NoScript Mobile UI NoScript Anywhere (NSA) is the nickname for the next major iteration of the NoScript security add-on (NoScript 3.x), whose guts have been turned upside down in order to match Mozilla's Electrolysis multiprocessing architecture and implement a porting for Firefox Mobile, available on Android smartphones and tablets.

This open source (GPL) effort has started in the very beginning of 2011, and is partially funded by the NLNet Foundation.

NoScript 3 alpha, available on Firefox 4 Mobile for the Android and Maemo operating systems, offers all the the major security features of "classic" NoScript:

  1. Easy per-site active content permissions management.
  2. The first and most powerful anti-XSS (cross-site scripting) filter available in a web browser.
  3. ClearClick, the one and only effective client-side protection against Clickjackings available on the client side.*
  4. ABE (App Boundaries Enforcer), a true webapp firewall inside your mobile browser to protect your router and web applications against CSRF and DNS rebinding attacks.**

* Fully implemented on the first NSA (Firefox 4 Mobile); recent (2012) subfeatures and the warnning dialog still need to be ported in NSA++ (Android-native Firefox).
** Fully implemented on the first NSA (Firefox 4 Mobile); partially working on NSA++ (Android-native Firefox) but needs bug fixing, testing and the Sync functionality to be restored for being usable beyond the basic default LAN protection (which already works).

ClearClick anti-Clickjacking protection on Android NoScript 3.x is implemented as a restartless add-on for Firefox Mobile, initially meant to explore the issues and the challenges posed by the Electrolysis multiprocessing architecture to a NoScript porting, then almost rewritten a second time to follow Mozilla's architecture U turn with the Android-native UI.

NoScript 3.x's UI is greatly simplified and optimized for touch devices, featuring a brand new page permission editing UI, specifically redesigned for smartphone usage and easily accessible by tapping on a floating finger-friendly icon.

Once installed (with no need to restart the browser), it blocks every script and other potentially dangerous active content unless the loading resource is whitelisted.

NoScript 3.x also introduces convenient Permissions Presets, which are offered for choice on first run and can be switched at any time:

NSA++, the new Android Native NoScript porting

In late 2011, Mozilla abandoned the Electrolysis/XUL architecture of its mobile Firefox and rebuilt it as a Gecko renderer embedded inside a native Android application, achieving a huge performance and responsiveness boost.

Unfortunately, this change made the original NSA incompatible almost overnight, and required yet another massive NoScript rewrite to bring it back on mobile devices.

This effort is currently ongoing with NLNet's continued help, and experimental 3.5 alpha builds compatible with the Android Native Firefox is already downloadable here for testing purposes, even if they're not as complete as the legacy (Firefox 4 Mobile) version.

At this moment:


Download NSA++ (NoScript 3.5 alpha) for Android Native Firefox

Download NSA (NoScript 3 alpha) for Firefox 4 Mobile (obsolete, sadly).


Milestone Start Date End Date
  1. Architectural assessments & prototyping
2011-01-03 2011-02-02
  1. Scripting Permissions Management
2011-02-02 2011-03-03
  1. UI design and implementation
2011-03-03 2011-01-04
  1. XSS Filter
2011-01-04 2011-02-05
  1. Content (Un)blocking UI (Placeholders)
2011-02-05 2011-05-31
  1. ClearClick
2011-05-31 2011-06-24
  1. Mobile-friendly Setup Interface
2011-06-24 2011-08-24
  1. Remote Synchronization
2011-08-01 2011-09-19
  1. ABE and beyond (Script Surrogates, toStaticHTML, links emulation...)
2011-08-15 2011-10-14
  1. Android native porting, first experimental release with permissions UI
2012-07-01 2012-10-03
  1. Android native XSS filter UI
2012-10-04 2012-11-04
  1. Android native porting of other features, such as ClearClick, ABE and Sync
2012-11-05 To be planned