Reading up about this a bit more it does appear that noscript does help against XSRF even those that don’t use javascript, by changing post requests to untrusted sites to empty gets.
Neat. Though I think you meant “changing post requests from untrusted sites to trusted sites to empty gets”, as would be expected to protect against Cross Site Forgery.
Neat. Though I think you meant “changing post requests from untrusted sites to trusted sites to empty gets”, as would be expected to protect against Cross Site Forgery.