I’d been a keen user of this until a while ago when they completely overhauled the UI in a way I couldn’t figure out all, when I abandoned it.

The new UI is absolutely horrible and confusing.

I can't remember how many time I have disabled restrictions globally and always forgot to turn it off because the icon says nothing.

Damn, I have to agree. The UI (Chrome) is horrendous.

While I agree the change in UI was disruptive, it shows more info and in a more accessible way than before. (At least once one takes the time to learn it.)

If a simpler interface is preferred then it's already possible to blacklist JS in Chrome and enable it per-site by clicking to the left of the page address for the access privileges.

I don't get this. I also thought the new UI was horrible but actually, it makes a lot of sense. You have default, temp trusted, trusted or untrusted.

It really is simple to figure out, if you can't, maybe you need an easier plugin that just toggles JS in general.

I was the same. I switched to uMatrix and found it to be more intuitive and fine-grained.

Maybe you'll enjoy this one: https://github.com/maximelebreton/quick-javascript-switcher. Works well.

I had the same reaction, but persevered with it, stared at it until I worked it out and decided it was really quite usable. Not that hard :) I still use it.

In my opinion NoScript is the single most powerful security tool for the home user. It's a shame they've rendered it nearly unusable with the new UI. I don't know why it's a trend with developers these days to turn readable menus into oversimplified buttons/icons. I have to rely on tooltips just to work my Gmail and that's ridiculous.

The UI works fine for me.

> I have to rely on tooltips just to work my Gmail and that's ridiculous.

Pick a better mail service that doensn't 'require' JavaScript? You're complaining about a thing that lets users control what sites are allowed to run and you're trying to use one of the most JS-heavy sites on the internet...

The parent commenter was comparing the bad UI of NoScript to the bad UI of Gmail. Seems fair comparison to me if the UIs are similar. What does JavaScript have to do with it? People are quite capable of creating bad UIs with or without JavaScript.

> What does JavaScript have to do with it?

Um, the article is about NoScript.. which (drumroll) allows users to manage Javascript on a per-website and/or per-source basis.

True, but that's what the whitelist is for. Browsers are so complex these days that visiting a website you've never heard of before may as well be you running a random executable. Will your browsers security hold up if the website is hostile? Probably, in the same way the security features of your OS and/or anti-malware software will probably keep you safe from a random malicious executable.

I have ran malware on known sites due to faulty ads and some Java 0-day about 5 years ago. I never enabled Java in my browser again. I do wonder if having used NoScript would of saved me since it does block Java applets too.

The problem is that if you suffer from information-addiction, like most people nowadays do, the whitelist quickly becomes filled with every website out there.

I've actually had the opposite problem, I have yet to make a habit of saving my noscript (now umatrix) settings, so any time-saving of eliminating slow scripts is wasted refreshing it three times trying to figure out which cdn is the important one; and trying to selectively enable the scripts of a video streaming site is even worse. Still worth having it though, especially when you go to traditionally sketchy download sites and see it have a cleaner UI than the apple homepage with just a single download button.

See, this is where data collection would actually come in useful.

Noscript can collect the information as to the most common settings for each website (say youtube) and apply them automatically.

Would save the whole "temp allow" -> "refresh" whack a mole game :)

<Regrettably, the additions and enhancements which resulted from this work have not picked up by Google.

Maybe Microsoft does and push it upstream?

Microsoft doesn't own the upstream code?

Google does

That was my point..

I wish NoScript would work with Safari. With Apple's commitment to privacy, they really need to lift their game with safari extension support.

FYI, Noscript had a serious zero-day which runs js files with MIME type text/css.

"FYI", so what am I supposed to do with this information? If software were perfect we wouldn't need solutions like this in the first place.

Runs? You mean doesn't block?