UGiorgio Maone, umdali weprojekthi yeNoScript, ukhuphe ukukhutshwa kokuqala okuvavanywayo kwesongezo sesiphequluli seChrome. Indibano ihambelana nenguqulo 10.6.1 yeFirefox kwaye yenzeka ngenxa yokuguqulelwa kwesebe le-NoScript 10 kwi-WebExtension technology. Ukukhutshwa kweChrome kukwi-beta kwaye iyafumaneka ukuba ikhutshelwe kwiVenkile yeWebhu yeChrome. Ekupheleni kukaJuni, i-NoScript 11 icwangciswe ukukhutshwa, eya kuba ngowokuqala ukukhutshwa kunye nenkxaso ezinzileyo yeChrome / Chromium.
I-add-on eyenzelwe ukuvimba ikhowudi yeJavaScript enobungozi kunye engafunekiyo, kunye neentlobo ezahlukeneyo zokuhlaselwa (i-XSS, i-DNS Rebinding, i-CSRF, i-Clickjacking), isetyenziswe njengenxalenye ye-Tor Browser kunye nokusabalalisa okuninzi kugxininise kubumfihlo. Kuyaphawulwa ukuba ukubonakala kwenguqulo yeChrome linqanaba elibalulekileyo ekuphuhliseni iprojekthi - isiseko sekhowudi ngoku sidityanisiwe kwaye singasetyenziselwa ukuvelisa iindibano zombini zeFirefox kunye neziphequluli ezisekelwe kwi-injini yeChromium.
Kumahluko kuguqulelo lovavanyo lwe-NoScript ye-Chrome, ukukhubaza isihluzo se-XSS, esisetyenziselwa ukuvimba ukubhalwa kwe-cross-site kunye nokubeka endaweni yekhowudi ye-JavaScript yomntu wesithathu, kugqame. Ngaphambi kokuzisa eli nqaku kwifomu yalo efanelekileyo, abasebenzisi kuya kufuneka baxhomekeke kwi-Chrome eyakhelwe-ngaphakathi "i-XSS Auditor", engasebenziyo njenge-NoScript's "Injection Checker". Isihluzi se-XSS asikwazi kuthuthwa ngoku, njengoko sifuna ukuqhubekekiswa kwesicelo esingahambelaniyo ukuze sisebenze. Ngexesha elithile, xa utshintshela kwi-WebExtension, abaphuhlisi be-Mozilla baphunyezwe kule API ezinye iimpawu eziphambili eziyimfuneko kwi-NoScript, njengabaphathi be-asynchronous, i-Google engekayifaki kwi-Chrome.
umthombo: opennet.ru