NotScript Brings NoScript Functionality To Google Chrome
Update: NotScript is no longer available. You can use ScriptBlock or uMatrix instead. You can check out our Firefox review of uMatrix which offers identical functionality to the Chrome version. The following review is kept on the site for archiving purposes. End
Up until now it was not possible to port the popular Firefox script blocking extension NoScript to Google Chrome.
Restrictions of the browser made it impossible to block elements before they were loaded, which obviously did not work out well for a security add-on that needed to block the scripts before they were loaded.
The developer of the NotScript extension for Chrome explains recent changes made to the browser that made the extension possible:
NotScripts uses a unique and novel method to provide this "NoScript" like functionality in Google Chrome that was not previously possible. It introduces a break through technique of intelligent HTML5 storage caching to over come the limitations in Google Chrome that prevented an extension like this from being made before. NotScripts blocks third-party content BEFORE they load and it does this while also having a whitelist. This is one of the key extensions that many people have been waiting for since Google Chrome came out.
The installation of the script requires the user to set a password in the Chrome profile folder, by manually editing the file CHANGE__PASSWORD__HERE.js. This may turn away many users who would probably like to use the add-on, and the developer should consider another way to set that password.
A NotScripts password is required to be set for the initial use on a computer or if NotScripts was updated. The password is used to protect your privacy by preventing web sites from viewing the NotScripts whitelist caches. Due to technical limitations, you are required to open a file to set the password.
Once that is done NotScript will start to function similar to NoScript. The extension blocks most - but not all - scripts from being executed automatically on a website, with the possibility to whitelist scripts so that they can be executed normally.
It places an icon in the address bar, that displays the currently blocked and allowed scripts on the site.
Scripts that are allowed are added to a whitelist.
It is furthermore possible to allow scripts temporarily for all sites for a while. Functionality that is currently missing is the option to enable a script temporarily for a session only.
As mentioned previously, NotScript has several limitations at this point in development, they are:
NotScripts can block plugins like Flash and Silverlight. However, Java applets are a special case. Java applets embedded with the standard <EMBED> </EMBED> or <OBJECT> </OBJECT> tags can be blocked, but Java applets embedded with the old, deprecated <APPLET> </APPLET> tags cannot be blocked because Google Chrome does not fire load events for this legacy method. The current workaround is to disable Java in your browser until this can be fixed.
All scripts loaded from a source location (the vast majority) can be blocked. However, inline scripts that are directly written into the HTML code of a web page cannot be blocked by NotScripts because Google Chrome does not fire load events for them.
For example: <script src="http://example.com/aScriptFile.js"> </script> can be blocked without any issues. However, <script>alert("Hello, World!"); </script> written directly into the HTML code by the site you are visiting cannot be blocked by NotScripts because it is not loaded from anywhere, it is a direct part of the web page you view. However, these inline scripts are usually useful and are often required for a site to function properly. If you want to, you can set Google Chrome to deny javascript for all sites and use NotScripts to selectively pick the scripts to run on sites you enable javascript on.
When you visit a web site for the first time with scripting enabled, you may see NotScripts quickly reload it once as it caches the whitelist and refreshes. Subsequently, there is no reloading needed unless you happen to change a part of your whitelist that directly affects the site. This is only a minor issue and happens less and less as NotScripts learns your desired whitelist.
NotScript is a unique extension for Google Chrome, that provides a good chunk of NoScript's functionality. The first official release version shows great promise, and if the developer continues to implement features and maybe, finds ways to remove some of the limitations and the dreaded password creation, then NotScript could become what NoScript is for Firefox: An indispensable add-on
NotScripts was removed from the Chrome Web store in September 2014.
Just to clarify that a certain “compvid30” (Oliver von Schleusen; also found out that he forked the discontinued on-the-fly disk encryption program FreeORFE into StrongCrypt) forked the NotScripts source from Google Code and remade as “ScriptBlock”.
As far as I understood it, Chrome is built into the Android system. If true, I’m just wondering if I can load this extension into it. Would be nice to have :)
Yes. I’m planning to standardize on Android phones. And would like to know if this extension works on the Chrome installed in Android.
Dante I do not know. I tried checking Android Market for the Chrome browser but could not find it there. Are you sure you have the Chrome browser installed on your Android phone?
Sorry, new to this Chrome thingie. Does this also work on Chrome in an Android environment?
Dante, to be honest this is the first time I heard about a Chrome – Android link. Do you mean a version of the Chrome web browser running on Android?
Yes!
I have been waiting for this for a long time :D
Once I’ve checked this out and seen if it holds up to my expectations, I may finally decide to take the plunge away from FF.
Thank you so much for the heads up.
Now, if only they could make an adblocker that actually blocks the ad servers instead of the current which first download the ads and then simply prevent chrome from showing them…
I also have been waiting for a long time, but NotScript currently does not hold up. I do not like it that there is no option to temporarily enable a script like in NoScript. You can remove permissions again but that needs to be done manually, unlike NoScript where it is handled automatically. But the developer has done a great job, and it will be interesting to see how this turns out.