noscript_javascript
  • NoScript becomes available for Chrome, and while it’s still on beta, it looks identical to the original.
  • The extension allows picking what domains you trust with running JavaScript code on your browser.
  • The author of the extension fears that some planned Chrome changes may break its functionality again in the near future.

Users of the Google Chrome browser can finally enjoy the ultimate protection of the NoScript extension, an add-on that empowers the users with the ability to choose what domains they trust to run Flash, Java, and JavaScript code on their browser. Moreover, the extension protects users from cross-site scripting attacks, cross-zone DNS rebinding, and clickjacking. The importance of using the NoScript extension has been recognized again and again, winning its developers awards, becoming a pre-installed part of the Tor Browser, and even having Edward Snowden endorsing it as an effective countermeasure against the state surveillance.

noscript_example
image source: chrome.google.com

Firefox users have been enjoying the awesomeness of NoScript since 2005, so one has to wonder what took its developers so long to port it to the most popular browser in the world? Simply put, it was a combination of reasons. First, the team was focused on Firefox, and a small open-source project team can only do so much. Secondly, the changes that Chrome engineers rolled out in the previous years introduced a cat and mouse game for extensions like NoScript, which found their functionality being crippled by several JavaScript resources handling alterations that were constantly going on in Chrome’s code.

noscript-screenshot-options-advanced-xss
image source: noscript.net

Even now that the extension has been finally made available for Chrome, NoScript’s main developer Giorgio Maone is worried that the support may not last for long. If some of Google’s planned changes go through, the extension’s functionality will be impacted again, and more modification work will have to take place to render it useful, or even usable again. As NoScript is not the only extension that will have a problem with the proposed changes, they are in the process of putting pressure on Google and make them reconsider the impact for their users. Still, Chrome holds the lion’s share in the browsers market, and Google doesn’t pay much attention to what extension developers think or want.

So far, NoScript had managed to create a user base of 1.5 million, and the hope with this Chrome version is to have this number taking off to unprecedented levels. Open source projects that are based on voluntary contributions, bug reports, and optional financial support, see user-bases as their beating heart. The larger they are, the stronger the project becomes. For now, Maone has clarified on ZDNet that this first version is just a beta and that a truly stable release should be expected by the end of June.

Will you be using NoScript to enable and disable JavaScript on the various domains that you visit? Let us know of your plans in the comments section below, and help us spread the news by sharing this post through our socials, on Facebook and Twitter.