Comments on: QotW #8: how to determine what to whitelist with NoScript? http://security.blogoverflow.com/2011/09/qotw-8-how-to-determine-what-to-whitelist-with-noscript/ The Security Stack Exchange Blog Sat, 06 Feb 2016 05:11:22 +0000 hourly 1 https://wordpress.org/?v=4.5.6 By: corrector http://security.blogoverflow.com/2011/09/qotw-8-how-to-determine-what-to-whitelist-with-noscript/#comment-106 Tue, 20 Sep 2011 19:18:06 +0000 http://security.blogoverflow.com/?p=322#comment-106 “why block maliciousness at the browser? “

Only the browser gets to see the URL for https.

Seriously, do you want : 1) to be protected only on http sites? or 2) to compromise en end-to-end integrity and relative confidentiality provided by SSL/TLS?

]]> By: Matt http://security.blogoverflow.com/2011/09/qotw-8-how-to-determine-what-to-whitelist-with-noscript/#comment-98 Wed, 14 Sep 2011 21:28:57 +0000 http://security.blogoverflow.com/?p=322#comment-98 I’d be curious what level an in-line IPS definition or URL blocklist provides against such things (maliciousness), in lieu of NoScript. Specifically, why block maliciousness at the browser? Distributed CPU resources?

]]>