Occasionally my ISP injects some javascript into what I'm viewing on the web and half my screen is taken over by the ISP. The purpose is usually to report some kind of news event related to the ISP. Like maybe there will be an outage for an hour or something the next day. Here's the thing: when I used NoScript, even though I had scripts fully allowed for the webpage I was on and the domain of the ISP that is doing the XSS, NoScript would always block the injection and report it as a blocked XSS. With uMatrix the XSS is always allowed and my screen is taken over. Is this an instance that exemplifies the superior protection that NoScript offers over uMatrix?
If you are allowing all scripts (including 3rd-party-requests), then of course uMatrix doesn't block it. You can mitigate it, if you block 3rd-party requests/content
This is generally how I operate. But in this case the two sites in question need scripts allowed to work, so it appears uMatrix provides no protection in this scenario, whereas NoScript does because of its continual XSS protections even when scripts are allowed.
