On
https://chrome.google.com/webstore/d...dbdgdf/reviews I found a review by Peter Greenburg which says:
Quote:
This extension is NOT WORKING, IT *DOESN'T* PROTECT YOU!
If you want to check it for yourself, go to the url http://www.isjavascriptenabled.com/ . The first time you will visit it, it will say YES! That means that the first time you visit a website, you are NOT PROTECTED.
Let me put that in another way: the next time you will visit a malicious website, MALICIOUS JAVASCRIPT WILL BE RUN THE FIRST TIME YOU VISIT IT, and the first time is exactly the time you don't want malicious code to be run!
|
Well, I tried that site - and, indeed, it said that JS was enabled! Only after clicking the reload button, JS was disabled. (However, this result has not always been reproducible after restarting Chrome although I have disk caching disabled in Chrome.) I found the same result on
http://www.enable-javascript.com/
Disabling ScriptNo and controlling JS with in the Chrome settings isn't an alternative, either: I've noticed on a couple of sites (which only work in Firefox if I allow some 3rd party domains in Noscript) that they work in Chrome without the need to allow scripting for those 3rd party sites. In other words: If you allow JS for a specific site, you're obviously also allowing all 3rd party scripts.
Conclusion:
1. Script blocking in ScriptNo is unreliable. Either that relatively new API it's using is still crap or ScriptNo itself is flawed.
2. Controlling JS in the Chrome settings is ridiculous as you always automatically allow 3rd party scripting.
That's really not the degree of control which I expect from my browser. I will stick with Firefox for the time being.