>>74930719>All useless info. Because ubo had this feature from the start and noscript is still catching up after years.
Let me know when uBO has protection against XSS and clickjacking. Far, far more important feature and why TBB uses it. >I'm thinking you are retarded. Or just baiting. For instance, you have allowed google domains to post on this very site.
I have a pass, poorfag.>Some sites actually require you to allow some js to function.
Vast majority of my sites work fine without JS, such as apnews.com
so I really, really don't whitelist much. And the ones I do I mostly trust. >I use ubo in nightmare mode and only noop the bare minimum needed for my purposes on each site.
Good for you, I have a uBO config setup just like that, except all the lists are removed. >At least when I have to noop a domain I have the peace of mind that I am blocking ads/trackers/malware. You can't say the same with noscript.
If you're noop'ing a domain and you're worried that there might be malware, a list isn't going to help if it's not on the list. The solution is to just not allow the JS to begin with. And this is also an example of why NoScript is superior, because even if you allow JS on a compromised domain, the XSS protection will stop it, unlike uBO which has no XSS protection.