Block JavaScript in Google Chrome. NoScript’s features in Chrome!
By on February 6th, 2010

If you have just migrated to Chrome from Firefox, you may have noticed that there is no Chrome version of NoScript the popular Firefox add-on to block JavaScript on web pages. NoScript blocks JavaScript, Java, Flash, Silverlight and several other executable contents by default and gives users a choice to allow these content from trusted sources only. Hence, it makes browsing faster and safer. I can’t imagine web browsing without NoScript, and this is one of the many reasons to stick with Firefox.

If you miss NoScript in Chrome, I have good news for you: Google Chrome will have similar content filter options soon. The latest Dev channel v5.0.317.0 for Windows has an option to selectively control cookies, images, JavaScript, plug-ins and pop-ups. Users can either block this content or opt to allow only certain trusted sources.

How to block JavaScript and other contents in Chrome?

disable javascript in google chrome

If you are using Dev channel of Chrome on Windows, you can access these features by updating it to latest release. Move to Options->Under the Hood->Content settings. This setting window provides better management of images, JavaScript, plug-ins, and pop-ups.

The recommended option is to block all JavaScript and add trusted hosts as Exceptions. Although, blocking JavaScript may result into unusual rendering of web pages. You can set options for cookies, images, popups and plug-ins similarly.

content setting icon in address barYou can also control your content settings from the address bar. If there is any blocked item on the current web page, a small icon will appear in the address bar, and users can manage settings by clicking on it. This feature is similar to NoScript, where you can control settings from the status bar icon.

I hope to see this feature in stable version of Chrome soon. :)

Tags: , , , , , ,
Author: Arpit Kumar
Arpit is a full time devotee of Tech and Web 2.0

Arpit Kumar has written and can be contacted at arpit@techie-buzz.com.
  • Abhishek S.

    Nice work reporting this, Arpit/Techie Buzz. Even ZDNET has picked it up from here –
    http://blogs.zdnet.com/Google/?p=1714

    Anyway, this should be a reason to be happy but I am really concerned about Google Chrome taking the shine away from Firefox in the near future. Google are really coming up with features after features and the higher version numbers too do justice to the meat that they have been adding to their browser. I just hope Firefox does not get relegated, it being the first and truly successful open-source project…

    • adasd

      Firefox, the first open-source project? HAHAHAHAHAHAHA

      • Abhishek S.

        @adasd – I stand corrected. Definitely not the *first* open-source project. Richard Stallman would balk at that ;-)

  • Pingback: Chrome新功能:屏蔽JavaScript » Chromeè¿·

  • http://www.cite-technologian.com/ Cebu Tech Blogger

    I don't see enough reason for Firefox to be relegated. Firefox is still at its best. The only thing is that this great "NoScript" add-on on FF will also be made available for Chrome. But it doesn't guarantee everything that made FF to the top can be experienced also on Chrome.

  • Thomas Jespersen

    I just tried it. I don't like the fact then when you allow javascript you are allowing any javascript on the page including other domains requesting access.

    Example: with NoScript I need to allow both youtube.com and ytimg.com to see anything. With Chromium it seems anything is allowed as soon as I allow youtube.com.

  • Geralt

    As Thomas has pointed out already this Chrome feature is not nearly as powerful and useful as NoScript is. Also I'm missing NoScript's "allow temporarily" which enables JS just for this one browser session.

    • nascent

      This is it exactly. I don’t want to add exceptions for site’s I’ll never visit again.

  • kn

    Not quite the same :( Noscript isn't just filtering javascript, but also protection against XSS and ABE attacks and a few more … really hope that noscript's authors rethink they're decision to not publish on chrome!

    • mike

      It's not that he doesn't want to, but because the API needed to implement the plug-in is not there.

  • Neuromancer

    Better but, the new js script blocking in Chrome only blocks on a per website basis, not on a domain basis…does it? This doesn't provide the granularity that NoScript has for Firefox.

  • Justin L

    too bad chrome's extension system is handicapped and is easily compromised

    chrome is broken by design, it will never have meaningful popup, script, or plugin controls that truly put you in control of even the most aggressive advertisers

    for example, i've been using the latest chrome for weeks, i have popup blocking enabled, no exceptions added, and i still get maybe 10-20 popups per day. not to mention many flash ads that randomly play unwanted sound, which i can do nothing about because the chrome "flashblock" extensions are easily bypassed.

    but sadly, only chrome has sandboxed plugins right now, so it's either live with forced invasive advertising (popups, flash sound) per google's exemption policies, or be hacked through firefox's anything-goes plugin system

  • Mk

    thank you very much, I am currently testing Chromium on ARCH Linux and found your page while looking for a no-script replacement.

    This is not quite like no-script but it is enough for me to use Chromium full time.

    Thanks again!

  • S

    I prefer Yes Script. Every site is whitelisted until we decide to blacklist it by clicking on the icon in the status bar.

    - No learning curve at all compared to No Script.

    - The Yes Script author has never hacked another addon like the No Script author did either.

    – Yes Script doesn't update 1-2 times a week in order to obtain page views for ads like No Script author does.

    Chrome wants users, but only if we can't control things. The only reason I'm using it now is because FF is running slowly and crashing for some reason (I'm hoping it was because I was using the unsafe version of Flash, not sure why Flash didn't tell me there was a new version, probably my fault, unless hubby closed out the notification).

    If the updated Flash fixed my problem, I'm back with FF, because Chrome is only slightly better than IE, until they allow better scripts to allow more user control.

    • S

      Forgot Yes Script's link if anyone's interested https://addons.mozilla.org/en-US/firefox/addon/49

    • RD

      RE: YesScript – Kind of defeats the purpose of script blocking if everything is whitelisted from the beginning. When visiting a ‘new’ site that I don’t yet trust I don’t want any scripts, flash, etc. to execute or run.

      I didn’t know the author of NoScript hacked another FF addon. Which one? Where did you hear about this?

      Constant updates are a good thing. It means the author is staying on top of things. The page that shows up after an update has simple instructions for disabling the ‘update page’ from showing up. In other words, the author shows you how to avoid that page after every update.

      • fosul

        ABP response to the hacking: http://adblockplus.org/blog/attention-noscript-users

        NoScript Author’s APOLOGY: http://hackademix.net/2009/05/04/dear-adblock-plus-and-noscript-users-dear-mozilla-community/

        However, I still use NoScript no matter what, it just does a better job. I use both ABP and NoScript and I’ve never had any problem with a learning curve or anything. I mean..really? A “learning curve” is understanding how to right click on your mouse? If that’s a learning curve to you, I think you have more things to worry about than understanding NoScript or any addons to begin with. The entire point of NoScript is to stop the Java and everything else from showing up on your computer and then going from there. Simply going to a site on pure whitelist the first time can already do enough damage.

        I’d rather like NoScript being constantly updated, it shows the author actually cares about their work rather than never updating. It shows they are on top of things and still actually care about the program.

        Personally, stick with NoScript. I’ve never met a better addon and I recommend it to everyone. Each person I’ve shown it to understands how to use it right away and I’ve never even had a single follow-up question regarding it or any other problems. I’d rather more user interaction and knowing I have a safe computer than the easy way out and a possible infected one.

      • moi

        I doubt the author of “no script” hacked anyone else’s addons, I have followed his work and I have a good sense of this kind of thing, I really doubt it. If you are going to start accusing people of stuff like this, you really need to be able to back that up. Also, FF is “open source” so “hacking” someone else’s add-on is not really hacking at all is it? I think I would be careful throwing around remarks about the developer of one the most popular FF add ons out there…

  • http://www.trideen.com Herman

    Thanks for the info :)
    It’s only an average alternative though. With NoScript you could see where on your page the scripts were blocked, Chrome does not do this automatically.

  • Thrawn

    Being able to block & allow scripts on a per-domain basis is a good start, but it’s a snack compared to NoScript’s meal. Here are a few of NoScript’s extra abilities:

    - Temporarily allow a domain. Expires at end of session or when revoked.
    - Block other types of active content (Flash, Silverlight, Java).
    - Block/allow based on second-level domain or top-level, as you prefer.
    - Blacklist untrusted sites and don’t ask about them again.
    - Silently (but configurably) block web nasties like clickjacking, XSS, web bugs, etc.
    - Attempt to fix pages that rely on scripts to display properly (links that rely on JavaScript, pages that rely on Google Analytics, etc).

    And as for the fact that updates are frequent – isn’t that exactly what you want in a security tool? Just take a look at hackademix.net to see the exploits that ma1 is discovering and blocking. He also explains (and apologises for) the Adblock Plus episode.

    Until NoScript gets ported, or a complete substitute exists, I’m never leaving Firefox.

  • Nam me

    Armit Kumar, ehehehhh

  • mark

    I was about to read this article but got bombarded by a full screen video ad.

  • 1skyliner

    Remove this post because this add ons block adsense ,technorati, and so on ads so it decrese the revenue of bloggers.Don,t kill your profession YOURSELF.Over 30% internet users using this plugin means kill this addons will step up your revenue 30%.

    • http://twitter.com/MrHacks MrHacks

      Oh no! I’ve lost all respect for my fellow bloggers because I support Mr. Kumar’s ideas. I am almost as big a criminal for not supporting the oil industry by walking and not being a car owner!

      I fully support this feature and home it comes soon. NotScript is breaking alot of features that Google Chrome uses. I’m starting to think Incognito Browsing and the Downloads queue have been the latest features broken by the NotScript abandonware.

      Now if only I can nail those SEO violators who keep spamming MY blog.

    • chris

      1skyliner, heaven forfend that users take proactive measures to enhance their security while reducing the signal to noise ratio with regard to content versus advertising. Consider that people have a right to choose what runs in their browser and what does not — after all what most see as “the web” are really locally stored files sent from servers in response to our http requests. You do not have a right to control my machine, just as I do not have a right to control yours (or your servers).

      Just as it is a user’s right to choose and control what is shown and run on our machines, it is the right of the content provider to take countermeasures such as requiring the use of javascript and detecting use of noscript and/or creating pay walls. Content is not king, users are and noscript is one moat/drawbridge mechanism used to keep the riff-raff, graft and thieves out of our castles!

      Likewise, consider the big-picture — what percentage of a given audience has even heard of, let alone uses noscript. The numbers in the context of a mass audience are puny. Even among your users that run noscript, those who trust and regularly visit your site are highly likely to allow you to run javascript on their machine.

  • jay

    Old article, but whatever. I have been using this method with chromium for awhile. Flat out it’s more annoying then the java its blocking and not even close to as useful as noscript.

    This is not a replacement for noscript – if i can’t choose to block pop-under-ad.js while allowing expand-details-of-benign-page-element.js on the same domain?
    The all or nothing approach creates more headaches than it solves.

  • bogusone

    Only choices are Always Allow or Continue Blocking?
    Forget Chrome…. it’s NoScript for me

  • http://www.norimporter.com Edd

    I cant see why people think chrome/chromium are better than firefox?! For the first it are pop-ups adds built in the browser, wtf? Thats enough to keep it in the trash! And without noscript, useless, noe security in the apps either i would say! Of course there are possibility for security risks with the apps in firefox too but not as big as here! Trust me! Use Firefox!

  • JCSeed

    There is no longer an “under the hood” setting in Chrome that I can find.

 
Copyright 2006-2012 Techie Buzz. All Rights Reserved. Our content may not be reproduced on other websites. Content Delivery by MaxCDN