caption: Block JavaScript on these sites
desc: |-
Setting the policy lets you set a list of URL patterns that specify the sites that can't run JavaScript.
Leaving the policy unset means <ph name="DEFAULT_JAVA_SCRIPT_SETTING_POLICY_NAME">DefaultJavaScriptSetting</ph> applies for all sites, if it's set. If not, the user's personal setting applies.
For detailed information on valid <ph name="URL_LABEL">url</ph> patterns, please see https://cloud.google.com/docs/chrome-enterprise/policies/url-patterns. Wildcards, <ph name="WILDCARD_VALUE">*</ph>, are allowed.
Note that this policy blocks JavaScript based on whether the origin of the top-level document (usually the page URL that is also displayed in the address bar) matches any of the patterns. Therefore this policy is not appropriate for mitigating web supply-chain attacks. For example, supplying the pattern "https://[*.]foo.com/" will not prevent a page hosted on, say, https://example.com from running a script loaded from https://www.foo.com/example.js. Furthermore, supplying the pattern "https://example.com/" will not prevent a document from https://example.com from running scripts if it is not the top-level document, but embedded as a sub-frame into a page hosted on another origin, say, https://www.bar.com.
example_value:
- https://www.example.com
- '[*.]example.edu'
features:
dynamic_refresh: true
per_profile: true
future_on:
- fuchsia
owners:
- [email protected]
- file://components/content_settings/OWNERS
schema:
items:
type: string
type: array
supported_on:
- chrome.*:11-
- chrome_os:11-
- android:30-
tags: []
type: list
Codebase Browser
chromium