APIVoid Script Stop

[LinuxFan58]

Edge users having enabled (or maybe now it is the default) AppContainer and LPAC, the risks of scripts is a non-issue. The beauty of SS is that when it has a black mode (default allow) option, I will use it to see what is happening under the hood to further create my own adblock rules. I think it will be more a tool or toy for power users.

 

[Victor M]

Maybe if SS can let those of us who can read code to take a peek at a script before pressing Allow, that would be nice.

 

[simmerskool]

. So I don't really see the added value of SS.

first thing you've posted in years I disagree with! so far I'm liking SS as I have not gotten around to hardening ubo with medium mode / dynamic filtering in this atomic linux, and I like SS UI.

 

[simmerskool]

Maybe if SS can let those of us who can read code to take a peek at a script before pressing Allow, that would be nice.

errr when I feel the need, I paste code into chatGPT, Claude or Lumo (proton's AI). sorta not feeling that need with SS at the moment. (perhaps I'm distracted... ) The few places where I "tested" SS it worked as expected...

 

[Digmor Crusher]

the butcher examines his own meat

In Canada we say "let others examine your meat".

 

[LinuxFan58]

Maybe if SS can let those of us who can read code to take a peek at a script before pressing Allow, that would be nice.

Nothing awkward or suspicious, you can copy paste the background.js into Claude and check for yourself.

When you look in the extension folder of any Chromium based browser, you will find the extension by its ID. In the extension folder you will find HTML (pages) CSS (styling) and JS (code) files. When the JS files are not compressed, you can open them with simple a text editor and view it yourself or let Claude review it. So even when it is not open source, it is possible to have a look at the code.

 

[Berny]

I need to enable multiple scripts for many sites to function properly

 

[Sampei.Nihira]

Edge users having enabled (or maybe now it is the default) AppContainer and LPAC, the risks of scripts is a non-issue. The beauty of SS is that when it has a black mode (default allow) option, I will use it to see what is happening under the hood to further create my own adblock rules. I think it will be more a tool or toy for power users.

Users who use Edge have their Renderer set to AppContainer.
But it’s not just them,my Chrome also has its Renderer set to AppContainer:

Spoiler: Chrome Renderer AppContainer

But that doesn’t mean anything; I always prefer to use dynamic filtering.
Everyone else can do whatever they want.

 

[LinuxFan58]

Users who use Edge have their Renderer set to AppContainer.
But it’s not just them,my Chrome also has its Renderer set to AppContainer:

Spoiler: Chrome Renderer AppContainer

View attachment 297734

But that doesn’t mean anything; I always prefer to use dynamic filtering.
Everyone else can do whatever they want.

Excellent tweak but let's agree to disagree on this (see below)

 

[Sampei.Nihira]

Excellent tweak but let's agree to disagree on this (see below)
View attachment 297735

I have to hang up and go out with my wife.
Ask ChatGPT if all Edge Renderers run in LPAC.

 

[VincentFairbanks]

We've released APIVoid Script Stop, a browser extension for Chrome and Firefox designed to block third-party scripts:

APIVoid Script Stop for Chrome and Firefox | APIVoid

APIVoid Script Stop is a browser extension that blocks third-party JavaScript on websites by default. Manage allowed and blocked script domains with whitelist, blacklist, and history logs.

www.apivoid.com

The extension blocks third-party scripts by default when a web page is loaded. From the popup, you can view all blocked scripts and allow or block them temporarily (current session) or permanently (whitelist/blacklist).

You can also:

- View a history of blocked scripts (the "Details" button shows the page URL and all third-party scripts blocked)
- Manage your own whitelist and blacklist
- Fully disable the extension for specific websites

To improve usability and compatibility, the extension includes a built-in list of trusted third-party script hosts so that most websites continue to function normally. This behavior can be disabled from the settings page if needed.

All settings can be easily exported and imported across browsers or devices.

No data is sent externally, all works locally in your browser.

Here is a screenshot of the main interface:

View attachment 297709

Win casino online casino
Screenshot of the history logs page:

View attachment 297710

Looks like a nice middle ground between full NoScript-style control and usability - the built-in trusted list should help avoid constant breakage while still giving users visibility

 

[NoVirusThanks]

We've released a new version v1.2:

Improved internal trusted domains list
Allow to select blocking mode
Added "Passive logging" on blocking modes
Changed pinned icon color to yellow for passive logging mode
Added "Allow by default" on blocking modes
Added badge with counter of blocked scripts on pinned icon
Minor improvements

Screenshot of the "Select blocking mode" option (default is "Block by default") for third-party scripts:

The "Allow by default" mode will allow any script except the ones present in the internal blacklist and user blacklist.

The "Passive logging" will just log the scripts that would have been blocked (but there is no blocking), useful for auditing and testing. When enabled, you will still see the scripts with the red dot on the left (like if they are blocked) on the popup, that is normal and they are not blocked in real. You can also check History page for all scripts that would have been blocked during your browsing session.

Now the pinned icon shows the count of blocked scripts in the page, and changes the color to yellow for "Passive logging" and to gray for excluded websites.

Example of the popup when Passive logging is enabled (scripts are not blocked):

The pinned icon color is not changed for "Allow by default" mode yet, maybe we can make it green or similar.

Let me know if you have any feedback on this new version.

@Berny

Which are the sites that had issues? You can send me via PM in case, I'll check them and see if we can update the internal whitelist.

@Marko :)

We don't have yet a "Report this website as broken" link, but for now you can PM me or share the link here, so I can check it and analyze it (the third-party scripts that create issues will be internally whitelisted if accepted).

 

[bjm_]

~ fwiw ~
I'd prefer scaling independent of "Minimum Font Size"


=========================================

What does Script Stop uniquely prevent after uBOL Complete already did its work?
When Script Stop reports blocked scripts alongside aggressive uBlock Origin Lite filtering, are those independently enforced blocks or observational/policy events tied to already-blocked requests?
Is Script Stop adding unique enforcement or mainly surfacing already-neutralized activity?
Do some Script Stop counts represent script attempts that uBOL Complete had already effectively neutralized upstream?

• malwaretips.com homepage/thread index → 9 / 3
• specific Script Stop thread page → 1 / 1

|
=======================================================

• cnn.com homepage → 13 / 14

============================================

• mail.google.com (after a few seconds & after a few more seconds)
  |

===============================================

• YouTube 28 / 1 -- and the one is static.doubleclick.net
  

 

[NoVirusThanks]

@bjm_

I checked youtube and you can see from these screenshots that uBol blocks also POST and XHR requests:

And the counter on the pinned icon of uBol will grow a lot while you watch a video, because it continuously blocks specific POST requests.

In this example, after some minutes the blocked requests increased from 14 to 42 on the pinned icon (youtube keeps trying to make that POST request):

On SS we focus only on blocking third-party JS scripts, that's why on SS on youtube you will see 0 blocked scripts:

Youtube doesn't load third-party scripts, it only loads scripts from first-party (its own root domain) and www.google.com (present on trusted domains).

The same scenario is for mail.google.com, while on cnn website you can see SS blocked 14 third-party scripts, e.g.:

The third-party scripts blocked are mostly related to ads, trackers, statistics, UI logging, etc.

About the other question of uBol and SS showing similar block counter on the pinned icon or which one block things, I think:

Both extensions receive like a "notification" when a request is made, then both extensions receive this notification/event, and both evaluate it within their own block filters. If one request matches both extensions filters, it will be blocked by one extension (the first one that "replies" quicker wins), but also the other extension will receive the notificationt hat it got blocked and it too will count the request as blocked (incrementing the counter in the pinned icon). An example is in the MT screenshots you posted where they showed the same number of blocked entries in the pinned icons.

 

[Sampei.Nihira]

Google accidentally exposed details of unfixed Chromium flaw

Here is an example of how useful script throttling can be.
The persistent API is called Background Fetch.
Restricting the execution of JS on untrusted websites and/or newly registered domains is often an effective preventive measure.

 

[NoVirusThanks]

@Sampei.Nihira

Interesting read and thanks for sharing! Hopefully Google will fix that Chromium flaw asap.

 

[bjm_]

~ fwiw ~
I'd prefer scaling independent of "Minimum Font Size"

The third-party scripts blocked are mostly related to ads, trackers, statistics, UI logging, etc.

uBOL Complete already neutralizes most mainstream ad/tracker/statistics/UI-logging infrastructure. Script Stop overlap with aggressive uBOL filtering -- feels substantial. Just me.

Agreeing third-party JS is powerful. I'm wondering -- how much of that risk is already substantially mitigated by aggressive uBOL filtering plus modern browser protections? Just me.

Script Stop may still matter for: the script that slips through.
The question becomes: how often that realistically happens vs how much overlap/noise to tolerate for the possibility. Just me.

Regards w Respect

 

[simmerskool]

~ fwiw ~
I'd prefer scaling independent of "Minimum Font Size"




uBOL Complete already neutralizes most mainstream ad/tracker/statistics/UI-logging infrastructure. Script Stop overlap with aggressive uBOL filtering -- feels substantial. Just me.

Agreeing third-party JS is powerful. I'm wondering -- how much of that risk is already substantially mitigated by aggressive uBOL filtering plus modern browser protections? Just me.

Script Stop may still matter for: the script that slips through.
The question becomes: how often that realistically happens vs how much overlap/noise to tolerate for the possibility. Just me.

Regards w Respect

I'm using / liking StopScript because I don't have (have not yet) set up ubo medium mode / dynamic filtering in this browser. As far as ubo "regular" with added hagezi filter, SS have been working well with ubo the few "tests" I tried, but have not look too deeply under the hood. When things seem to be working I tend to let it be...

 

[NoVirusThanks]

We have released a new version (well, actually two):

v1.4 - 24 May 2026

Improved internal domain blacklist
Added option to disable the built-in domain blacklist
Improved support for large fonts
Minor bug fixes

v1.3 - 23 May 2026

Improved internal trusted domains list
Added "Copy" button in the popup to copy the script list
Added option to block third-party iframes (disabled by default)
Show resource type (script or iframe) on History
Updated popup window

We have added an option (disabled by default) to also block third-party iframes, example:

It uses the same whitelist/blacklist used for scripts, so a host allowed to load third-party scripts will also be allowed to load third-party iframes.

On the popup you can see a new column "TYPE" that shows the icon for iframe or script.

Blocked third-party iframes are also logged on History (and classified with the appropriate icon).

On the popup there is a new "Copy" button that can be used to copy to clipboard all scripts from the script lists, example:

cdn.candu.ai | Third-party blocked by default
cdn.pendo.io | Third-party blocked by default
cdn.ziffstatic.com | Third-party blocked by default
cloud.wordlift.io | Third-party blocked by default
cs.moz.com | Built-in blocklist
js.stripe.com | Built-in trusted
m.stripe.network | Built-in trusted
moz-static.moz.com | First-party
moz.com | First-party
static.cloudflareinsights.com | Built-in blocklist
www.googletagmanager.com | Built-in blocklist

Useful if you have to report us the list of scripts blocked in a page where you are logged-in and we have not access.

Will make things simpler to see what is going and internally whitelist some new hosts in case.

@bjm_

The large fonts issue should be fixed now, please confirm.

Basically, on fonts >= 13 we just use icons instead than text, example:

About the other questions related to uBOL, I don't use uBOL here so I can't say much about it specifically.

I think Script Stop gives you more direct and simpler control over third-party scripts (and now third-party iframes too).

So using Script Stop alongside it can still be beneficial and provide an extra layer without slowdowns.

 

[Sampei.Nihira]

We have released a new version (well, actually two):



We have added an option (disabled by default) to also block third-party iframes, example:

View attachment 297801

It uses the same whitelist/blacklist used for scripts, so a host allowed to load third-party scripts will also be allowed to load third-party iframes.

On the popup you can see a new column "TYPE" that shows the icon for iframe or script.

Blocked third-party iframes are also logged on History (and classified with the appropriate icon).

On the popup there is a new "Copy" button that can be used to copy to clipboard all scripts from the script lists, example:

cdn.candu.ai | Third-party blocked by default
cdn.pendo.io | Third-party blocked by default
cdn.ziffstatic.com | Third-party blocked by default
cloud.wordlift.io | Third-party blocked by default
cs.moz.com | Built-in blocklist
js.stripe.com | Built-in trusted
m.stripe.network | Built-in trusted
moz-static.moz.com | First-party
moz.com | First-party
static.cloudflareinsights.com | Built-in blocklist
www.googletagmanager.com | Built-in blocklist

Useful if you have to report us the list of scripts blocked in a page where you are logged-in and we have not access.

Will make things simpler to see what is going and internally whitelist some new hosts in case.

@bjm_

The large fonts issue should be fixed now, please confirm.

Basically, on fonts >= 13 we just use icons instead than text, example:

View attachment 297802

About the other questions related to uBOL, I don't use uBOL here so I can't say much about it specifically.

I think Script Stop gives you more direct and simpler control over third-party scripts (and now third-party iframes too).

So using Script Stop alongside it can still be beneficial and provide an extra layer without slowdowns.

This is certainly useful, considering that uBoL doesn't have a log.

The third-party iframe blocker will break all websites with CAPTCHAs.
But at the same time, it will offer protection against all fake CAPTCHAs, which users will be able to recognize because they will appear to be working.