What's

NoScript Mobile UI NoScript Anywhere (NSA) is the nickname for the next major iteration of the NoScript security add-on (NoScript 3.x), whose guts have been turned upside down in order to match Mozilla's Electrolysis multiprocessing architecture and implement a porting for Firefox Mobile, available on Android smartphones and tablets.

This open source (GPL) effort has started in the very beginning of 2011, and has been partially funded by the NLnet Foundation.

NoScript 3 alpha, available on Firefox 4 Mobile for the Android and Maemo operating systems, offers all the the major security features of "classic" NoScript:

  1. Easy per-site active content permissions management.
  2. The first and most powerful anti-XSS (cross-site scripting) filter available in a web browser.
  3. ClearClick, the one and only effective client-side protection against Clickjackings available on the client side.*
  4. ABE (App Boundaries Enforcer), a true webapp firewall inside your mobile browser to protect your router and web applications against CSRF and DNS rebinding attacks.**

* Fully implemented on the first NSA (Firefox 4 Mobile); recent (2012) subfeatures and the warnning dialog still need to be ported in NSA++ (Android-native Firefox).
** Fully implemented on the first NSA (Firefox 4 Mobile); partially working on NSA++ (Android-native Firefox) but needs bug fixing, testing and the Sync functionality to be restored for being usable beyond the basic default LAN protection (which already works).

ClearClick anti-Clickjacking protection on Android NoScript 3.x is implemented as a restartless add-on for Firefox Mobile, initially meant to explore the issues and the challenges posed by the Electrolysis multiprocessing architecture to a NoScript porting, then almost rewritten a second time to follow Mozilla's architecture U turn with the Android-native UI.

NoScript 3.x's UI is greatly simplified and optimized for touch devices, featuring a brand new page permission editing UI, specifically redesigned for smartphone usage and easily accessible by tapping on a floating finger-friendly icon.

Once installed (with no need to restart the browser), it blocks every script and other potentially dangerous active content unless the loading resource is whitelisted.

NoScript 3.x also introduces convenient Permissions Presets, which are offered for choice on first run and can be switched at any time:

NSA++, the new Android Native NoScript porting

In late 2011, Mozilla abandoned the Electrolysis/XUL architecture of its mobile Firefox and rebuilt it as a Gecko renderer embedded inside a native Android application, achieving a huge performance and responsiveness boost.

Unfortunately, this change made the original NSA incompatible almost overnight, and required yet another massive NoScript rewrite to bring it back on mobile devices.

This effort is still ongoing, but experimental 3.5 alpha builds compatible with the Android Native Firefox can be downloaded here for testing purposes, even if they're not as complete as the legacy (Firefox 4 Mobile) version.

At this moment:

The long-term goal is to reach feature parity with the stable desktop version and replace it with NSA's more modern, clean and future-proof (e.g. multiprocessing-aware) code. Unfortunately the need to keep "traditional" NoScript 2.x up-to-date for its millions of users makes this process painful and slow, especially because the project's current financial resources can fairly support the active development of one single codebase, but are insufficient for two divergent ones to be kept in sync. Therefore Donations, sponsorships, partnerships, grants and other funding proposals to keep NoScript really Anywhere are extremely welcome!

Downloads

Download NSA++ (NoScript 3.5 alpha) for Android Native Firefox

Download NSA (NoScript 3 alpha) for Firefox 4 Mobile (obsolete, sadly).