There is another FF extension which forces HTTPS and has the additional feature of setting SECURE cookies. The authors have a very good paper
on their site explaining a lot of details of how to secure your site and your browser. The use of secure cookies in this process is very important.
Here is the site for "Force HTTPS" extension:https://crypto.stanford.edu/forcehttps/
and here are the changes I made to the .js file of the extension in the following folder location
in order to connect to Donationcoder securely:
// Rewriting rules (client-side)
// Full ForceHTTPS cookie protection
// Partial ForceHTTPS cookies (only allowed client-side)
If anybody knows a simple way (i.e. not sniffing) of determining if a cookie has been set securely or not, I would appreciate if (s)he could share that information with me.
The use of Force HTTPS seems to be even more secure than noscript because of the secure cookie setting feature.
I have noscript permanently deactivated, because I think it is almost impossible (at least for my surfing habits) to browse the web without the use of java script. So it is too much of a nuisance for me
. FF3.5 will hopefully make the possibility of cross scripting attacks more remote, FWIU.