uMatrix, the brother of ublock is far superior than NoScript and Scriptsafe. It blocks virtually all scripts.
µMatrix: Point and click matrix to filter net requests according to source, destination and type.
>µMatrix: Point and click matrix to filter net requests according to source, destination and type.
Is there a way to filter based on 3D mapping?
For example, say I want to allow script from example.com but ONLY if they're being loaded from foobar.com.
It's an upgrade of HTTPS Switchboard so read the documentation on how to use uMatrix at
It's pretty much the same thing as uMatrix, but higher on the autism count.
Once you figure out how shit works, it just werks.
Why not simply use uBlock to block scripts?
Only drawback compared to uMatrix is that it doesn't block cookies, but since Firefox has a built in whitelist for cookies I guess it isn't needed.
Still it would be more convenient I guess.
Noscript is a script blocker.
Policeman/uMatrix/Requestpolicy(in order of granuality, left to right) are REQUEST blockers.
They do not do the same thing, but it's very similar to virtually anyone.
Policeman - Firefox only, harder to use, more detailed.
uMatrix - Chrom* only, easier to use, less detailed.
That's pretty much it, you won't notice much of a difference between them unless you're searching for stuff with elements like websockets on purpose.
It can't, at least not in Policeman's case, I asked the dev and he said that they're harmless, and IF by any chance the script tries to talk to the browser, Policeman will block it even if it's delayed or something.
if a inline script tries to 'talk' to the browser it's already a executable script, it's no wonder it would get blocked by policeman, it's a server > client > server request as most of them are.
normal inline scripts just run on the server side, these things don't even get cached, much less get downloaded and executed, so there's no real way for Policeman to stop them.
There's no real reason to either.
message=hello<script>changePassword("iAmAhugeFaggot", true, false, maybe, "faggot69");
>but personally I don't see a way how a script that doesn't have access to anything can pose a threat.
Pretty pointless, I can see a few performance critical addons needing the speed, but 99% of them can get away with the portability and simplicity of js.
Though I really woulnt' mind a Vimperator written in a high performance language.