Opera NoScript Alternative BlockIt
Regular readers know that I would make the switch from Firefox to either Google Chrome or Opera if those web browsers would support NoScript functionality and Last Pass.
NoScript is a security add-on for Firefox that blocks scripts from being loaded when the website loads. While that means more work on your part to enable scripts selectively when needed, it blocks many attack forms on the Internet outright.
LastPass is an online password manager on the other hand.
So far only Last Pass has made its way to the Google Chrome browser. Daxpit, a reader of my blog, recently mentioned that the BlockIt userscript offers NoScript like functionality when run in Opera.
A userscript in Opera is an external script that can be loaded in the web browser. Much like add-ons but more complicated to setup in my opinion.
BlockIt
BlockIt is compatible with the latest versions of Opera up to Opera 10.50 which is the version I have tested the script on.
It displays a small icon in the lower right corner of the screen. A click on that icon displays a menu that shows the scripts on the page, the number of scripts that have been blocked, a pulldown menu listing all script names, and controls to unblock scripts on the page.
All scripts that are executed normally on the page are disabled by default just like they are in NoScript.
BlockIt divides the elements on the page into categories like scripts, images or embeds with the option to unblock those elements individually or completely. This is one of the differences between both scripts. NoScript ignores images as they are not scripts whereas BlockIt blocks them as well in the beginning.
The following controls are available:
- Block: This is a button that toggles between "Unblock" and "Block", and adds the selected element to the whitelist if "unblock" is clicked, and removed if "Block" is clicked, also when this button is clicked anything that is viewable on the page will show up(red outline) and be blocked on the spot, same if "Unblock" is clicked(but orange outline and scrolled to)
- All: This is a button that unblocks or blocks all elements of that type, only use this if the site needs all of the elements for the page to work regularly,otherwise its good for quickly blocking/unblocking most elements quickly.
- T-Unblock: This is a button that allows toggling this script off temporarily for the whole tab, so if you are only visiting this site temporarily and want to view it properly in its entirety, this button is for you.
- Server: This is a button that blocks/unblocks all elements of the type based on the server name, say if you wanted all scripts from one site to be loaded but others not to be, this button does what it says on the tin.
- Preview: This is basically a button that allows you to preview the element in a new tab, this is especially good for scripts that cannot be previewed the normal way.
BlockIt remembers the configuration changes made by the user so that elements that have been unblocked remain unblocked in future sessions. The information are stored in cookies which means that cookies need to be enabled for the settings to be saved by the script.
Tips
- Holding shift and clicking on the "Unblock"/"Block" button is a quick shortcut for blocking all elements of the same type on the page(like clicking on the "All" button), holding ctrl is a shortcut for blocking elements based on the same servername as itself(like clicking the "Server" button).
- Holding ctrl while clicking the "Server" button actually stores the servername for all element types, this is useful for youtube as sometimes it holds all scripts and images on similar servers
- Holding shift while clicking the "T-unblock" button will actually only unblock everything for that url only, need to turn blocking back on again? Here is a bookmarklet that will do so. Drag this to a toolbar or bookmark it for future use. BlockIt toggle
- BlockIt adjusts to your screen size, the user interface will shrink its font and total width accordingly, if BlockIt cannot fit, it will tell you, but this script is mainly designed to work on screens with width 300px and above.
- By default, BlockIt will appear in the bottom right position, if you'd like to change the position, change "cornerposition" to either 1(top-left),2(top-right),3(bottom-left) or keep it as it is as 4(bottom-right)
BlockIt is a great NoScript alternative for the Opera web browser. This ties the score between Google Chrome (which got Last Pass) and Opera (which got NoScript).
BlockIt can be downloaded from the forum page over at the Opera forum where the developer announced the script.
Update: The switch to Chromium brought many changes to the Opera web browser. One of them was a reset of the Opera forum taking all old posts with it. This means that BlockIt is no longer available. Even if it would be, it would no longer be compatible with recent versions of Opera.
You may want to check out the NotScripts extension for the new Opera browser which offers similar functionality.
We need your help
Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.
We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats (video ads) or subscription fees.
If you like our content, and would like to help, please consider making a contribution:
Thanks for this mention Martin. I’m not aware about the reason of your insisting on a password manager but perhaps Opera’s Wand in connection with a neat password-recovery tool could account for that.
LINK: http://operawiki.info/PowerButtons#retrievewand
HTH :-)
Dapxin, not dapxit :) blockit not noscript :p . Opera, not …..
Thanks, Martin. Going to keep an eye on this, may well make the switch sometime soon.
Thx for the tip! BTW Lastpass is so much better than opera built in wand!!
Without NoScript couldn’t you just run your browser sandboxed?
Errm, In Opera, F11, Enable/Disable Javascript….
Mark but that disables it globally. BlockIt can disable all and enable them selectively.
So does Opera, using site preferences…
The blockit Unite App has been updated. Works much better now!
http://files.myopera.com/shoust/files/blockItUnite.ua
And it does not need cookies to function.
Why are you not using Operas built in “NoScript” functionality? Go into Tools> Preferences > Advanced > Content > and uncheck JavaScript. Then visit any page, and RIGHT CLICK the page and select “EDIT SITE PREFERENCES” You can turn JavaScript on per site already!!!! Its been built into Opera for YEARS. This is one of the main reasons I have always used Opera, because of its security and functionality. No need for “NoScript” add-ons. Its had it out of the box since the beginning!
And when something doesn’t load or work properly, using this method, its usually because the script is in an iframe from a 3rd party site, or linked via src to a 3rd party site. Just use the Opera info sidebar to look for iframes and visit them to do the same enable functionality.
No need for updates to use an add-on or having to worry about bloated 3rd party tools that could potentially lead to a vulnerability in the main browser itself at some point.
(note: when editing site preferences, take the www. out of the url before clicking ok. This usually helps ensure it works across all sub domains of the same site ex:bob.somesite.com vs http://www.somesite.com. otherwise, you have to do it per subdomain)
This has been built into Opera for YEARS. This is one of the main reasons I have always used Opera, because of its security and functionality. No need for “NoScript” add-ons. Its had it out of the box since the beginning!
Why are you not using Opera’s built in “NoScript” functionality? Go into Tools> Preferences > Advanced > Content > and uncheck JavaScript.
Then visit any page, and RIGHT CLICK the page and select “EDIT SITE PREFERENCES” You can turn JavaScript on per site already(as well as plugins, so flash can be blocked as well per site)!!!!
And when something doesn’t load or work properly, using this method, its usually because the script is in an iframe from a 3rd party site, or linked via src to a 3rd party site. Just use the Opera info sidebar to look for iframes and visit them to do the same enable functionality.
No need for updates to use an add-on or having to worry about bloated 3rd party tools that could potentially lead to a vulnerability in the main browser itself at some point.
(note: when editing site preferences, take the www. out of the url before clicking ok. This usually helps ensure it works across all sub domains of the same site ex:bob.somesite.com vs http://www.somesite.com. otherwise, you have to do it per subdomain)
DigiP,
I have been keen to use Opera, but the lack of NoScript kept frightening me off.
I have implemented your suggestion (turn Javascript off, and enable individual sites that I trust).
I have only been doing that for the last 5 minutes, but so far so good..
Thanks for the ‘heads up’,
Rob
Yeah. Its how I’ve always used Opera. One thing to note though, if the sites use any third party scripts, you have to enable it for those sites as well, or certain parts of the site won’t load. For example, if they use offsite jquery scripts, like from google.
It can be a pain on some sites to find all the third party scripts to make something work, but I feel much safer knowing that they don’t load automatically, and also gives me more insight into where MY information is shared, since loading the third party scripts from offsite also shares my info with those companies in allowing them to run and track my statistics, so its kind of a double edged sword. For the most part, I generally don’t have too many issues though, and rarely have to hunt down the 3rd party scripts.
This is also nice though, because if I don’t use facebook, why do I want its like button tracking me every where I go? Things like Omniture and other web trackers won’t load if the scripts are purely 3rd party and loaded offsite. This also helps with XSS that loads external iframes and javascript, so long as it isn’t persistent XSS code and only called from the other sites, they won’t run.