I use NoScript but have enabled the option "Temporarily allow top-level sites by default". That means any site I directly visit is allowed to run JS. But any references to scripts on other domains are blocked. That makes the web pretty usable but more secure.