With the relentless XSS attacks against large websites, including the Paypal XSS the other day, and the recent Twitter XSS attacks, why are there any techies left not using NoScript?
I uninstalled NoScript after it interfered with my e-commerce transactions one too many times. Lack of Javascript caused the transaction to halt abruptly, sometimes causing me to lose the ticket I was booking (some travel tickets are very time sensitive here). Even after I added my own bank to the whitelist, the middleman sites between the retailer and the bank were getting affected and blocked.
I just installed RequestPolicy addon after going through this thread, and am hoping it will be a good tradeoff (other reason for installing this instead of NoScript are those annoying ad-filled pages NoScript shows after its frequent updates, and its author's attempts to fiddle with ABP sometime back, making his integrity questionable).
I uninstalled it myself for the same reasons. It does cause problems some times, but after you've fine tuned it those times become very infrequent. You can even synchronise your settings between Firefox installations now by telling NoScript to store its config in a bookmark.
I reinstalled NoScript a while back. IMO, the problems it prevents outweigh the problems it causes.
I don't use Chrome, but I do use some non-Firefox browsers (Arora, w3m, sometimes uzbl), so I take a more barbaric approach: a giant /etc/hosts file pointing various offensive domains at 255.255.255.255, and iftop/firebug/Webkit's inspector/suspicious cookies to determine where horrors are coming from.
I tried once, but the whitelisting got too tedious; almost every website I interact with needs scripting. I've also never been hit with an XSS attack; similarly I haven't gotten a virus since a boot sector on a floppy 15 years ago. I haven't found the risks to be high.
I have my NoScript set to allow %site.com and *.%site.com by default. It leaves most sites usable, but blocks most of the bs. I only have to white list somethinsomethingCDN.com rarely. (less than five sites) That and googleapis, jquery, not much else. Read the docs and adjust the settings accordingly.
