Share via


JavaScriptBlockedForUrls

Block JavaScript on specific sites

Supported versions

  • On Windows and macOS since 77 or later
  • On Android since 138 or later

Description

Define a list of sites, based on URL patterns, that aren't allowed to run JavaScript.

If you don't configure this policy, DefaultJavaScriptSetting applies for all sites, if it's set. If not, the user's personal setting applies.

For detailed information on valid url patterns, please see https://go.microsoft.com/fwlink/?linkid=2095322. Wildcards, *, are allowed.

Note that this policy blocks JavaScript based on whether the origin of the top-level document (usually the page URL that is also displayed in the address bar) matches any of the patterns. Therefore this policy is not appropriate for mitigating web supply-chain attacks. For example, supplying the pattern https://[\*.]foo.com/ will not prevent a page hosted on, say, https://contoso.com from running a script loaded from https://www.foo.com/example.js. Furthermore, supplying the pattern https://contoso.com/ will not prevent a document from https://contoso.com from running scripts if it is not the top-level document, but embedded as a sub-frame into a page hosted on another origin, say, https://www.fabrikam.com.

Supported features

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: Yes
  • Applies to a profile that is signed in with a Microsoft account: No

Data type

  • List of strings

Windows information and settings

Group Policy (ADMX) info

  • GP unique name: JavaScriptBlockedForUrls
  • GP name: Block JavaScript on specific sites
  • GP path (Mandatory): Administrative Templates/Microsoft Edge/Content settings
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx

Example value

https://www.contoso.com
[*.]contoso.edu

Registry settings

  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge\JavaScriptBlockedForUrls
  • Path (Recommended): N/A
  • Value name: 1, 2, 3, ...
  • Value type: List of REG_SZ

Example registry value

SOFTWARE\Policies\Microsoft\Edge\JavaScriptBlockedForUrls\1 =

https://www.contoso.com

SOFTWARE\Policies\Microsoft\Edge\JavaScriptBlockedForUrls\2 =

[*.]contoso.edu

Mac information and settings

  • Preference Key name: JavaScriptBlockedForUrls
  • Example value:
<array>
  <string>https://www.contoso.com</string>
  <string>[*.]contoso.edu</string>
</array>

Android information and settings

  • Preference Key name: JavaScriptBlockedForUrls
  • Example value:
["https://www.contoso.com", "[*.]contoso.edu"]

See also