Open ghost opened 2 years ago
Browser extensions are never recommend and beside higher attack surface, badness enumeration just don’t work.
Extensions also can’t fix broken browser security like Firefox have.
@ghost: can you please elaborate, how noscript weakens site-isolation?
As of now NoScript is recommended on the 'Security and Privacy Advice' page. But I am not sure it is a good idea to recommend it like that without asterisks.
Almost all browsers already have a per-site JS toggle making NoScript's main functionality somewhat redundant. I did not look into NoScript's XSS and CSRF protection. So I can't comment on that