A Script like NoScript.

A Script like NoScript.

Currently, the only thing available that offers something like noscript in opera at the moment is site preferences, however you cannot selective disable scripts on a page for example. Or disable from a specific server while still allowing your own on the same site.

This is a proposed solution. Once you install it, you'll see a button with the links icon at the bottom right corner of the page (it'll be the same for frames too. So you can disable scripts coming from google ad servers for example. ), click that and you'll get a list of scripts that are available to block.

Ctrl and clicking "Block" blocks the script from the same server. Clicking "Block" blocks the specific script.
The data is saved to each sites cookie. And will misfire seeing as it goes through the scripts in DOM order. And therefore DOM order will change on different pages.

Enjoy.

noscriptlikealpha.js

sounds interesting. good work.

Updated. You can now block/unblock all external scripts on page by holding shift and clicking 'unblock'/'block'. Plus all single scripts that are blocked, are blocked according to the page you are on(location.pathname). I may offer an option to allow selective scripts for the whole site again in future, if you want to change it back though . Change the text in function "createCookie".

"+(isNaN(value)?'/':location.pathname);

And replace with.

/";

Thanks for this nifty script shoust. I don't know how much use I'll get out of it, but it's great to have the ability to block annoying scripts if I need to.

BTW: I e-mailed Daniel Goldman about it. Maybe it will end up on OperaWatch.

I've been wanting a script like this. Thank you for your work.

Is there anything I can edit in the code, where it automatically blocks all scripts like NoScript? Then I can unblock whatever I want? It's really not a big of deal, that's just what I've been using to doing while using FF.

Thanks again.

Good job Please can anyone tell me how to activate it? I'm not used to enabling scripts :O

Thanks in advance!

Good works, thanks.

There currently isn't whitelisting of scripts at the moment.
Something thats on my list for a future version.

I have a problem with the fact that it is in the right corner as I'm using another script - http://my.opera.com/nicomen/blog/2007/05/12/zoom-text-only-in-web-pages-with-opera?cid=2922551 for instance - that already use this corner, could you telle me how to change that?

The other side of the same probleme is when you've setup the progress bar to popup down at the bottom when used: it hides then your button...it's kind of annoying when you want to uplaod something big for istance, making the proggress bar showing, and trying to block with your script at the same time.

Originally posted by IcyStorM:

Please can anyone tell me how to activate it? I'm not used to enabling scripts

If you are refering to how to get the script to work in Opera, you can watch one of my videos on installing other UserJS scripts (such as OSpell and Operapedia). They are available in Flash format at Jumpcut (click the 'full' button while watching the video to see a larger version), and in both XviD and DivX formats on my video page.

If you just want to know how to use the script after you have it set up, just click the odd little box in the bottom-right corner of the webpage, select a script from the list, and click the 'block' button.

Don't hesitate to ask if you have questions.

Excellent GT500! Thank you. And thanks to shoust for making this awesome script as well!

Wow! Great work shoust! I finally got rid of some REALLY annoying script on a site that I visit like a billion times a day!

Made an entirely different version of this script, its gone multipurpose, so you can block any images, scripts,iframes or embeds on the page now.

This script won't be backwards-compatible with the noscript userjs, as I fixed a bug where the script might match 1 for 11 in dom for example.

Ultimate blockage.js

Spaces in the filename?

Anyway, a very good update. Many thanks for your hard work.

I guess one of the big, obvious drawbacks is that there is no visual cue for what image you're actually blocking.

Hey, why doesn't it work on http://www.lemonde.fr/ ?

Originally posted by Maulkin:

Hey, why doesn't it work on http://www.lemonde.fr/ ?

I can confirm that it doesn't work, but I have no idea why...

Well you can get to it if you scroll down the page. The flash ad blocks the buttons view though. Does take some time for the button to appear especially on a large page. Maybe I could optimize that a bit.

I still can't get to read it...

Can I ask you again how to change the position of the button of your script? (for the reasons I said in my other post up)

Originally posted by Maulkin:

Can I ask you again how to change the position of the button of your script? (for the reasons I said in my other post up)

Change the following code in the script..

bottom:1px;right:1px;

you can change bottom to top or right to left, in all it'll change the corner of where the button appears.

Updated the ultimate blockage script. You can now change the corner position the script appears in, just change the the cornerposition variable at the start of the script to change the corner.
And made some adjustments to the code so the button appears a bit faster.

In RTL pages, when you click on the NoScript button, it appears uh "flipped".
See here: http://ytsejammersisrael.com/phpbb

Intended?

Well the page's style overrides the section, the updated script fixes that.

The update doesn't currently save pathwise anymore, simply the reason because I can't seem to find a way to delete the cookies set to a path with javascript. But any things blocked already will work, however isn't removable by the script, you'd need to search in your cookies list for either 'noembed'/'noimg'/'noiframe'/'noscript' if you want to delete them.

There are a few more optimisations to the script too.

What a great idea. I'd just asked for one like it in a blog post and now I think I've found it. Thanks, shoust and GT500!

http://hattrick.org/Common/default.asp - with Ultimate blockage script Opera doesn't display this site...

Fixed the problem in internal version.

Updated ultimate blockage script, it should fix the problem with szyk site and with site such as gmail too.

Made the toggle button a bit bigger.

Changed the format of the values saved again, to save more.

You can now block any individual resources to pathname without any problems with script overwriting the setting.

Fixed problem where holding shift and clicking "Block" wouldn't change the buttons text.

Not backwards compatible with the older script though. The script should work faster though, and I plan to keep this format for updated versions of the script now.

Added a visual indicator option, doesn't work for scripts and is a little buggy. To enable it, change "visindicator" from false to true at the top of the script.

Nice improvements

Updated noscriptalpha userjs, basically it fixes the bugs of the last version really. Created blocks are compatible with each other, but its recommended to only have one or the other script turned on. Seeing as they might conflict..

Updated ultimate blockage script again, made some more optimisations to the script. Plus the options list only shows available resources available for blocking. Plus the number of resources available to block for each section.

Bugs:
When only images are to block, then in blocklist there aren't displayed their URL.
In http://google.pl there is no button.
In http://dobrym.pl/ when I click button, then "window" with blocklist stretchs oneself to site width.

google.pl uses a background image, currently my script doesn't block those.

dobrym.pl is fixed in new version.

EDIT: Just fixed the "When only images are to block, then in blocklist there aren't displayed their URL." problem too.

One thing NoScript for Firefox has, is the capability to choose whether to block or not cross-site POST requests. To be honest, I don't understand a lot about XSRF and XSS, but I know I'd be happy to have the choice to block only them (I thought about it since Gmail had this vulnerability)
Tell me if I'm wrong about its usefulness, or if it's already implemented in the script, but I think it'd be nice to have this feature in Opera

where do I download?? - nothing on your site

Ruben

Ultimate blockage:

http://files.myopera.com/shoust/files/Ultimate%20blockage.js

Noscriptlike:

http://files.myopera.com/shoust/files/noscriptlikealpha.js

What's the different between those files ?

One does scripts only, the other works with more than scripts such as images/embeds etc.

I'd like to know how I can install the file .js
As far as I concern it's a helluva script blocking script.

shoust, great job, one that was really needed!
I'd suggest you to edit your first post and keep there both updated scripts.

Btw, what about inverting the policy? I mean, instead of Block using Allow and, maybe, having an option to Allow/Block the scripts per site or domain.

Hmm...

I'm Just testing the complete blockage script and it seems that by default, it allows scripts but gives the option to block them if you choose "block". But that's no good because for security and privacy, it should be the other way round i.e. the scripts should be blocked by default and complete blockage should give me the option to allow them if I choose.

Any thoughts or have I missed something vital?

JB

If the scripts are blocked by default, then some pages won't work as some rely on external scripts. Might make a different version depending on if it doesn't take too much new code.

Originally posted by shoust:

If the scripts are blocked by default, then some pages won't work as some rely on external scripts. Might make a different version depending on if it doesn't take too much new code.

I know I am late to the discussion, and I understand your point, but buggrit101 is right in this regard. The point of the NoScript extension in Firefox is to allow the user to enable scripting for only the domains he or she trusts not to be malicious. In your current implementation, any malicious scripts will already have been executed once before the user has a chance to block it. This might be useful for annoying ads or other behavior, but in terms of security/exploits/etc. this mode of operation leaves much to be desired.

Does NoScript cause certain sites to break? Absolutely, but if the user chooses to trust the required script (2 clicks), the site regains functionality (and this preference is remembered for future visits to the same site). In exchange for the added security, I'm willing to suffer this brief inconvenience. I would love for Opera to support something like this (either through a uesrJS, or maybe via built-in functionality). I was a happy Opera user for several years, but NoScript is keeping me on Firefox for now. Firefox, however, has its own set of annoyances, and I'd love to come back!

I too would like to voice my support for a true noscript-esque ability. Being someone who is security paranoid I want to block all javascript unless I tell the browser to allow it.

Most web sites that are exploited by loading an external javascript. When w3schools was hacked a few months back it loaded an external javscript file with a several different browser and Windows exploits attached to it. There are also exploits around to steal people's cookies by loading external javascript.

Someone may argue that Opera is more secure and these exploits will not work. Nothing is truly secure. Any code can be exploited if given enough time and resources.

Until there is a way for me to only allow javascript from sites I determin I will have to stick with Firefox and noscript.

Originally posted by Zac Garrett:

Nothing is truly secure. Any code can be exploited if given enough time and resources.

very sad, but true.

btw, there's an interesting config setting "DelayedScriptExecution":

Ignore script tags until entire document is parsed and rendered, then execute all scripts in order and re-render.

just wonder if this setting could be of any help with the following implementation issue of this userscript:

Originally posted by flanker:

The point of the NoScript extension in Firefox is to allow the user to enable scripting for only the domains he or she trusts not to be malicious.

In your current implementation, any malicious scripts will already have been executed once before the user has a chance to block it.

I mean if the UserScripts with this setting are loaded (and executed) before Author/External ones, then this particular userscript may be able to defer execution of an alien JS untill user's approval.

@tisme:
As far as I know, with the extra events supplied (by Opera) for UserScripts it would be possible to do that without this setting. I think it's mainly an accessibility concern (like shoust said 3-4 posts above).

Sorry for the long delay, haven't been paying attention to the project for a while now. Here is the reverse to the original script whereas all external scripts are blocked until allowed. Enjoy

No new changes though at the moment though.
EDIT: Scratch that, added buttons to block/unblock all scripts at once, or from server.
noscriptunblockmode.js

Thank you so much for this great script. With the new block-by-default option, I can finally dump Firefox!

It's still a great script, but the auto-block option doesn't work. It claims that all scripts are blocked, but they aren't really, and hitting unblock actually blocks them.

Try it now, should be working now I think.

EDIT: Added a new feature (you need to edit script for this.) Basically all scripts based on the site(so scripts on my.opera.com will only work on my.opera.com , thus any scripts fetched from other sites will be blocked. Plus when site scripts are on, the "Block"/"Unblock" and "Server" buttons are disabled accordingly.) will be enabled by default, if you want to turn this off, set "blocksitescripts" to true in the script file.

Enjoy

where does the script saves the information? When i come back to the same site som time after