Using NoScript has been pretty eye-opening. I've come to learn that most of the time I'm happy unblock the primary domain. If the site doesn't work I'll look for a clearly-named CDN. If I can't identify one or, worse-yet, there is some kind of cdn.some-domain.com and unblocking that still doesn't make the site work, then I'm out.
I've stopped using NoScript because it was breaking my own apps. It was fine until Mozilla changed something in Firefox. The problem is that NoScript inserts a lot of JS into the web page and some of that JS gets broken by some sort security lockout. It may be a bug in Firefox and maybe it's been fixed but I wasn't satisfied with NoScript anyway. I'm now using uMatrix. It doesn't insert JS on every active element (just at the top) so it avoids buggy behaviour. The main thing I like about it is that it only blocks cross-origin scripts (NoScript blocks everything by default, including same-site).
I do not understand why this injecting js to block js is a thing. Why is there no way to just tell the browser engine not to execute any js here? if the functionality isn't there in the browser engine, why not?
I use 2 browsers, one with JS disabled and blocking everything (like 95% of the time), and second one for say "important" stuff like banking, youtube and facebook ;)
Good to know! I have seen how it injects JS into every page but so far it has not messed with my development, but I do use uBlock so I'll look into using it as a NoScript replacement as less the fewer plugins the better. Thanks!
I do also use my hosts file for stuff that will never, ever, ever get a pass, like google analytics.
