quantum.


Just gave a cursory look at the comments before getting some hours of sleep:

  • Temporary allow is still there, one click away, just toggle the clock inside the choosen preset button.
  • For HTTPS sites the base domain is selected by default with cascading, while for non-secure sites the default match is the full address.
  • For domain matching you can decide if only secure sites are matched by clicking on the lock icon.
  • You can tweak your "on the fly" choices in the Options tab by searching and entering base domains, full domains or full addresses in the text box, then customizing the permissions of each.

Next to come (already implemented in the backend, working on the UI) contextual permissions (e.g. "Trust on only").
And yes, as soon as I get a proper sleep refill, I need to refresh those 12 years old instructions and screenshots. I know I've said it a lot already, but please keep being patient. Thank you so much!

Update 2

Thank for reporting the Private Browsing Window bug, I'm gonna fix it ASAP.

Update 3

Continues here...

136 Responses to “NoScript 10.1.1 Quantum Powerball Finish... and Rebooting”

  1. #1 JD says:

    Thank you and the team for all of your hard work! I'm not entirely sure about this new UI yet and is it missing the Temporarily Allow All feature? Also, what does the lock icon for Match HTTPs content only mean? Is there a help guide somwhere?

  2. #2 Trevor says:

    Congratulation with the release, happy to see NoScript back where it belongs! Missed it a lot! :D
    However, I found this new UI a little difficult to adapt to. I believe I partly understand the logic behind it, but I'm not sure if I do. When you find time for it, can we have a introduction/tutorial please?

    Funny image btw :D

  3. #3 Matt says:

    Thanks a lot for your great work!! The only essential extension!

    Grazie Giorgio

  4. #4 p says:

    Thanks for your work! As JD has written I miss the feature to temporary allow sigle scripts, domains and sites too.

  5. #5 Giorgio says:

    Temporary allow is still there, just toggle the clock inside the choosen preset button.
    Also, for HTTPS sites the base domain is allowed by default with cascading, while for non-secure sites it defaults to full address, but then you can tweak this using the options tabs and entering the address (domain or full) you want to manage in the text box.

  6. #6 Francesco says:

    I've just tried it on android, and it is NOT blocking the scripts. I opened a youtube video, set everything to UNTRUSTED, and the video played anyways...

  7. #7 Giorgio says:

    @Francesco: NoScript 10.1.1 is not tested on Android and is very unlikely to work on it without more tweaks, since the API there is even more limited. But it's definitely a target for 58.

  8. #8 Adam says:

    Awesome job! Thanks so much for your hard work on this!

  9. #9 asdf says:

    It doesn't seem to work on private browsing mode.

  10. #10 User says:

    For anyone confused regarding temporary allowing a site, you need to select the TRUSTED or CUSTOM preset first, then you can select the clock icon just to the right of the text to temporarily allow the site.

    Is anyone else unable to use the menu in private browsing mode? It doesn't pop for me when I click on the NoScript icon so if anyone has been able to get it to work please leave a comment.

  11. #11 p says:

    Ok, i found the temporary feature, thx. Is there a way to whitelist an entire site with a single click?

  12. #12 Stan says:

    Hey Giorgio, how can we import the settings from the 5.x version of NoScript? (I have the settings/ site whitelists backed up in .txt files.)

    Also, I am seconding the report about the addon popup bubble not showing up in private browsing mode.

  13. #13 Francesco says:


    Ok, thanks for the answer. I'll wait for Firefox 58 for android. In the meantime I'll use it on my laptop.

    Ciao e grazie!

  14. #14 BendingBender says:

    Hi Giorgio, I'd like to support your effort financially, but I distrust PayPal. Do you have an Ethereum or Bitcoin Cash Address?

  15. #15 Windthin says:

    HUZZAH! It's a very different look, but interesting to see. I think the one thing I'd like is to be better able to see the addresses and all of extensions being blocked, but I admit I'm still trying it out. It's quite he different look; the switch icon is a nice touch.

    Thank you, sir, for your diligent work and efforts.

  16. #16 GOGI says:

    Long live to you Giorgio!

    And thanks alot for all the job you and your contributors have done until now, and keep doing, to provide us this extension. Even if we have been waiting for some days, it was worth it, and you've more than deserved a huge rest.

    Best regards.

  17. #17 Giorgio says:


    The settings should be migrated automatically, just waiting for their features to show up, unless you uninstalled NoScript in the meanwhile.
    However I'll probably add an import/export facility compatible with the "old" format in a while.

    Regarding the incognito mode issue, it's a bug and I'll try to fix it later this week.

  18. #18 Jake says:

    How do I remove a site from the list?

  19. #19 Another Jake says:

    Love Noscript, but this new UI is so different that I feel lost. I can't get the hang of temporary trust. With the previous versions when a page was re-loaded the temporary trust would be removed, but that isn't happening, or more likely I'm doing it wrong. Hopefully someone makes a video tutorial for us luddites heheh.

  20. #20 Alec says:

    This trend of developers completely changing their UI for the worst is really unsettling.

    The previous interface with text labels was intuitive. This new icons-only thing is not intuitive at all, and the mouseover tooltips don't even attempt to explain what you're looking at. If your interface needs an extensive guide/F.A.Q. on how to interpret it, then you have failed as a graphical designer.

    I guess it's nice that a working version that blocks scripts is out, so that I can stop using Nightly, but this new version is missing at least 90% of the features of the previous versions and it would be really disappointing if those features were gone for good, and the interface for what's left might as well be gibberish.

  21. #21 Eeya says:

    Wow! Just saw that the NoScript icon. NoScript is back.. Great!

  22. #22 Rob says:

    Thank you for your efforts to bring this update to us. I'm going to make another donation. It won't be much..because I don't have much; but you may have some of it! Thanks again.

  23. #23 Me says:

    Thanks for the sprint effort to deliver within the week after Quantum. However, this is not noscript. This is maybescript and specially alwaystrackingscripts (fb, google, twitter, ...). After an hour, I disable scripts, close browser, open browser and Voila: there they are fully enabled again.

    What happened to the simple intuition of deny all means that: no script executed except temporarily allowed no matter whether the http, the https or whatever the page is loaded.

    I've been checking tens of times a day for 10.1 version so as not to shift to ESR but it is a nobrainer.

    No doubt the filtering engine is a geniality of yours but ... the UI and the default script/font/fecth allowances policies make it completely useless.

    Waiting for the source code to contribute as much as possible to make it simply work again.

  24. #24 mbeeston says:

    while i appreciate having noscript back, it has some problem.. or maybe there's something i can't find...
    why it is no longer blocking all scripts till i can unblock them?
    also why it it no longer on the right click menu... it have it hard or impossible to so do anything about popup windows that don't allow the full menu bar...

  25. #25 Guenna says:

    I was really happy when I read that Noscript 10 is finished.
    But what has become of the very easy-to-understand Noscript?
    I'm just a simple german user and have to translate every english text online.
    The layout problem which Clone describes I have too.
    Then there is, for example, on the icon a "12" and pulldown there are only 4 entries.
    And some pages are blocked, despite being "vertrauenswürdig".
    You have certainly done a lot of work with the tool.
    But PLEASE, can you make it a little easier for stupid users like me?
    I would be VERY VERY grateful for that.

  26. #26 Dennis says:

    In addition to Guenna's problem (horrible UI layout), I would like to know where I can import my old whitelist from the previous NoScript version?
    Because I haven't found a way to do so, yet. And what I definitely won't do is to add them each manually again. If that's the only way I'll definitely leave FireFox forever and start using Edge with a script block extension. Thanks

  27. #27 a says:

    I have the same issue as "asdf", in private browsing mode, clicking the NoScript button does nothing. In normal browsing mode it works fine.

  28. #28 sandy says:

    hello i keep getting error "the add-on downloaded from this site could not installed as it appears to be corrupt"
    i have tried install from the noscript
    i have tried the .99RC release
    i have tried from official Firefox page
    all give same error, i am running 57.0 (64-bit) on Ubuntu

  29. #29 Wolfe says:

    I really appreciate you releasing Noscript 10 so quickly, but as others have mentioned the new UI just sucks, it's not intuitive at all, on top of that it's making firefox lag like crazy and it's breaking sites when i switch tabs or click on Noscript's preferences, anyways thanks and I hope you restore the old UI at some point.

  30. #30 sandy says:

    Never Mind figured it out, Had to uninstall the previous version which goes disabled and i guess interferes with installation. not sure if it kept my previous settings tryign to compare old "perfs.js" with new one

    Thanks youuuuuuuuuuuuuu

  31. #31 Dylan says:

    I donated a small amount today and can see myself doing it again in the future. Keep up the good work and I look forward to seeing updates!

  32. #32 JD says:

    After messing with the UI more, I really do think the old one is better now. This new UI is needlessly complicated, especially without some sort of tutorial, and the old one had a more robust options menu. I can't even find a way to turn off the number that shows how many scripts are being blocked on the page like before.

  33. #33 Unknown says:


  34. #34 Unknown says:

    Although the UI still need more work, but love it so far, was looking for options to disable script by default and found it under debug. Pretty much readjust everything under debug...

  35. #35 Stewart says:

    So can anyone explain how to replicate the old "temporarily allow all on this page" functionality?

  36. #36 brn says:

    Hi Giorgio. Are you planning on maintaining two versions of FAQ/manuals: One for NS-5 series and one for NS-10 series?

    Up to this point (apart from the ongoing headaches Mozllla has provided me) I've been *very* happy with running FF+NS (the only addon that I've run to date), and I've been *very* happy with the old NS UI. NS being the core component of the Tor Browser is well noted by this scribe.

    Unfortunately posts such as "Windthin" (#15), "Alec" (#20), "Me" (#23), and others regarding the interface; have me very concerned about going ahead with FF-57.0. I've yet to decide on rolling back from FF-56.0 to FF-ESR-52.5.0+NS-5.1.7 or upgrading to FF-57.0+uMatrix(until such time as NS-10's "Clearclick", "ABE", and import/export facilities are re-instated; and the NS UI improved).

    What a dilemma Mozilla have placed us in. Their approach to deployments, implementation, and documentation is rather reckless and has long frustrated me, in fact it's been literally very expensive. Mozilla's roll out of FF-57.0, in my view, is premature and an ill considered charge ahead without much regard for the state of the WebExtensions API for FF-57.0. Such Mozilla action is seriously starting to strain "this camel's back". Looks like I need to also investigate the fine print over at qutebrowser.

    I recognise that I can't complain to any higher degree until I have the ability to "roll up my own sleeves" , as they say over at OpenBSD, and pitch in - in some form somewhere.

    Giorgio's plans for GitHub sound promising and when the site eventuates, perhaps Giorgio will not have to shoulder all the load. In the interim and beyond, I hope that Mozilla find the "where with all" to revise their approach.

  37. #37 Gribli says:

    How do you temporarily allow all, or allow all on the page with one click, like the old UI had?

  38. #38 Gribli says:

    Please please please bring back the old UI. It was vastly superior in every way. It's like going from a Ferrari to a Yugo.

  39. #39 Dan says:

    thanks so much for all your hard work keeping everyone safe on the internet!

    new interface took a few seconds for me to notice what was happening and pretty intuitive
    might be because i was used to the older options..

    thanks for all the hard work getting this working, it was a few days of only surfing known websites

  40. #40 Matthew says:

    Thanks for all the hard work! Two issues I've noticed off the bat:

    1. With Allow Scripts Globally enabled, scripts from even explicitly untrusted sites are enabled, and clicking the NoScript button fails to show which scripts are running.

    I used that setting in legacy NoScript to only block scripts from specific sites I don't trust. I'm doing this in NoScript 10 by adjusting the permissions of the Default and Untrusted groups under the NoScript button.

    Assuming there's not a larger bug here, I would suggest renaming the Allow Scripts Globally setting in NoScript 10 to clarify that it completely disables the extension. (Perhaps even remove it completely, since the extension can be quickly enabled/disabled through about:addons.)

    2. I'm not sure yet whether this is a bug with NoScript, but with Firefox 57 on Linux, all tabs appear black or otherwise glitched after using the NoScript settings page. I have to restart Firefox to fix it.

  41. #41 Rob Steinbach says:

    I agree with Gribli -- please bring back the original UI/menu. Much easier than the multi-step need on the 10.x version. Otherwise, I am delighted to have NS back. Thank you.

  42. #42 a says:

    @Rob Steinbach @Gribli he can't. it's not possible with webextensions.

  43. #43 Jake says:

    I am glad that NS 10 is finally released. I am going to hold off installing it until more feature are added and bugs that are being reported are fixed. The UI is a little confusing. Does the little clock in Trusted need to be highlighted or dim for it to be temporary and does the other mean it is permanent? Whatever happen to using "Temporary" and "Permanent"?

    I am siticking with uMatrix for now. It is not as easy to use as NS 5.x, but less confusing than version 10. I don't want to reinstall FF56 or switch to different flavor of FF. Keep up the great work. I know you will have everything ironed out as soon as you can.

  44. #44 Huberto says:

    The new UI is just terrible sorry to say. Had to disable for the time being, hoping for the old style to return.

  45. #45 Sum Gai says:

    I'm glad it's back, but the interface seems...less than it was before. will that be updated to get it back on par with what it used to be?
    Then again, I might just need to get used to the new interface. it's a bit different, though it does feel more...broad with less fine control. I don't know, maybe that's just the first impression...

  46. #46 Feedback Guy says:

    Very Stoked to have noscript back! But.. I have to agree with others that the new UI is not good. It seems the default is allowing some scripts from websites that I previously was not allowing. I'm not exactly noob when it comes to 'puters but the new layout has got me confused. What does the green/red lock icon do? It only allows HTTPS content? Like others have already stated, the old UI was better with the option to just R click and temporarily allow some content for a session. I hate to be so negative when I know you've worked your butt off! Thank you for providing us with update!! :)

    For example: the Captcha on this site was being blocked.. took me a min to get it to show up.The old Noscript would list everything being blocked and I could R click, ALlow the web addresses I wanted.

  47. #47 pop says:

    Great to have noscript back..But as others have stated.. old UI and options please. This new version is missing so many things the old one had it seems.


    PS. Also had problem getting captcha to load..had to disable noscipt..

  48. #48 JaxsonFireX says:

    Thank you for finally getting this out for us! It's been a crazy week without NS on FF57.

    1st thoughts:

    1. UI = :( Older UI format was perfect and MUCH easier to understand and use. You can define easily permanent, temporary and unstrusted/forbidden permissions on each url that showed.

    Now there's more UI confusion with the icons and under custom, you're given all different options which may draw more problems to a user not familiar with eacg of these boxes to check/uncheck - by default these were nicely hidden in the options menu of older versions and minimizes user-error in mistakenly checking/unchecking something.

    2. Not working in private window mode - can't click on NS icon to show options or url list.

    3. Can't delete url entries in options. If you manually add a url or make a typo to the url, there isn't a way to delete this entry.

    3. Missing import/export whitlelist feature like on old NS.

    4. Missing revoke temporary/custom permissions.

    5. Other problems/issues: To be continued...

    I know this is just a start and there's much work to do when you're able. Thank you for maintaining this very important utility! Thank you to everyone else in giving their feedback too!

  49. #49 Merv says:

    Like many I am delighted to have NS back, but I also would like the old UI/menu please that was much easier to understand and navigate. Thank you.

  50. #50 GunnarOfSweden says:

    The wait felt long and hard. Glad the the wait only felt like it. Great job on the quick delivery and new look and feel!

  51. #51 Peppa Buttplug says:

    Thanks for all your hard work so far, but please make full private browsing support top priority for the next version.

  52. #52 CantLiveWithoutIt says:

    @Matthew I'm using FF57 on linux mint 17.3. I don't see black tabs. Though I had some serious crashes here and there on the NoScript Options page after setting the default to not allow anything (crashed firefox completely). I'm not sure if this is a NoScript 10 or FF 57 issue. I don't experience the crashes anymore after some restarts anyway.

    Many thanks to Giorgio. I'm looking forward to Contextual Permissions. But take your time.

  53. #53 fft2000 says:

    Big thank you for the new release!
    I just had one problem: I restarted firefox after updating addons and wanted to restore the previous session which resulted in a completely messed up firefox UI. As this didn't happen before I think NoScript is doing something it shouldn't ;)
    [To me it looks like firefox rebuilds itself in the noscript popup. Restarting firefox again results in a really small window.]

  54. #54 Jamzy says:

    OK, I've tried it and there are some things I can't get to work. I had to disable it just to be able to post here because there was nothing left to allow and captcha still wasn't showing up.

    I honestly don't like the new interface. I know, harking back to the old and familiar and all that, but it was nice and simple, easy to use. By contrast, the new interface seems pretty counterintuitive. For example, if I hadn't read about the clock in your post I would have had no idea how to temporarily allow something, and even then I had some trouble finding it! Also, as I mentioned, I couldn't get captcha to show on this page. Either NoScript is not working correctly, or I missed something, which isn't good, right?

    It's nice to not feel naked on the internet anymore, but it definitely needs work. I'm looking forwards to your updates and seeing where it goes. (But please remember KISS - Keep It Simple, Stupid!)

  55. #55 Merv says:

    Yes, I had to disable NS to post here as well. Otherwise, you can't see captcha.

  56. #56 Jamzy says:

    I just gave up and rolled back my version of Firefox. I didn't mean to upgrade anyway, but must have mis-clicked when it moaned about updates at some point.

    So now I have reinstalled the *nice* version of NoScript. It's SOOOO much better!

    (I'll keep an eye on this site though and I might re-'upgrade' if things improve. Sorry, but I just can't use the net without NoScript!)

  57. #57 JaxsonFireX says:

    Thanks for the answer about the private browser issue and updates on your main post!

    New issue, can anyone answer this? NS v10 not blocking sites like old NS did.

    1. I am noticing on several news websites like CNN, NBC, CBS (that are not on my whitelist) that audio and video from the sites' own players, is being automatically played like if you didn't block any scripts or never had NS.

    I don't have global permissions checked (it is unchecked in the options).

    On previous NS versions, none of the audio and video would be played automatically like this and I always temporarily/manually allow these url's and none of these websites are not in the whitelist.

    I think it will be much better if I can actually control what url's to load and not and have everything that's not on the current whitelist, blocked.

    How do we enable or get this feature back to where NS is actively not allowing anything like above until we manually whitelist or modify permissions (e.g. temporary, custom, untrusted)?

  58. #58 Brandon says:

    Hi Georgio,

    Thank you for working so hard to update NoScript. I have a few comments about the update:

    -I have no idea what the graphics mean
    -I cannot figure out if scripts are being blocked or not.
    -There is no "allow all this page" or "temporarily allow all this page" control
    -When I use FF on a second screen, the UI is blown up like 300% of its original size, and doesn't fit inside its box.

    I had to uninstall because it is simply not usable in this state. I tried to allow the google captcha script to post this message, but the buttons I clicked didn't unblock the script. I had to uninstall nostript to post this message.

    Best of luck,

  59. #59 Feedback Guy says:


    Yea man, having the same issue where NS seems to allow all (or more than it used to and I can't control what I want to block). Previously, pretty much everything would be blocked and I could select what to allow.. Now it seems to be the opposite.

  60. #60 Tapper says:

    Hi can you ad back the controls back to the applications menu as when using a screen reader that is the onley way to temporarily/manually allow a url. + in the options menu the buttons are not labelled thanks for all your hard work on this.

  61. #61 Peyia says:

    I just deactivated noscript and will check back when the initial bugs are out of the system. The UI is a mess and it is pretty much unusable if you´re not a geek. I don´t want to spend hours trying to figure out, how this thing works. But anyway, it´s for free and we have no right to complain. We just can decide whether to use it or not. I won´t...

  62. #62 Jack says:

    Thanks for all your trouble and taking the time for this release
    I have been waiting for quite some time for this release, thank you so much
    I was wondering if you can add an option to hide the counter that appears for number of blocked websites?
    Thank you again for your help

  63. #63 Aeron says:

    Ohh NoScript welcome back, things I see:

    - I can't trust several domains before reloading the website

    Bad/To Fix
    - I untrusted some part of Facebook to test and now it won't show in the list so... I cant revert the change
    - Right click menu was ok for some quick tweaking
    - Allow temporary all or revoke missing
    - Maybe interface window can be bigger or font smaller to avoid scrollbars

    Anyway thank you so much for you work and effort

  64. #64 Chris says:

    I know it might be a not-so-much used functionality, but I'm missing the 'allow local content' option. I use that for some sites that need some localized (monitoring) data.

  65. #65 Federico says:

    You are a HERO!!
    Many THANKS!!!

  66. #66 Federico says:

    Please, do accept bitcoin donations too :)

  67. #67 Mauricio says:

    Giorgio, in quale piazza italiana vuoi una tua statua?

    * Guys, pay a beer to that man, donate!

  68. #68 Joe says:

    Awesome to see Noscript back. Thank you very much. The new interface took some getting used to. At first I didn't like it, but now after a few hours I actually like it.

  69. #69 Yann says:

    Hi Gorgio,
    You finally did it !
    You know I ever saw and understand the excellent protection provided By noscript.
    But once Firefox got out Quantum and Noscript was not working, I really understand the full nedd of Noscript.
    And this morning I discovered Double Noscript 10 and its really amazing job above all for an independent dev.
    It's really a great job you've done there.
    Thank you and my best wishes for the future.

  70. #70 plugos says:

    Giorgio says: November 21st, 2017 at 2:19 am


    Giorgio should put his bitcoin address on every page, above "Powered by WordPress, Royale theme by tom.", he would receive many more donations.

  71. #71 x says:

    Thanks a lot for getting it working again so quickly !

  72. #72 hardo says:

    Hi Giorgio,

    I found a BUG with the "CUSTOM"-Setting obviously! As I understand it should be only for the selected site. But if I set the script-allow-option for a site, it's allowed for EVERYnext site I browse too!! If I check the "DEFAULT"-setting there it appears too - script-checkbox is checked. Even after closing and restarting Firefox it stays the same.

    And also in the storage-sync.sqlite-file it appears then: {"DEFAULT":{"capabilities":["frame","fetch","other","script"]}

    That should not be I think?!

  73. #73 Wolf says:

    THANKS for yr hard work!! :)

  74. #74 walker says:

    is the extension supposed to work w/ android too?
    if yes and I'm not wrong it does forget the two option selected (CSS and script globally enabled) after a FF reboot

  75. #75 walker says:

    sorry I mean XSS not CSS

  76. #76 JacksonFireX says:

    @Feedback Guy + others, here is a safe for work screenshot (see imgur link below) I took from checking out a recipe site I visit often. Mind that I don't have a single whitelist to the majority of urls (including no whitelisted CDN's) of this website and always manually/temporarily allow each url.

    As soon as I visited the site, the video started automatically playing!! Obviously, old-NS would never have allowed that to even happen :) I noticed that every item on the list from top of the main url to bottom under "default" has "allow script checked" - I don't have "allow scripts globally" in the v10 options. url's like newreclic/scorecardsearch/revsci/googletagmanager all show "allow script checked under the default bubble to the left"

    In the screenshot, I just clicked newrelic as an the example under default. Every url item shows the same options checked (including the allow script).

    On old NS, these same urls would be there to allow/temp/untrust but would be pre-blocked - I keep them there unchanged to monitor what websites are throwing onto the page and why I fell in love with NS! For this same site example on old NS versions, normally I temporarily allow the main url address, the media-allrecipes, brightcove and a couple select urls depending on the type of page I am visiting.

    I also noticed things like doubleclick being showed to "allow script" under default while on youtube.

    I was taken off guard when the video started playing. This seems to be the case on a lot of other websites where you normally need to manually allow these permissions (e.g. permanently or temporary).

    At this point, I feel somewhat uncertain of what's all blocked and not but I know I'm not the only one and I am sure everything will get resolved in one way or another by our developer and community feedback. The only other security-related addon I have is ublock origin which I've used for years in parallel to NS and they worked great together without conflict... not sure about now but can't rule out the possibility.

    Thanks and hopefully this information will be useful in one way or another!

  77. #77 olive says:

    Decided to keep silent, be confident and patient, and to have a nasty flu to make waiting easier... Been busy sleeping 12 hours on end and, lo! here is NoScript 10.1.1. Now NS Wonder Team, please have some sleep too.

    Thanks an awsome lot.
    Greetings from France.
    And Champagne!


  78. #78 Exzentrik says:

    Hi! The new UI is nice. Takes some warming up to, but once I got familiar with it, it works.
    I just have 2 questions:

    1. How can I set it up, so all domains are blocked until I manually set a domain to trustworthy? Just as it was in the old NoScript.

    2. What does this "Match HTTPS Content Only" mean? Do my selections only apply on secure connections, otherwise all scripts are loaded regardless of what I said?

  79. #79 emka says:

    Hi Giorgio,

    thanks a lot for updating NoScript for Firefox Quantum!

    For me, the "Allow temporarily" feature seems to be broken. I don't seem to be able to click the clock icon on the "DEFAULT" or "VERTRAUENSWÜRDIG" label with German locale switched on. Instead, I seem to be clicking the label itself.

    Enabling temporarily was a feature I most often used with the old NoScript extension.

    I'd be happy to help with screenshots or debugging data.

    Best regards,

  80. #80 Exzentrik says:

    Ahhhh, OK. I'm truly sorry for my rushed comment!
    New version works great! For everyone, that has the same problem as me:

    By klicking on the "Defailt"-Icon, you can uncheck all the checkboxes, so newly visited sites won't load anything.

    And If you, like me, for some reason see a long list of sites when opening the settings or need to remove a domain:
    Just click the "Debug"-Checkbox at the very bottom of the settings-page.
    It opens a textarea in which you can simply remove all the "trusted" and "untrusted" sites.
    It should look something like this:

    "DEFAULT": {
    "capabilities": []
    "TRUSTED": {
    "capabilities": [
    "UNTRUSTED": {
    "capabilities": []
    "sites": {
    "trusted": [],
    "untrusted": [],
    "custom": {}
    "enforced": true

    But of course, then you have to manually add all the sites you want to trust again.

  81. #81 Nutter says:

    Longtime user, first time poster.
    Just wanted to say many /many/ thanks for keeping this fantastic add-on up to date—keep up the fantastic work!

  82. #82 Why says:

    Don't fix what isn't broken. The old version was great, simple to use without unnecessary distractions while this new one feels like a garbage fire compared to that. The size, the pop ups, unintuitive UI, not working in private etc.

  83. #83 toby says:

    Nice work. Thank you very much!
    One remark: The columns "DEFAULT", "TRUSTED", "UNTRUSTED" and "CUSTOM" seem to be fixed sized.
    In other languages these words are much longer, so they will overlap.

  84. #84 Chris says:

    Hi Giorgio
    First of all thank YOU very very much for all efforts, magnificent idea of this add-on and all your efforts to make Quantum-compatible edition :)
    Well. Now its time for my first impressions.
    The new look/UI. Its not the same. No problem. I was expected it due to web extensions introduction.
    - I think that it is little to big and should be more compact. Smaller icons, each row little lower;
    - Maybe you can put as an option to remove icon descriptions (as TRUSTED etc) and leave only icons. Without changing positions after option enable all icons of one type will be in the same column. I think it will be better for fast work with configuration.
    - It will be more comfortable to put temporary-allow icons as separate option.
    - i hope that lack of "revert all temporary permissions" option is only matter of time
    - it would be nice to have possibility import permission settings from older version

    Please. Don't take this as criticism. I love noscript and I'm grateful
    These are only suggestions :)

  85. #85 Exzentrik says:

    Yes, the buttons in other languages are clunky. Here a screenshot:

    It's a little hard to allow scripts temporarily, if you have to search for the clock-icon, because the button-text overlaps.

    Also, YouTube is a pain in the ass. I just used twitter by allowing "". But for YouTube there is no such option. I had to allow 6 different subdomains for "". After the next video requered yet another set of, I added it like twitter in the debug-section in the settings window.

    Is there a reason, why this works for twitter but not for youtube?

    Also, there are many sites on which the noscript-Icon shows a red 6 for example, but when I click on the icon, I see only 2 domains listet. Or somethimes it's the opposite and I see more scripts listet, than the red number indicated.

  86. #86 nemo says:

    So. It wasn't blocking youtube 'cause the addon by default has a massive whitelist. Whitelists a bunch of CDNs, google's tracking^Wscript hosting etc.

    It's a bit of manual labour to turn 'em all off but doable.

    Bad news though. This webextension addon is just as broken as uMatrix when it comes to getting browsers to parse tags.

    Basically: applies to NoScript webextension too, even though I'd like the same behaviour as the old noscript WRT fallbacks, including the case described in:

    Case-in-point. This website has a captcha. the Non-javascript catpcha does NOT render with the webextension NoScript. It does with the old NoScript. It is necessary to whitelist JS to post, even though google's captcha has progressive enhancement.

    Also the UI is much more clumsy ☹ uMatrix is less painful since it seems I have to go to a new tab and hunt for the site scripts in it. Way too confusing. Was easier to just temporarily disable NoScript to do this post.

  87. #87 cabrogal says:

    Many thanks to Georgio and the team. I've long considered NoScript my primary defence against browser vectored junk and malware and was feeling a bit naked since I updated Firefox. I feel much better now.

    (ha ha! My first attempt to post this comment failed because NoScript blocked the Captcha)

  88. #88 nemo says:

    @cabrogal - it wouldn'tve blocked the captcha if it was functioning same as the old noscript ☹ I commented to that effect just above you but still waiting on moderation.

  89. #89 Angus says:

    Thanks very much for your hard work. It's great to have NoScript back.

    Please could you explain this further:
    > Temporary allow is still there, one click away, just toggle the clock inside the choosen preset button
    Not quite sure what you mean. With the previous version this was very simple.

  90. #90 Angus says:

    Thanks for your hard work. It's great to have NoScript back.

    Please could you explain this further?
    >Temporary allow is still there, one click away, just toggle the clock inside the choosen preset button
    With the previous it was easy to temporarily allow sites.

  91. #91 Bio says:

    Oh man... I really, really need a way to import my literal thousands of whitelisted sites from the old version. It didn't automatically do mine because I had exported it and uninstalled everything to do a fresh install of everything on a new profile with Firefox quantum... now only to find out, that I can't import my whitelist into the quantum version of noscript. I even tried using replace to modify my whitelist into a format that matched what I saw in the "debug" checkbox list but apparently adding stuff to that list does nothing as there's no way to save what I type in there.

  92. #92 nemo says:

    Also, it looks like based on the conversation in the uBlock bug, web extensions do not in fact have access to the flag bz was discussing... the flagging in indicates this is still on the ToDo - IMO better to stay on legacy noscript for now ☹

  93. #93 Chron says:

    I second the UI concerns; I don't understand how to read the new UI and a quick look through the NoScript site didn't find a tutorial. Does the green icon with a lock mean that site's scripts are enabled (because it's green) or disabled (because it's a lock)? The red-unlock is disabled because it's red or allowed because it's unlocked? Or do those icons not have anything to do with whether that site is allowed to run scripts? If it's not the green/red lock/unlock, what tells me whether a site is being allowed to run scripts? The Default/Trusted/Untrusted wording on the left? Does "untrusted" mean it's not allowed to run anything? What does "default" default to? I thought trusted/untrusted had to do with whether you believed a site was backed by an entity that could be held accountable, which has little to do with whether I want to allow it to run scripts.

    Holy cow, I think I realized what I screwed up--I accidentally turned on scripts everywhere by default, because I enabled scripts under the "Default" profile. The left side is four icons representing four profiles for sites, with the selected profile for the site having big text next to it (making it non-obvious that the four icons are even related). Clicking the icon of the selected profile of any site shows the allowed/disallowed stuff for that profile (except custom, presumably), and are fully changeable. So when I clicked the icon-next-to-the-text of a Default site and then enabled scripts for it, I affected the default profile for all sites, accidentally enabling scripts globally.

    To enable scripts for a site, I assume I should instead be setting that site's profile to "trusted"? And to disable them I should set one to "untrusted"?

    It is...very non-obvious what was going on there, but I think it makes enough sense to me to be usable now. If you want to show that each site is considered within one of four profiles/states (default, trusted, untrusted, custom) you need to have those four icons in consistent columns, not throw off the columns by expanding each selected one with words. And it shouldn't be possible to update the settings of the Default profile from a specific site's entry--that should be something I can only do from the NoScript addon's configuration page.

    Still don't understand what the green-lock/red-unlock icon does.

  94. #94 Trevor says:

    It seems there are many that don't find the new UI easy to understand and use. I guess the old one ain't a option and I'm not really sure if the old UI was *that* much better either or if it was just something we just had gotten used to over the years.
    Do we have any designers here that can suggest what can be improved on in the new UI, or provide a more intuitive design based on the new one?

    Giorgio, please bring NoScript to either GitLab or GitHub. You're a awesome guy, but it's not right of us to just make a bunch of demands and expect you to work on it all alone. Let us help you!

  95. #95 Trevor says:

    If you also can bring the website to GitLab or GitHub that would be great as it could need a refresh into this century, and there's likely skilled people in the community willing to help. Personally I would suggest using to generate static sites (it's used by for example Free Software Foundation Europe in their campaign ). Only a suggestion. :)

  96. #96 User says:

    Thanks for the update but no thanks, it's now ruined for me.

    Re: ...ui/options.html

    The permanent entry in the list of sites in the options tab means there is a permanent a record of all sites visited, this is no good. I used NoScript where I can temporarily allow a site and make THAT rule also temporary. Close Firefox, restart and no record of that site in NoScript meaning I must reset the rule each time. That is what I want, when Firefox closes I want it to have zero records held anywhere, ever.

    With this lost, I will remove NoScript.

    Best regards.

  97. #97 Giorgio says:

    Re: "I used NoScript where I can temporarily allow a site and make THAT rule also temporary."
    You've got a "clock" toggle on each allowing preset. Every site with a "clocked" preset has a temporary record which is reset when you close the browser. Isn't that what you want?

  98. #98 Giorgio says:

    Making the "DEFAULT" preset not customizable from the popup, or even from each entry also in the options page makes sense for the reasons you empirically found, thanks for sharing.
    Regarding the lock icon, it's referred to the kind of match the rule makes (hence the title "Match HTTPS only"): if you turn it to locked/green, permissions are allowed only if the website is HTTPS, even if the rule is for a whole (base) domain.

  99. #99 Solo says:


    I truly appreciate your work. I was wondering does this new version automatically block a new website or a pop up website from running anything like the old version? Thanks.

  100. #100 Theo says:

    It took a few minutes but I managed to find my way just fine.

    I'll admit some confusion with the red/green but this is just a traffic light thing where green is good/go and red is bad/stop. The unlocked/locked icon speaks for itself and green/safe and red/unsafe is ok now.

    I'm still getting used to the temporarily allow settings but the two click functionality works just fine for me for individual elements but what i do miss is the 'temporarily allow all' option. The 'revoke temporary permisssions' is also missed.

    thank you for this new version! I was using umatrix in the iterim and was beginning to worry that 10.1.1 was less of an option. I was running both NoScript and 10.1.1 at the same time to see who blocked what and now have umatrix disabled.

    again thankyou, thank you, thank you!

  101. #101 Jon says:

    Thank you for all the work you have put into NoScript, I for one really appreciate it.

    I want to make a comment: When using Firefox Quantum in a Private Window, NoScript is non functional. I cannot make any changes, it is just frozen.

    Thank you so much again

    ps: why is reCaptcha always 'active'? There is no toggle on/off option?

  102. #102 NoScript breaks rendering says:

    I found two issues:

    1. Rendering on some pages is broken with NoScript 10:
    Since upgrading to FF 57 and NoScript 10, is totally broken, see
    It's certainly an issue with NoScript because disabling all other extensions has no effect whatsoever.

    2. Additionally: the requests to are not encouraging trust on my end. If I wanted to allow somebody to track my web history I wouldn't use – amongst other extensions – NoScript in the first place.

    Please fix these issues in the next release.

  103. #103 superdocious says:

    Thank you so much for your hard work. I appreciate it very much. but: where has the wonderfully simple usability remained?

  104. #104 jb says:

    Thank you for this awesome extension, the upgrade road with the new firefox is a bit bumpy (all the other extensions have to be reinstalled or replaced) but hey, it"s progress ;)

    - is it possible to have back the ease of use of the old extension (a menu where you can disable site by site on the url you are browsing)

    - is it possible to have a tooltip that explains what script/object/fetch means in context of the customization

    - it seems it breaks the rss feed bookmarks (i have to disable noscript to make them load)

  105. #105 Maju says:

    Love it. Thank you very much: you are the best of the web, really!

  106. #106 Slinky says:

    I only have one question, why did you completely redo the UI? With all due respect the "old" UI was very intuitive and easy to use and the features were much better. I feel the more people complain the more you'll double down on never going back to the "old" one. Such is life ...

  107. #107 megaman says:

    Could you please bring back the old UI?
    Also thanks for all of your hard work.

  108. #108 pehlm says:

    Thanks for the upgrade! Very thanks! At the beginning I thought the addon wasn't so good, at least compared to 5.x. But when I patiently was trying the options learning how they was used I changed my opinion and now after a little while I really like the new extension. I hoping though that the old menu can reappear in the future where you can disable/enable site by site.
    But thanks again, I really like your work, hoping for more functions on future versions.

  109. #109 Giorgio says:

    @NoScript breaks rendering:
    1. The difference in site rendering when scritps are disabled is due to the <NOSCRIPT> tag being disabled by the browser with the new CSP-based blocking system. I'm looking for work-arounds.

    2. "", as the name implies, is a domain which does not resolve to anything, and since is under my control I can make sure nobody makes it real domain. It's used as the report URI for the script-blocking CSP, in order to catch LOCALLY whatever has been blocked by NoScript and show it in the UI. As soon as the request is initiated, is processed LOCALLY by NoScript and blocked, so the information never leaves the browser. If, by accident (e.g. because you disable NoScript while a page with the CSP loaded is still active) the CSP report is fired and not caught, as I said the domain doesn't resolve and the request just times out.

    - if you mean "Temporarily allow all", yes it's coming
    - yes
    - will look into it

    Yes, unfortuantely most of NoScript, and especially the UI, has been forced into a full rewrite by the complete change of technology. No more menus, dialogs and other native widgets: just HTML in very constrained places. On the other hand, we can get quite creative inside these boundaries, so if you got suggestions to regain simplicity on top of the new customizability, they're most welcome, thanks.

  110. #110 bill says:

    Thank you Giorgio for your passion to give us NoScript 10!

    Right now the UI is very spartan, but that's a chance for the best NoScript UI ever too. I'm looking forward for step-by-step improvements.

    I found two issues.

    1. When I do a left-click on the NoScript icon at it redirects me always to the NoScript settings. The NoScript icon shows a question-mark.

    2. When I do i little XSS test (e.g. click ) a clean, grey popup appears and I have to do right-click first to see the NoScript message and options.

  111. #111 alek says:

    Hello. Thank You very much, Mr. Giorgio but please, bring back an old UI! Thanks.

  112. #112 Exzentrik says:

    Quick (stupid) question:

    The old NoScript somehow had the sideeffect, that automated redirects won't work. Instead I saw a Link to the site they wanted to send me, that I had to manually click on.
    I appreciated this greatly, since the Firefox-Option for this doesn't work most of the time.

    Is there any way to get this back with NoScript 10?
    Right now, all redirects simply fire away, and the option in Firefox is missing on the preferences page...

  113. #113 Tomate says:

    I think the new UI concept gives one a better overview than the old

    some usability and other remarks:
    * I think it would be more intuitive to "allow temp." with single click and "allow permanent" with double click (like it is already with http domains) (buttons should overlap)
    * custom mode site-specific changes don't work here, its changed globally
    * what's the point of all the subdomain lines, if settings are applied to their main domain only?
    * highlighting the lines with colours corresponding to the chosen mode could make the UI clearer

    Thanks for this extension!

  114. #114 jb says:

    @Exzentrik #108 , wow i just spent 1h trying to figure this one out, twitter has become unusable for me

    @Girogio, when i wrote (#100)

    - is it possible to have back the ease of use of the old extension (a menu where you can disable site by site on the url you are browsing)

    i meant, temporarly enable : the url
    then gradually enable the new urls appearing in the menu,
    then the new ones until the site works as i see fit with just the javascript and urls needed

    and if i could save the config per site/url with the option to swtich it on/off that would be awesome

    i"m not sure my description is clear though.

  115. #115 Gerf says:

    Grazie Giorgio!
    The stuff seems quite demanding so bravo and good luck with the rest.

  116. #116 PleaseKeepPrivate says:

    NoScript XSS Warning pop-up.

    Is there a way to get noscript to have a "always block" in addition to "always allow"? Thanks.

  117. #117 John says:

    I miss the context menu. Right-clicking anywhere on the screen is a much easier way to access the settings than having to move the mouse to a tiny icon in the menu bar, a long way away from where my mouse cursor is going to be while surfing. I'm also not a global whitelister, and the new temporary icon is confusing in its design, looking like part of "Trusted". It also requires additional unnecessary clicks to enable. Temporarily allow is actually a separate state from "allow/deny", not a sub-state of "allow".

    In general, I find the icons confusing. The text entries in the menu were a lot clearer.

    I appreciate that the new UI has its benefits for some use cases (easier to allow multiple sites in one go), and I'd urge you to keep it. But please bring back the context menu, with text entries that are instantly clear.

    The indication that sites are being blocked is now also tiny and hidden away from where you are looking. It's a tiny number in the header, that is easily overlooked. I used to have a message at the bottom of the page showing what was allowed etc. If a page wasn't loading properly, I immediately knew why. I have not found any way to reenable this message.

    Overall I'm not a fan of the UX. I like the idea that you can easily whitelist multiple sites at once without needing to open the menu multiple times. I'd however also like a quick way to enable a single site from the context menu. The context menu is also a great way to quickly view what is being blocked without moving the mouse.

    At least for my browsing habits, the old UI was a lot more streamlined. Especially as I like enabling one site at a time to see what each one is doing, and then only allowing those I actually need. I don't think the new UI is bad, I just see it as an addition, not a replacement. It serves different use cases and needs.

  118. #118 TimG says:

    Very big thank you for all your work getting the new version out to us. It is greatly appreciated.

  119. #119 John says:

    I've also noticed that the new version has enabled scripts for every site I have ever visited for some reason, despite me only every allowing temporarily. This includes sites showing up in the list that were visited in private browsing session. Not happy, not good.

  120. #120 Nicholas says:

    Hello, Giorgio. I am a non-technical user of NoScript. I was able to make my way around the old version, but in the new version, I'm TOTALLY lost. I can't tell what the icons mean or how to do anything. Can you please publish a user guide? I can't even get any website to work properly with NoScript enabled. Please help. Thank you!

  121. #121 Nicholas says:

    What does "Match HTTPS content only" mean?

  122. #122 Nick says:

    Good work on getting NS to work on Quantum but like others I'm having problems with the UI.
    I'm struggling to understand it - and cannot explain it to my wife (the acid test) !

    When I hover over the lock icon - either green locked or red broken I get the same text - "Match HTTPS content only" - is that working correctly ?

    Intuitively I think that if there is a red broken icon then there is something wrong. My eye gets drawn to that rather than to the first icons.

    I cannot get the hang of giving something temporary access - double clicking just gets me back where I was.

  123. #123 Nick says:

    Also, if a url is DEFAULT (and thus blocked) I find myself clicking on the DEFAULT and changing it to allow scripts - which I now realise is probably altering the default settings rather than setting up temporary access ! I suspect this intuitive behaviour is dangerous ??

  124. #124 George Valitsas says:

    As few of the posters above, Default does not block anything. if I expand it, everything is allowed and is ticked: scripts, objects, media etc, it is not blocking anything! the untrusted button un-ticks all these options, but if default is meant to block all scripts, it is not, at least in my case. The opposite happens, everything is allowed!

  125. #125 JRS says:

    Realmente una MIERDA! cambiaron algo que funcionaba bien y era simple por algo que es fidicil de interpretar, hace dias lo estoy usando y noté que en el modo Default no bloquea absolutamente ningun script y uno manuamente tiene que constantemente configurar pagina por pagina lo que o hace inutil, ya no tiene menú contextual con lo que no puedo configurar si quiero bloquar n todas las paginas abiertas o solo la que está navegando, realmente muy mala la actualizacion...

  126. #126 lgdoc says:

    I'm sorry not to be so happy as others, BUT...
    since I got the new NoScript (together with QUANTUM), I cant open the menu to choose the permissions
    When I click left with my mouse, nothing happens!!
    Anyone has a solution to cure??

  127. #127 MK says:

    This should be marked as beta. It's the first release of version 10, it was rushed, and it's just not ready, and does not work. It's a shame such an important project has been managed in such an amateurish way.

  128. #128 TsungPhuk says:

    I was SOO happy the day I saw NS update! Sadly, today I gave up, and had to remove it. I've used NoScript for many years... the old UI was obvious, no learning curve necessary.

    I spent the same amount of time learning the Advanced Features of uBlockOrigin. I figured uBlock out in a day or two (old NS UI was more intuitive than uBlock)... in any case, I gave up.

    Sorry to complain. I'm sure you and/or any staff worked your tails off on this project. For whatever it's worth, the old NS UI was MY FAVORITE ADD-ON of ALL-TIME! (and I donated, thank you for years of great service!). I'll check in again -but the new user interface is like Vice News (cartoonish -catering to kids?!). Counter-Intuitive. Bless you all. Peace & Love! Ringo

  129. #129 Jim Firefox says:

    Nice blast of fixes Giorgio!!!

    I bet good bitcoin that 100% of the folks complaining are NOT PROGRAMMERS

    Clearly , this was rushed out because it was already 'late'.

    But considering how many changes were made in the last day, I predict this will be ready for prime time , in NO TIME.

  130. #130 Jim says:

    Didn't read all of the comments above so please excuse if I'm repeating (not a programmer either). Deleted Old FF NS Extension due to it not working. Was waiting to find out how to install the New and Improved version... Then when I powered up this evening there IT was. Again Don't know how.

    Anyway the reason for this post is that IT Did Not seem to work correctly. SO After Reboot, Working or at least seems to. Will need a little time to relearn but so far looks Great.

    Thanks a Bunch!

  131. #131 Jim says:

    Oops, Sorry. An Addition and a few Corrections.

    Failed to mention OS: Ubuntu 14.04 LTS 32 bit w/ all updates

    Corr #1: Did NOT "Delete" Old FF NS Extension but rather Disabled IT and Did NOT Re-enable IT. IT (New NS) just showed up as Enabled (Thank you very much).

    Corr #2: Did not "powered up" but rather Reconnected to the net.

    Corr #3: Did Warm Reboot (selected "Gear" Icon and then "Restart...")

    Again, Sorry and Thanks a Bunch!

  132. #132 Reppu says:


    thanks to your work, but the new NoScript is pure crap. A once easy and intuitively to use tool has become a nerd tool. The old list of scrpis showed all I needed, now I can customize things, I have no idea about the meaning like webgl or fetch. Or it shows, that 20 scripts are running, but I can only see 3. Was a nice time, but at least I do not need to donate more money to this. New isn't always better. This sucks now. And when I read the others comments, in my opinion you failed by changing the old intuitively to use NoScript to this sh.t Such a shame....

  133. #133 ITisR says:

    I was looking to see how to export whitelist in the Quantum editition of Noscript but I and I believe most of the others are very happy and glad users and have time to wait for this to function and read/googe for a workaround.

    In the meanwhile, I think I will have to donate to this code (for the first time of my life) as I should have done it earlier. I bow deep for Giorgio. You have made one of the tools that I use the most and it is such a shame how I understand it's great meaning to me only when there are many changes in Noscript to adapt to.

    Keep up the good work I and internet needs it!!! :)

  134. #134 Kasper says:

    ...Well. I just came by to see if there was any way to bring back the old UI. I despise the new one and don't care about your reasoning. So, I guess I now need to find a replacement. ScriptSafe for chrome is a decent choice there...for anyone looking for something close.

    Sadly...I will not be returning unless the old user interface returns. Expanded a bit if necessary but the same basic feel.

    I will also not be supporting any further development.

  135. #135 Kasper says:

    In Fact: The ScriptSafe crew have developed a version for firefox. -WAY- closer to the original NoScript UI and will serve as a decent replacement if this guy doesn't get his head out of his ass and bring back the old interface...or as close as possible.

  136. #136 Turncoat says:

    I just installed the ScriptSafe alternative, and the UI is much better. I have been using NoScript for years but I will not return unless the old UI is brought back. The new one is just plain horrendous.

Bad Behavior has blocked 852 access attempts in the last 7 days.