Script Defender for Chrome

I missed that settings are specific for the webpage you are on.

Are they going to be able to enable and disable third party js on a per site basis with block all js as the default for issue #35?

Given that these extensions are fairly new Chromium programmers must just be getting to allowing this type of control so I would imagine as time goes by it'll get better.

 

I understand what you're saying. These script control extensions seem to be flooding into the Web store all of a sudden I really liked Script Defender except it is a bit buggy forgetting settings in the whitelist, and presents some difficulty allowing certain scripts such as Disqus.com and a few others.

This latest one HTTP Switchboard seems pretty good so far. However, I don't see a way to export whitelist/blacklist settings??

 

Another new one though this says its a rework of notscript.

'scriptblock'

https://chrome.google.com/webstore/detail/scriptblock/hcdjknjpbnhdoabbngpmfekaecnpajba

 

Yeah, have been using that for a few days. So far so good. It cured my trauma with Script Defender.

 

Yes, I have seen that, too. Thanks for the reminder, wat0114

 

I'm finding though with ScriptBlock, if I enable script from A on one site A is enabled everywhere.

Although that by itself is not a bad thing if I use it with Disconnect. No extension conflict with Disconnect either or HTTPS Everywhere so far anyway.

 

@tlu,

Well, there are some interesting implications for XSS from sandboxing, but that's not really relevant. I was actually saying that Chrome needs the XSS protection, not the Javascript whitelisting.

 

Does anybody know why NoScript that's used on Firefox can't be used on Chrome?

 

The developer has a forum and I remember reading people peppering him with requests for the app to be ported to Chrome some time ago. His responses at the time were that 1 - Chrome didn't have the tools necessary for a port & 2 - he wouldn't have the time to support both platforms even if it did

It seems that Chrome is moving closer to having the necessary tools now.

 

Using Scriptblock with Disconnect seems like a good solution. Any unknown script will be blocked and the whitelist can be copied and saved as a text file which is necessary because it seems that using Sandboxie stops the list from being updated if opened after the Sandbox is deleted.

 

Http Switchboard is certainly rather nice and seems to do a good job. However it is not usable for https, even if one allows the entire domain. That means one would need to disable it in Extensions before visiting such sites.

For example try this banking site: https://netbank.nedsecure.co.za/

 

Ocky, I cannot confirm that. I tried it with 2 banking sites and it worked without any problems. Perhaps you have to allow cookies for your banking site in HTTP Switchboard? That's what I did.

EDIT: I just tried the site mentioned by you and it worked after allowing "frame" in the add-on.

 

Thanks for clarifying this. Do you think the XSS protection in Noscript is better than the XSSAuditor in Chrome?

 

Thanks Thomas, you are quite right. I like this one a lot.

 

BTW, I posted a possible bug at the http switchboard support page and the author responded in a very timely manner

https://github.com/gorhill/httpswitchboard/issues/40#issuecomment-28152840

 

I give up with ScriptDefender for the moment, this afternoon it messed up again my whitelist.
Back to ScriptSafe.

 

So again, what is the general consensus here? Sincerely, I do NOT want to start any wars here, just get a general feeling. Assuming that all of the above mentioned programs have faults, which script blocker is the "lesser of all Evils"?

Thanks a ton,
Acadia

 

Here's how I summarize the 3 script blocking extensions I've used:
- Script Defender --> Good but too strong. Still pretty buggy for now.
- ScriptBlock a.k.a. Resurrected NotScript --> Works nicely but failed on the 2nd test.
- ScriptSafe --> Didn't work sometimes. And it feels a bit too bloated with features like user agent spoofing, website blocking with various HOSTS files, etc.

 

From my pov, that's tough to answer. All I can say is none of them are yet on par with NoScript. However, I am finding that HTTP Switchboard, with what I've seen so far and the author's diligence is fixing issues as I allude to a couple posts above, might be the most promising.

 

Thanks, GrafZep for that rundown.

Also, thanks to everyone else for their opinions, lots to chew over.

Acadia

 

HTTP Switchboard looks to be a great tool, but for the average user what would be nice is to be able to hover over a section of a web page and have it correspond with the section it is blocked under the chart.

For instance, when you inspect a page in chrome elements and you hover over a line,the corresponding picture will be highlighted so you can easily discover what you wish to edit.

I feel that would make life a lot simpler as some pages have many options to choose from with scripts, pictures ad etc.

 

I posted that as a bug on the developers page.

 

HTTP Switchboard is like Noscript and RequestPolicy rolled up in one. Informative access screen with super overkill statistics. Cookie and local storage removal also a plus. I'll testing this one thoroughly. It might be enough to bring me back to using Chromium again, this post-PRISM world has me pnoid.

 

I haven't looked at any of these much, but the HTTP Switchboard dev is making his product look very good with how he's handling things.

@Tlu,

Yes. Web based stuff isn't my area, but, from what I understand and based on the opinions of people whose area it definitely is, it is the best.

 

After finally getting a really good and comfortable handle on using it, I'd say it's the best of the recent Chrome script control extensions I've tried. Hopefully he can address at least most of the enhancements and bugs on his to-do list.