Update: NotScript is no longer available. You can use ScriptBlock or uMatrix instead. You can check out our Firefox review of uMatrix which offers identical functionality to the Chrome version. The following review is kept on the site for archiving purposes. End
Up until now it was not possible to port the popular Firefox script blocking extension NoScript to Google Chrome.
Restrictions of the browser made it impossible to block elements before they were loaded, which obviously did not work out well for a security add-on that needed to block the scripts before they were loaded.
The developer of the NotScript extension for Chrome explains recent changes made to the browser that made the extension possible:
NotScripts uses a unique and novel method to provide this "NoScript" like functionality in Google Chrome that was not previously possible. It introduces a break through technique of intelligent HTML5 storage caching to over come the limitations in Google Chrome that prevented an extension like this from being made before. NotScripts blocks third-party content BEFORE they load and it does this while also having a whitelist. This is one of the key extensions that many people have been waiting for since Google Chrome came out.
The installation of the script requires the user to set a password in the Chrome profile folder, by manually editing the file CHANGE__PASSWORD__HERE.js. This may turn away many users who would probably like to use the add-on, and the developer should consider another way to set that password.
A NotScripts password is required to be set for the initial use on a computer or if NotScripts was updated. The password is used to protect your privacy by preventing web sites from viewing the NotScripts whitelist caches. Due to technical limitations, you are required to open a file to set the password.
Once that is done NotScript will start to function similar to NoScript. The extension blocks most - but not all - scripts from being executed automatically on a website, with the possibility to whitelist scripts so that they can be executed normally.
It places an icon in the address bar, that displays the currently blocked and allowed scripts on the site.
Scripts that are allowed are added to a whitelist.
It is furthermore possible to allow scripts temporarily for all sites for a while. Functionality that is currently missing is the option to enable a script temporarily for a session only.
As mentioned previously, NotScript has several limitations at this point in development, they are:
NotScripts can block plugins like Flash and Silverlight. However, Java applets are a special case. Java applets embedded with the standard <EMBED> </EMBED> or <OBJECT> </OBJECT> tags can be blocked, but Java applets embedded with the old, deprecated <APPLET> </APPLET> tags cannot be blocked because Google Chrome does not fire load events for this legacy method. The current workaround is to disable Java in your browser until this can be fixed.
All scripts loaded from a source location (the vast majority) can be blocked. However, inline scripts that are directly written into the HTML code of a web page cannot be blocked by NotScripts because Google Chrome does not fire load events for them.
When you visit a web site for the first time with scripting enabled, you may see NotScripts quickly reload it once as it caches the whitelist and refreshes. Subsequently, there is no reloading needed unless you happen to change a part of your whitelist that directly affects the site. This is only a minor issue and happens less and less as NotScripts learns your desired whitelist.
NotScript is a unique extension for Google Chrome, that provides a good chunk of NoScript's functionality. The first official release version shows great promise, and if the developer continues to implement features and maybe, finds ways to remove some of the limitations and the dreaded password creation, then NotScript could become what NoScript is for Firefox: An indispensable add-onAdvertisement
Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.
We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats or subscription fees.
If you like our content, and would like to help, please consider making a contribution:
Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.