Noscript has iframe protection

For those of you that read my blog you’ll know that I’m not a big fan of iframes for various reasons. I wrote a Javascript/CSS scanner which uses them to scan a local area network. There was no easy way to actually prevent this stuff until now….noscript now has iframe protection which is fantastic news, Giorgio kindly added the feature on my request and I’m really impressed with the speed he implemented it because I only mentioned it yesterday!

So what are you waiting for? Protect your LAN information now and download the plugin!

Update…

Thanks to Om for starting the thread on slackers and supporting the idea, this will make a big difference to Firefox security.

11 Responses to “Noscript has iframe protection”

  1. Bipin 3~ Upadhyay writes:

    Yup!
    …and it feels good to be a part of something good :)

  2. Gareth Heyes writes:

    Yep nice one for starting the thread :)

    It was a interesting discussion 😀

  3. Gareth Heyes writes:

    I thought I’d give you a bit of credit as well 😉

  4. Bipin 3~ Upadhyay writes:

    Thanks for the “bit of credit” :P, but it doesn’t really matter. What matters is to be in touch with guys like you. I hope to be more active on Slackers. :)

    The funny part is that I’d decided to post the thread right after Bank Of India hack but couldn’t.
    However, after reading your post I realized that this is the right time. So of course, (if the credit matters) you should get the bigger chunk. 😀
    Most importantly, let’s hope to see the issues (almost) killed with introduction of Content Restriction.

  5. Gareth Heyes writes:

    I hope that Content Restriction will end this madness but doubt it. The trouble is that often when specs are decided they get too complicated and holes get introduced, I hope this doesn’t happen. Simplicity often leads to better security.

  6. Tom Macklin writes:

    Yeah, simplicity leads to security…

    So, could you put include a feature in noscript that allows me to block most iframes, but allow ones that come from sites that are in my trusted sites list or that have a certificate that has been signed by…

  7. Gareth Heyes writes:

    Tom, Giorgio has already added that to noscript, there is even an option to block iframes from trusted sites. Just for the record I’ve nothing to do with noscript I just like it and made a suggestion.

  8. Bipin 3~ Upadhyay writes:

    @Gareth:
    Your comment reminds me of a line from Michael Zalewski’s “Silence on the Wire”:
    “The path to simplicity often leads through a seemingly needless level of complexity…”

    Although the context is different, the idea is crisp and clear: KISS :)

    I need help regarding certain issues. Will send you a mail. Thanks in advance. :)

  9. Tom Macklin writes:

    sorry… bad attempt at a joke. I was trying to point out what happens to secure apps when people start using them…

  10. Gareth Heyes writes:

    Sorry Tom it’s hard to tell when people are joking on comments :)

  11. Gareth Heyes writes:

    Om of course I’ll help ask away mate!