Cross domain requests are the real problem. Usually, allowing "example.com" to run javascript fetched from "example.com" is not a problem. It's when "example.com" fetches javascript from 10 other domains that the web starts to behave horribly.
RequestPolicy for Firefox blocks all cross-domain requests. Even fetching images and css from different domains. It has a blacklist/whitelist system very similar to NoScripts, so you have to allow for example, twitter.com to fetch resources from twimg.com etc, but you only have to allow it once.
[edit] I use both NoScript and RequestPolicy, but I consider RequestPolicy to be a much more powerful and useful addon.
RequestPolicy for Firefox blocks all cross-domain requests. Even fetching images and css from different domains. It has a blacklist/whitelist system very similar to NoScripts, so you have to allow for example, twitter.com to fetch resources from twimg.com etc, but you only have to allow it once.
[edit] I use both NoScript and RequestPolicy, but I consider RequestPolicy to be a much more powerful and useful addon.