Archive | August, 2012

Script-blocking in Chromium

3 Aug

So, if you like the idea of NoScript – taking control of what your browser downloads and executes – but instead of Firefox, you prefer the fast and clean interface of the Chromium browser (or Google Chrome, which is based on it), what does it have to offer?

The answer is: not as much as NoScript, but you can still do a lot.

First off, unlike Firefox, Chromium out-of-the-box allows you to block JavaScript and plugins (Flash, Java, etc) by default, similarly to the basic feature of NoScript. Choose the settings wrench – Settings – Under the Bonnet – Content Settings, then select ‘Do not allow any site to run JavaScript’, and under Plugins, select ‘Click to play’. You can then allow specific sites to run JavaScript and/or plugins via an icon on the address bar, and Flash videos etc will have a placeholder until you click on them.

There’s not as much control as NoScript, eg you can’t block third-party scripts, or temporarily allow sites, orĀ  choose between allowing base domains (example.com), full domains (www.example.com), or full addresses (http://www.example.com:80). But doing this will go a long way to keep you safe from the most common threats.

To get more control, your second option is to recruit one of Chrome’s addons. At this point, probably the most advanced script-blocking addon for Chromium is the ScriptNo addon. Despite the name, it’s not related to NoScript, but does take some inspiration from it, to give you an interface for permanently or temporarily allowing scripts, plugins, and even images from the various domains included in the page.

ScriptNo is still under active development, as Chrome adds support for more advanced control over web requests, but it doesn’t have NoScript’s advanced features – cross-site scripting filters, HTTPS enforcement, clickjacking protection, and particularly the Application Boundary Enforcer. Still, at what it does provide, it probably does a reasonable job.

And Giorgio is working to bring NoScript itself to Chromium as soon as the browser is ready.