Log in
Preview of Javascript Firewall

Javascript Firewall by Bill

Block JavaScript of unwanted origin.

4.3 (15 reviews)
6 Users
You’ll need Firefox to use this extension
Download Firefox and get the extension
Download file
Screenshots
About this extension
This extension is intended for advanced users. Some websites will require configuration to work properly.

For each website, you can decide from which domains JavaScript is allowed.
By default, only scripts from the same domain than the website are allowed.

Interface
  • The table shows how many requests have been blocked or allowed on the web page for each domain. Each column of the table represents a type of request:
    • JS: javascript code: <script> and Workers
    • XHR: data request: XMLHttpRequest, Fetch, WebSocket, Beacon, ping, and Content-Security-Policy-report
    • FRAME: external content: <iframe>, <frame>, <object> and <embed>
    The color of a cell indicates whether it has been blocked or allowed :
    • dark red: blocked explicitly
    • light red: blocked by a more general rule
    • light green: allowed by a more general rule
    • dark green: allowed explicitly
    To create a rule, click on a cell until you get the desired color.
  • The drop-down list at the top left indicates on which websites the rules apply.
    By default, a rule only applies to the website's domain and it's subdomains.
    If you want to create a rule that applies to all websites, select "all websites".
  • The 5 buttons:
    • Reload: For the new rules to take effect, the page must be reloaded.
    • List: Manage the settings and the rules you have created. You can use the text mode to manually edit your rules (4th screenshot)
    • Disable/Enable: When disabled, the addon will not block anything for the current tab but will still count requests.
    • Delete: Delete the rules you have created for the current website.
    • Arrow: Display all the parent domains. It makes it possible to create a rule which will apply to all its subdomains.
  • The badge on the icon shows the number of blocked requests.
Examples
  • Make Youtube works (1st screenshot)
    1. Go to a Youtube video and click on the addon icon
    2. Click on the arrow button to display the parent domains
    3. Allow XMLHttpRequest (XHR) for googlevideo.com
    4. Reload the page
  • Allow embedded YouTube videos on all websites (2nd screnshot)
    1. Go to a Youtube video
    2. Click on the arrow button to display the parent domains
    3. Select "all websites" in the drop-down list
    4. Allow JS, XHR and FRAME for www.youtube.com and XHR for googlevideo.com
  • Allow everything for a website (3rd screenshot)
    1. Make the "JS", "XHR" and "FRAME" cells dark green
Other examples can be found on the wiki.

Limitations
The extension does not work on domains listed in the preference "extensions.webextensions.restrictedDomains", mainly Mozilla websites such as https://addons.mozilla.org

GitHub
https://github.com/billdoor1/javascript_firewall
Rated 4.3 by 15 reviewers

Star rating saved

5
9
4
3
3
2
2
1
1
0
Permissions and dataLearn more

Required permissions:

  • Access browser activity during navigation
  • Access your data for all websites
More information
Version
1.4
Size
17.15 KB
Last updated
3 years ago (May 10, 2022)
Related Categories
Version History
Add to collection
Report this add-on
Release notes for 1.4
interface:
- support browser dark mode (Firefox >= 67)
- text mode is now the only way to edit rules in the options page

bug fix:
- blocking javascript for the website domain no longer block javascript for others domains
- scripts imported with importScripts were sometimes not blocked
- inline scripts in iframes were not blocked when javascript was not allowed for their domain
- works if the page uses the HTTP header csp-sandbox

rules:
- support local hostnames like "localhost"
- allow rules with punycode hostnames
More extensions by Bill