ScriptSafe: A Quick Guide

Sunday, August 21, 2011

A lot of work has been put into ScriptSafe, an extension for Chrome that allow for you to control what loads on pages, increasing security and decreasing the time it takes for a pages to load.

This article will serve as a guide to get you quickly running ScriptSafe, and configure it to your browsing needs!

ScriptSafe? Is that a Pokemon? What is it?

ScriptSafe essentially gives you more control over what is loaded by pages you browse. This means less ads, less tracking, less annoyances, more security, more privacy, and more comfort. ScriptSafe can block webbugs, block pages from detecting where you came from, as well as content that you don’t want. You are given granular control in the form of a whitelist and blacklist.

ScriptSafe gives you detailed information on exactly what a page attempted to load (that was blocked before it was loaded) and what a page was allowed to load. This information includes what type the resource was (e.g. SCRIPT, IFRAME), and what the path was (e.g.

If more privacy, security, and control over your browsing experience sounds good to you, you can install ScriptSafe!

Installing ScriptSafe

Pretty straightforward, head over to the ScriptSafe page on the Chrome Extension Gallery  and click on the “Install” button.

Note about the “This extension can access: Your data on all websites + Your tabs and browsing activity” warning: rest assured, I am not a crook or criminal who created ScriptSafe to steal data.

For ScriptSafe to work (sorry, I have to go into some technical detail here), it injects Javascript functions into every page you load in order for it to work (hence the “Your data on all websites” warning). ScriptSafe does not log or transmit any private data anywhere (to check for yourself, search for the oiigbmnaadbkfbmpbfijlflahbdbdgdf folder on your computer and go through the files).

ScriptSafe requires access to the tabs in Chrome in order to detect when a page is loading and when it has completed loading (hence the “Your tabs and browsing activity” warning).

Configuring ScriptSafe

Here comes the fun part. You can either left-click on the ScriptSafe icon that’s added to your Chrome toolbar (or right-click on it), and click on “Options“. You’ll be brought to a single page that has all of the settings of ScriptSafe clearly laid out.

For detailed information on each and every option, check out my other post on ScriptSafe.


  • If you use bookmarklets OR set Default Mode to “Allow” OR experience problems with other Chrome extensions on a page, it is recommended you tick “

ScriptSafe in Action

After installing ScriptSafe, an icon will be added to your Chrome toolbar which will provide you with a real-time counter of things that are blocked on a page. These things can be scripts, iframes, frames, objects, embeds, video, audio, images, Java applets and noscript elements. This section will be quite detailed as it describes the way you’ll be interacting with ScriptSafe the most.

Click here to see a screenshot of the different icon variations.

The icon itself will tell you lots of things:

  • red “not available” icon = content on page blocked
  • blue exclamation mark = some content in the page bypassed for the duration of your browser session
  • green checkmark = parent page itself is whitelisted, but third-party content most likely also blocked.
  • grey icon = ScriptSafe disabled on the page (only if it is a non-HTTP/HTTPS site (e.g. chrome:// URL)

Clicking on the icon will provide you with even more information. It will show you a list of blocked and/or allowed resources. If you hover over each domain, you will see a detailed list of the elements that have been blocked/allowed and the paths of the files.

If the “Show Rating Button” in the Options page is ticked, a “Rating” button will be added under each domain which goes to the Web of Trust page for that domain which shows you the reputation level of the domain.

By the nature of ScriptSafe, you will have to teach it to allow content from specific domains in order for pages to work IF “Default Mode” is set to “Block“.

The trick is knowing which domains are needed in order for the page to work, and not to allow advertising/third-party/tracking servers in the process. So allow a domain one-by-one, reload the page, and see if it works. If it doesn’t, allow another one. It helps to hover over each item and see exactly what they’re trying to load.

You have the ability to Whitelist, Trust, Blacklist, or Bypass the domains:

  • Whitelist: adds the specific domain to the whitelist (e.g. This means that won’t be whitelisted since you’ve only whitelisted
  • Trust: adds the entire domain to the whitelist (* Content on and will be allowed to load.
  • Blacklist: similar to whitelisting a domain, this will only add a specific domain to the blacklist.
  • Bypass / Temp. Block:
    • Bypass: if your Default Mode is “Block” this will temporarily allow specific domains for the entire duration of your browsing session. After you close Chrome, this setting will be cleared.
    • Temp. Block: if your Default Mode is “Allow” you will see this instead of “Bypass” (above); temporarily blocks specific domains for the entire duration of your browsing session. After you close Chrome, this setting will be cleared.

Upgrading ScriptSafe

You can either wait for Chrome to automatically update your ScriptSafe (which will preserve your settings), or if you’re impatient you can uninstall ScriptSafe and install the new version.

If you decide to do the second method, before uninstalling ScriptSafe, it is recommended that you:

  1. Go to the ScriptSafe Options page
  2. Copy the “Export” content under “Import / Export Settings + Lists” to Notepad
  3. Uninstall ScriptSafe
  4. Install the new version
  5. Import the saved settings back into ScriptSafe

Frequently Asked Questions

  • Why can’t I see the “Allow/Trust/Deny” options for some domains in the tab options popup?
    • If you’ve ticked “Block Unwanted Content” and set “Unwanted Content Mode” to “Strict” in the options page, any blocked resources/elements will not have the usual “Allow/Deny/Bypass” options. If you do want to see them, you can set “Unwanted Content Mode” to “Relaxed“.
  • The “Ratings” button that’s under each domain in the tab options popup is UGLY! How do I get rid of it?
    • If you don’t want to see the “Rating” button for each domain, in the Options page untick “Show Rating Button
  • I use other Chrome extensions and they don’t work properly with ScriptSafe enabled. What should I do?
    • I personally use a couple of Chrome extensions (e.g. Adblock Plus, LastPass) and have come up with a few workarounds of my own:
      • If you trust the domain and the issue occurs only on the domain, you can choose to either Whitelist or Trust it.
      • If it happens on almost every page, tick “
  • I love this extension! How do I convey this love to you?
    • Thank you! I’ve put many hours into this extension to get it to this level (of course, user feedback has been helpful and important in the progress of ScriptSafe). Some ways you can help ScriptSafe and I out are:
      • Translation help: one of my long-term goals is to have every ScriptSafe user comfortable using it, and this means being able to use it in their own language. If you are bilingual (English + another language) and are willing to help translate the sentences in ScriptSafe, contact me! (go to the top of this page to contact me)
      • Donations: donations are definitely welcome, but I’m personally against me aggressively soliciting them as I firmly believe it is your choice to donate or not. Whether you do is up to you, you’ll never see any nag messages in ScriptSafe about doing so. You’ll just see the clickable heart icons in the ScriptSafe Options page 🙂
      • Writing: you can email me, post on the Chrome extension wall and rate it, and/or tweet/share/post about ScriptSafe to your friends!
  • You’re so mysterious. Who are you?
    • I’m a recent honors graduate from a business technology program from a university in Toronto, Canada, graduating with over 20 months of full-time work experience due to my co-op terms with world-class organizations.
    • I love Google’s products (a given seeing how this is a Chrome extension), and actually applied for a position at Google Canada (Toronto) (on May 12, 2011), but I’ve had no response since (was temporarily heart-broken).
    • I’ve created other Chrome extensions as well (all quite popular and highly-rated); you can check them out under the “More from andryou” box on the ScriptSafe page on the Chrome Extension Gallery