How to use the new ‘Web Extension’ NoScript version (10.1.1) with Firefox:
After NoScript is installed in Firefox, double-check to make sure the NoScript icon shows up in Firefox’s toolbar. (If it did not show up there, do this.):
Click “Help” in Firefox, then choose “Restart with Add-ons Disabled…”; then, after Firefox attempts to restart, click “Start in Safe Mode”; then just shut down and restart Firefox as normal. The NoScript icon should now appear in the Firefox toolbar.
Now it’s time to double-check the new (v10.1.1) NoScript settings:
With a ‘New Tab’ opened in Firefox, click on the NoScript icon in the Firefox toolbar, this will open up the new NoScript ‘Options’ page.
The first thing you should check is to make absolutely sure that the box for “Sanitize cross-site suspicious requests” is checked! (For info why this is important, see: https://noscript.net/faq#qa4_1 )
Next, you should see a list of some selected websites and their current settings. [Note: If this is the first time you have used NoScript you may either see no websites yet listed; or, you may see a small number of websites listed. --- (If you do not see any websites in the list, then just try opening one of your normal websites in Firefox, and then restart this check.)]To the left of any/all of the listed websites in the NoScript ‘Options’, will see for active button icons that will identify themselves when you hover over them with your mouse: ‘Default’, ‘Trusted’, ‘Untrusted’, ‘Custom’. You can click on any of these four button icons to change the status of any of the individual websites you choose.
In regards to the ‘Default’ button icon, it’s best to make sure that ALL of its settings are unchecked…by default. That way, any new website you visit will not have any of the categories allowed by default. [Note: Having the ‘Default’ button icon set this way is effectively the same setting as the ‘Untrusted’ setting…which is the safest “default” setting to start with on any/all website/s. --- Also note that this may require you to then have to decide whether or not to initially change any/all new website’s NoScript settings on their initial visit. And, that is the safest course.] Then, as you proceed to visit individual websites, it is up to you whether or not to blanket Trust or Untrust any website; or, experiment with its Custom settings.
Do note that the since the ‘Trusted’ setting “allows” everything (including third-party, offsite, plug-ns and ancillary sites) across-the-board to load, it should only be set for websites you absolutely fully trust! (Such sites would include: Mozilla; NoScript; etc.)
Experimenting with the ‘Custom’ option is best alternate option for most
websites. But, again, it’s best to start fresh with the
non-allowed ‘Default’ setting for any/all websites and proceed to see what, if
any, settings need to be changed (Note: The best/safest -- but, not
necessarily easiest -- course of action is having the least number of “allowed”
options for at least bare functionally of any website.)