NoScript extension officially released for Google Chrome

Starting today, the NoScript Firefox extension, a popular tool for privacy-focused users, is also available for Google Chrome, Giorgio Maone, NoScript’s author, has told ZDNet.

The NoScript Chrome port, on which Maone has worked for months, is now available from the official Chrome Web Store, via this link.

Users have been asking for a Chrome port for years

NoScript’s availability for Google Chrome will make many people happy. The extension has a mythical status among privacy-minded users, who have dogged Maone for a Chrome version for years.

The original Firefox add-on was launched on May 13, 2005, to rave reviews. At the time, it was introducing a novel concept that a browser add-on could intercept and block the loading or execution of dangerous or unwanted JavaScript code.

The extension gathered a huge following across the years, and because of its unique features, it has also been selected as one of the very few add-ons that come built into default installations of the Tor Browser.

It is also one of the most-used and must-use extensions in the arsenal of security researchers that visit sites with malicious code, as the extension can prevent the execution of some exploits.

It’s for these reasons that users have been asking Maone for a Chrome port for years.

NoScript for Chrome faced some development hurdles

Work on the Chrome version started last year after the original NoScript for Firefox version was ported from the old Firefox XUL API to the more modern WebExtensions API, which is compatible with both Firefox and Chromium extensions systems.

Everything almost fell apart in January this year, when Chrome engineers were planning to roll out a set of features that would have killed not only NoScript’s ability to do its job, but also ad blockers and other similar extensions that needed to interact with JavaScript resources.

Google backtracked on some of its proposed changes following a huge backlash from both users and extensions developers, and today we have the first version of NoScript for Chrome.

Nonetheless, Maone still fears that some of Google’s planned changes, even in their current form, will still eventually impact NoScript in the long-run.

“I and other worried developers are [still] lobbying Google to rethink this plan,” Maone told ZDNet today. “Some concessions have already been done, but I’m also studying alternative approaches for the worst case scenarios.”

But in spite of some looming problems, the Chrome port is almost identical with the Firefox (Tor Browser) version, in terms of blocking/whitelisting abilities, and settings section.

NoScript’s XSS protection not available in Chrome version

“Talking about differences across supported browsers, the code base is now is exactly the same,” Maone told ZDNet.

“But on Chromium, I had to disable, at least for the time being, NoScript’s XSS filter.”

Below is an image of NoScript’s XSS filter showing an alert in the Tor Browser, a feature not available in the Chrome version, according to Maone.

“Chromium users will have to rely on the browser’s built-in ‘XSS Auditor,’ which over time proved not to be as effective as NoScript’s ‘Injection Checker’,” Maone told us.

“But the latter could not be ported in a sane way yet, because it requires asynchronous processing of web requests: a feature provided by Firefox only.

“To be honest, when Firefox switched to the WebExtensions API, which was largely inspired by Chrome, Mozilla made me contribute to its design and implementation in order to ensure that it supported NoScript’s use cases as much as possible,” Maone said. “Regrettably, the additions and enhancements which resulted from this work have not been picked up by Google.”

A stable release expected in June

Currently, NoScript for Firefox has over 1.5 million users, and the expectation is that the Chrome version will pick up even a bigger following due to Chrome’s larger userbase.

“I’m very satisfied of this first public Chromium-compatible NoScript’s beta (10.6.x). I plan to bless NoScript 11 as a ‘stable release for Chrome’ by the end of June,” Maone told ZDNet.

“I feel the urge to thank the awesome folks at the Open Technology Fund for the huge support they gave to this project, and before that to NoScript’s WebExtension migration,” Maone added. “And I’m excited that under the same umbrella Simply Secure will start working next week on improving NoScript’s usability and accessibility.”

More browser coverage: