Script Defender for Chrome

Can you give me a web page where the conflict occurs, this way I can investigate and see what can be done. Also, which AdBlock are we talking here? I need to install the exact one with which there is a problem. Also, regarding ad in GMail, I do not have a GMail account, else I might have been able to craft a set of rules which would work optimally, but maybe someone else can come up with one.

 

Wow hey gorhill, welcome to Wilders. You are seriously working hard on the development of HTTP-S. Do you have a donation page? I think you have only one dreaded bug(chrome related) away from your extension being the de facto noscript alternative. Actually I use both noscript and requestpolicy together on firefox and it's much easy managing everything with Http-switchboard.

I am very curious what extensions you normally use besides your own.

EDIT: I noticed a very troubling issue with javascript being disabled. If I want to download an image I can't unless I enable javascripts on that particular domain. Chromium has some wierd issues.

 

gorhill, thanks for your support.

I am using ADBlock (no ABblock+ nor Adblock Edge), this one:

https://chrome.google.com/webstore/detail/adblock/gighmmpiobklfepjocnamgkkbiglidom

I get this Extension Warning Message under Adblock (in chrome/Settings/Extensions):

Warning:
This extension failed to redirect a network request to about:blank because another extension (HTTP Switchboard) redirected it to data:text/html;base64,PCFET0NUWV......(long string of letters here..)

 

I've seen that same sort of error from Ghostery while using Httpswitchboard.

 

Yes I saw that early in development when I was verifying the extension worked properly with other extensions. My understanding is that it is inconsequential: both extensions are trying to prevent you from downloading the content of a frame, but only one is allowed to redirect (as per chromium api), and it appears HTTPSB won the race to have its own replacement used (the red patterned image) -- I have to check but I suspect the one who report back the fastest wins the race chromium says "the most recently installed extension wins and all others are ignored".

Only mine, but I do test once in a while with some others I stumble onto. For a while I ran Ghostery along HTTPSB. I was on Firefox until I started to develop HTTPSB exactly because there was no blocker on chromium. I originally was looking for a frame blocker on chromium and couldn't find one, so I decided to quickly make a frame blocker, and on the way learned about chromium api and went farther then what was originally more of an experiment..

For the images, I checked and you are right. Looking at Statistics to find out which request was blocked, I see that chromium send a request to download the image (I would have thought it was in the cache..). The request is of type "other". So it is up to you to whitelist "other" for all hostnames (like "images"), or to do it temporarily only when you need to download an image.

 

Thanks that works just fine!

 

Yes, I got the same warning with Adblock. However, with HTTPSB 0.5.7 I haven't seen it anymore so far.

Raymond, HTTP Switchboard is getting better and better! Congratulations

EDIT: Correction - that warning is still there with v. 0.5.7.

 

Fortunately the Netcraft Extension blocks that:

 

My intention was for a wide blacklist approach. Why I would be especially fond of the ability to globally allow scripts and toggle the prefab block lists. This is an especially valuable option for people using JS blockers to improve net performance.

Ultimately, I wanted to have something which kills off/warns suspect urls (ones with hyphens and numbers) and whitelists common TLDs like .com (or create an exhaustive blacklist of unwanted TLDs). The third and final part would be to block JS via static analysis. It was found by MS that 75% of script-based heap spray overflows use the same few scripts that are typically not even obfuscated.

I already have the second part using moons/kees Chrome javascript exclusions. It's amazing how it impedes my usage very little, but kills tons of possible malware servers.

But I understand even NoScript/ABE getting "Zozzle" like powers is far off, no less dev abilities to get something running under Chromium APIs.

Anyhow, I hope this doesn't sound like whining. Much thanks to Gorhill. Switchboard is a great extension.

 

As we can see author of Script Defender is still experimenting...at 18 Nov we have Script Defender v.4 and...something new "in family"
Script Defender Lite v. 4

https://chrome.google.com/webstore/detail/script-defender-lite/candehlmleemkaeiighgnagnojmaebeb
Script Defender (Simple Block Ver.) v. 1.4

https://chrome.google.com/webstore/detail/script-defender-simple-bl/lklglcdcnfamojelilehcgjcameeogfn

 

HTTP-SB is such a good cookie killer i got rid of my favorite vanilla cookie manager. I'd like to see it wipe out those cookies every 2-3 minutes or so. I see that the idea is being discussed on github. Gorhill needs a donation page, I can buy less belgian beer for a while.

 

I've been using HTTP Switchboard for some time now now, and I must say that it's really excellent and definitely better than any alternatives discussed in this thread. It actually deserves an own thread on Wilders!

Raymond is very eager to fix bugs and add enhancements. I can only congratulate him on his excellent work

There are some features which I like most:

1. Its design (the "matrix") is the best I've ever seen.
2. Temporary rules. All rules are temporary unless you make them permanent by clicking the corresponding padlock.
3. The statistcs page - very useful.
4. The built-in blacklist based on several hosts files, and the possibility to collaps that list of blacklisted sites.
5. Per page permissions: Explained here for Facebook but also applicable for cases like the one mentioned by Raymond. This feature reminds me of ABE in Noscript but it's much more comfortable.

So again: This add-on is very, very good! I second apathy's statement that you need a donation page, Raymond!

 

Okay I see. I like your idea

Well stated on all points, tlu! I agree if Raymond posts a donation page I'd me more than happy to contribute.

 

The coolest thing about HTTP-SB is the numerous features that aren't even mentioned. I was on the github page discussing how it handles cookies and found out that if you have cookies by some blacklisted domain it blocks the cookie traffic and blocks the cookies from being accessed which really great for privacy concerns.

HTTP-SB is so easy to use but a very powerful extension.

 

HTTP Switchboard deserves its own thread. Just sayin'.

 

Agreed! Here's the url for the Http-Sb discussion

 

I like this extension, but I have one problem. I like to have click and play enabled so I can control videos. I also set "block cookies, plugin and scripts" for all non-whitelisted sites in SD. If I whitelist a site, then plug ins play automatically, thus C&C is obsolete. Even if I don't whitlist a site, but want to allow plugins, I cannot choose which plug ins I wish to run. If I go to a new site that has plugins blocked globally then you can not run the plug in even if you click it, it simply says "adobe flash not allowed".

Is there anyway to isolate particular plug ins to allow the click and play rule to exist, without having to whitelist the site? Remember even if I block scripts and other areas, but allow plug ins, they run automatically without the click and play, b/c the are allowed.

 

Sorry, I'm not sure I understand all your points.

- In chromium settings, you set plugins to "click-to-play" mode?
- What is "SD"?
- What is "C&C"?

 

SD is Script Defender, I assume.

 

Not sure about anyone else, but after testing Scriptdefender and HTTP Switchboard I love HTTPSB far more. Seems to have more in depth options and seems pretty powerful overall allowing me to block specifically what I wish and allow others even temporarily under a global rule. So as for my last question.. I suppose HTTP answered it for me.

 

The flash control extension allows for individual selection of flash on a page.

 

Ahem... so, how's Script Defender now? Is it still too strong?

 

Script Defender is now dead and has been replaced by Script Blocker. Appears to be made by the same author.
https://www.wilderssecurity.com/thre...cript-defender-i-dont-know-how-to-use.366764/