Noscript for Google Chrome?

[4td8s]

Once again it seems they are making promises to make the majority of the masses to let their guard down and go with their solution thinking a false sense of security while the full benefit and guts of the program are not implemented because why go the full distance when you can fool people into a lesser and incomplete solution, this is asinine. It is shameful that instead of using the expertise and knowledge of a master like Giorgio, they are going to keep dragging their feet and implementing one half ass solution after another. Plus, if they had what is needed in place for Giorgio to do his thing, you wouldn't have to keep asking Giorgio, it would already be done. Anyone who knows anything about how diligently Giorgio stays on top of things would know that if it was possible, it would have already been done. The pressure and the questions should be directed to the reluctant Google devs who have ignored it all along.

that sure sucks, doesn't it? oh well, it's google's loss.

[yupa]

http://apple.slashdot.org/story/10/07/2 ... ng-Adblock

Is this "resource-blocking-adblock" bringing us closer to Noscript on Chrome?

[Giorgio Maone]

http://apple.slashdot.org/story/10/07/20/0421257/Google-Chrome-Now-Has-Resource-Blocking-Adblock

Is this "resource-blocking-adblock" bringing us closer to Noscript on Chrome?

Yes, but unfortunately it's not enough for integrating with the internal script blocker

[yupa]

It seems issue 35897 of the Chromium project is the one which needs to be solved to make Noscript for Chrome possible.

Star it if you want Noscript for Chrome!

[Giorgio Maone]

It seems issue 35897 of the Chromium project is the one which needs to be solved to make Noscript for Chrome possible.

No it's not. At this moment "beforeload" pretty much covers the needs related to that bug from NoScript's standpoint.
The real show stopper at this moment is the (missing) ability for extensions to interact with browser's script execution permissions.

[yupa]

Is there a corresponding issue we can star?

[Giorgio Maone]

Is there a corresponding issue we can star?

I've just asked someone who should know: https://twitter.com/ma1/status/19810257922

[tlu]

I just saw that somebody has now developed a Chrome extension called NotScripts. I don't know how it compares to Noscript (and I don't use Chrome anyway) but it might be interesting for Giorgio to have a look at it. Details on http://optimalcycling.com/other-projects/notscripts/

[qaelith.2112]

TLU, thank you for that link. I've just spent a bit of time playing with NotScript, and it appears that it'll improve our security reasonably well for now, until the APIs are improved to the point that the real NoScript can be ported. Of course, this is a very minimal extension and obviously doesn't do even a fraction of what NoScript will do. It does beat just turning off scripting in Chrome and whitelisting as needed, which is a royal pain and doesn't allow for resources within a page to be turned on while others are left disabled. What it currently lacks that I believe could be added is a TEMPORARY whitelisting by resource. It includes a permanent whitelisting by resource, as well as a temporary whitelisting for everything. Basically if you need to temporarily allow just one thing, you either have to permanently allow and then disallow again later (good luck remembering to do that) or temporarily allow everything on the page and risk opening the floodgates for the scripts inside banner ads and everything else.

That's just the basics, though. I'm not even talking about all of the other cool stuff NoScript does, such as ABE, clickjacking protection, etc.

Chrome is shaping up to be a fabulous browser, but damn it, I continue to be disappointed in some of the BASIC things that are missing (essential extension API elements, print preview, bookmark tags, on and on...) while precious time is being spent going back and forth on what the menus should look like and where the bookmark star is to appear.

Anyway, thank you very much, Giorgio, for your persistence in trying to badger the Chrome Team into doing what should be done with respect to the extensions APIs, and for keeping the port of NoScript in mind. When that eventually happens, I won't be the only one who is indescribably grateful for it. The Chrome Team should see the development of these features as being important for the securability / security of the browser.

[optimalcycling]

Hello all, my name is Eric Wong. I'm the author of the NotScripts extension for Google Chrome, http://www.optimalcycling.com. Thought I should drop by and register.

@ qaelith.2112
Lots of people have been asking me to implement the temporary allow this site feature so that is a top priority feature now. It will be pushed out when I code it up and get the drop down menu clean enough with the extra buttons required. I want to keep that part of the interface as simple as possible.

As for implementing other features that NoScript has, that may or may not be possible. I haven't looked into it.

[Giorgio Maone]

Hi Eric,

thanks for your effort.
I appreciate the fact you're calling it "NotScripts", rather than NoScript, and keep the distinction clear.
It's been also honest from you putting a "limitations" section in your docs.
You should also warn your users that they shouldn't rely on NotScript for their security (as they can do with NoScript), because there are many ways for a malicious attacker to work around it and it doesn't provide any of the additional security protections given by NoScript beyond 3rd party script blocking.

[GµårÐïåñ]

I personally believe that the name is too similar as-is and could be mistaken as a legit NoScript solution. I wish they had picked a more original name of their own uniqueness and not play on the linguistic similarities to NoScript. Its like someone creating "Gooogle.com" and saying they had no intention to play off of the popularity of Google in picking the name. Or "Wallmart.com" to try and play on "Walmart.com" you get the idea. I would be more comfortable with a wider separation of identity on this item.

[optimalcycling]

Hi Eric,

thanks for your effort.
I appreciate the fact you're calling it "NotScripts", rather than NoScript, and keep the distinction clear.
It's been also honest from you putting a "limitations" section in your docs.
You should also warn your users that they shouldn't rely on NotScript for their security (as they can do with NoScript), because there are many ways for a malicious attacker to work around it and it doesn't provide any of the additional security protections given by NoScript beyond 3rd party script blocking.

Thanks.

Yes, I should add in the limitations that there is no support for clickjacking protection or other advanced methods yet.

Edit: I've added this to the limitations page on the web (http://optimalcycling.com/other-project ... mitations/) and will go into the extension's limitations page next release:

Please note that NotScripts is not a guarantee of security and users should always practice secure web surfing habits. Currently NotScripts does not provide advanced protection for things such as clickjacking and other methods found in the "NoScript<link>" addon for Firefox and a malicious website may still be able to successfully use such techniques.

[optimalcycling]

I personally believe that the name is too similar as-is and could be mistaken as a legit NoScript solution. I wish they had picked a more original name of their own uniqueness and not play on the linguistic similarities to NoScript. Its like someone creating "Gooogle.com" and saying they had no intention to play off of the popularity of Google in picking the name. Or "Wallmart.com" to try and play on "Walmart.com" you get the idea. I would be more comfortable with a wider separation of identity on this item.

I've put the disclaimer that NotScripts is not affiliated with NoScripts for Firefox on both my website and on the Google Chrome extension page. I've also put links back to http://noscript.net on my website, the NotScripts about page in the extension, and on the Google Chrome extension page: https://chrome.google.com/extensions/de ... dajjpkkcfn