NoScript has click-jacking protection, some XSS protection, and some other things. You could theoretically run it with those things on, but no scripting disabled.
I don't know how good the click-jacking or XSS protection is. For me it has always been a false positive, and usually very quickly fixed and ack'ed in the changelog, and otherwise, I really don't browse the web in such a way that I'm routinely encountering such things. (Plus I do use it with scripting off, so anything like a malicious script to further trigger an XSS elsewhere won't work on me.)
But even if you don't want the script blocking, it can be useful.
(And as others have observed, it is less annoying that you might initially guesstimate. I use it on two machines with no configuration sync'ing, and it still isn't annoying to me.)
I don't know how good the click-jacking or XSS protection is. For me it has always been a false positive, and usually very quickly fixed and ack'ed in the changelog, and otherwise, I really don't browse the web in such a way that I'm routinely encountering such things. (Plus I do use it with scripting off, so anything like a malicious script to further trigger an XSS elsewhere won't work on me.)
But even if you don't want the script blocking, it can be useful.
(And as others have observed, it is less annoying that you might initially guesstimate. I use it on two machines with no configuration sync'ing, and it still isn't annoying to me.)