Author ScriptSafe and them damn javascripts...  (Read 133 times)

0 Members and 1 Guest are viewing this topic.

ScriptSafe and them damn javascripts...
« on: March 28, 2017, 07:07:32 AM »

    I've been using ScriptSafe with Chrome for several days. Σ> recommended noscript, but I learned it doesn't work with Chrome. I've been learning just how many javascripts are always trying to gain access via one's browser, so thanks Σ>. The problem is, while some sites will load if I tell ScriptSafe to Trust them, too many still require me to tell ScriptSafe to temporarily trust all of the javascripts trying to load or the site won't load at all. This is the same as not running any javascript blocking software at all. So, what can be done about this?

Re: ScriptSafe and them damn javascripts...
« Reply #1 on: April 03, 2017, 02:02:16 PM »
Hi Caruthers :)
Excellent question. Chrome, being a Google product, operates differently from other browsers, but, I have a solution that may be worth checking out.
The first link gets into a technical explanation of the aspects of the API, the second is a walk-through to make the 'HTTP Switchboard' addon function close to noScript.  (Scriptsafe doesn't handle the API in the same manner, but if you want fine-grained control of the scripts, I think HTTPSB is the way to go. )
I don't use Chrome myself, (I'm an Anti-Google-ite, ;)   ;D ) but after looking over the documentation, I think this may be what you're looking for. 
(requestPolicy is also easy to use - mentioned in the second article)

https://github.com/gorhill/httpswitchboard/wiki/Blocking-javascript-execution-reliably-in-Chromium-based-browsers

https://github.com/gorhill/httpswitchboard/wiki/HTTP-Switchboard-as-NoScript


If you decide to implement this solution, could you throw us an update about what you think of it ?
Thanks C.  :)

Edit: Yeah, some sites use as many as 30+ scripts - this is one of the reasons they take forever to load - all those scripts run client-side. (On your system)

Re: ScriptSafe and them damn javascripts...
« Reply #2 on: April 03, 2017, 04:32:41 PM »
Hi, Caruthers :)
Excellent question. Chrome, being a Google product, operates differently from other browsers, but, I have a solution that may be worth checking out.
The first link gets into a technical explanation of the aspects of the API, the second is a walk-through to make the 'HTTP Switchboard' addon function close to NoScript.  (Scriptsafe doesn't handle the API in the same manner, but if you want fine-grained control of the scripts, I think HTTPSB is the way to go. )
I don't use Chrome myself, (I'm an Anti-Google-ite, ;)   ;D ) but after looking over the documentation, I think this may be what you're looking for. 
(requestPolicy is also easy to use - mentioned in the second article)

https://github.com/gorhill/httpswitchboard/wiki/Blocking-javascript-execution-reliably-in-Chromium-based-browsers

https://github.com/gorhill/httpswitchboard/wiki/HTTP-Switchboard-as-NoScript


If you decide to implement this solution, could you throw us an update about what you think of it?
Thanks, C.  :)

Edit: Yeah, some sites use as many as 30+ scripts - this is one of the reasons they take forever to load - all those scripts run client-side. (On your system)
Some sites I frequent on Chrome, won't work without Javascript. :-\


Re: ScriptSafe and them damn javascripts...
« Reply #3 on: April 08, 2017, 08:08:03 PM »
Some sites I frequent on Chrome, won't work without Javascript. :-\
That's all browsers, Starr.  :(

But, with NoScript, you can selectively allow what runs , until you can use the site.
It's not recommended, but if you install NoScript, and allow scripts globally, you will still be protected from Cross-Site-Scripting attacks. ;)
It's still better than running with JS constantly enabled.