ScriptBlock for Chrome blocks scripts from running automatically on websites
One of the core reasons that I'm using Firefox as my main web browser is the NoScript extension for it. It blocks all scripts from running automatically on websites, ships with options to enable scripts temporarily or permanently, and offers a wide area of additional security features that protect the browser well from many threats on today's Internet.
Google Chrome users have access to similar extensions, but they do not provide the same level of protection as NoScript does. The extension that came closest until now was NotScripts. The extension showed promised but lacked several needed features including the ability to allow access to a domain temporarily.
The last update of the extension dates back to 2010 though and it appears that the author has abandoned it.
Update: ScriptBlock is no longer available. You may want to try uMatrix instead which may block third-party connections to sites.
If you browse the store for alternatives, you will eventually stumble upon ScriptBlock. The author of the extension confirms that it is based on NotScripts, and the general layout of the interface shows that it does.
ScriptBlock for Chrome
The extension is configured to block all scripts but those in a whitelist. It ships with a list of whitelisted domains by default but only Google, Yahoo, Microsoft and PayPal properties. Not even Facebook or Twitter is whitelisted here.
The icon of the extension displays the number of scripts that have been blocked on the site that you connect to after installation. A left-click on the icon opens the menu that you see above. Here you can modify the permission for each domain, or use global options displayed underneath to temporarily allow all scripts on the page or globally.
The website is reloaded automatically once you modify one or multiple script permissions. If you want to modify multiple permissions at once, check the Multi-Select Sites box first and then make the necessary changes on the page.
The options provide you with several other options. First, you can add domains to the whitelist or temporary whitelist here. Just enter one domain per line here and hit the save list changes button afterwards to do so.
Second, you can disable the automatic tab reload feature here as well, and disable the hiding of search results that Google labels harmful.
ScriptBlock is password protected by default to protect the whitelist from being accessed by websites. It uses a default password that you may want to change. Instructions are provided on the options page. You need to edit a file in your Chrome profile to change the password and restart Google Chrome afterwards to complete the process.
Why would you run it?
If you never used a script blocker before you are probably wondering why you should run such a tool. The explanation is simple: it not only protects you from many threats on the Internet by default, as scripts get blocked when you load websites in the browser, it will also speed up your Internet browsing because of the same reason.
Verdict
ScriptBlock brings some of the NoScript magic to the Chrome browser. It lacks several of the features that make NoScript great, but offers the basics. Since NotScripts has not been updated since 2010, it may be best to switch to this one instead as it offers everything the older extension has to offer.
hey man,
this extension was disabled by google :(
can you give us some ideas about a replacement ?
thank you
Had to wait as I record lots of ‘stuff’ so couldn’t spare the browser. Uninstalled and reinstalled, that fixed it – thank you Martin :-*
Why didn’t I think of that? Because I panic :-/ However, it didn’t make any difference. Thank you for the idea, Martin.
Something else then? Have you tried to reinstall the extension?
A lot of techie people can’t spell, Blue.bsod, especially if they’re not native English speakers.
I know this blog is ‘old’, but I’m having a problem with ScriptBlock on one of 3 laptops running it. I’ve been using it without problems for a few weeks – I’m getting “site not found” so cannot activate it. I wonder if FortiClient AV is blocking it, as it’s the only laptop I have FC on… I’m lost.
(Just in case Martin or some other kind and knowledgeable GHacker can help.)
I never used the client so don’t know, but does it log what it does? You could check the log to see if it blocks requests. You could also try and disable whatever protection is is offering for a temporary amount of time to see if it is indeed the culprit.
I was slightly interested until I came across these glitches under “Password Status” tab, “Default Passwordt” which they oddly ended with a “T”… and the following explanation, “In “NotScripts” on witch ScriptBlock is based, many people had problems to set the password.”… wrong spelling of the word, “which”… hard to believe anything much is credible after that.
that very good
Definitely a great add-on, Martin. I use Chrome as my secondary browser and I think ScriptBlock provides an easier-to-read pop-down interface than NoScript for selectively controlling scripts. If I remember correctly, Notscripts was kind of a pain to set up (had to play with some file initially). ScriptBlock is definitely the best choice for Chrome.
Karl, you had to set a password initially. ScriptBlock overcomes this by using a default password for that, so that you do not necessarily have to do it.
You are right! :)
Happens :)
hey. ain’t the scriptsafe better? https://chrome.google.com/webstore/detail/scriptsafe/oiigbmnaadbkfbmpbfijlflahbdbdgdf?hl=en
Is that the old ScriptNo extension under a new name? I have reviewed this one here: https://www.ghacks.net/2011/11/15/scriptno-another-noscript-extension-for-chrome/
woa that looks exactly the same. it is the same indeed.
i’m actually kinda worried that this might be yet another addon that simply steals existing code to get donations.
if you compare this extension with notscript you’ll notice that they are quite similar – most of the file names are exactly the same, the ui is very similar (the notscript screenshots in the linked post are old, they are pretty much the same with a different color scheme) and large parts of code are the same (even with the same comments). i’d be very careful with this one…