JavaScriptBlockedForUrls

Setting the policy lets you set a list of URL patterns that specify the sites that can't run JavaScript. Leaving the policy unset means DefaultJavaScriptSetting applies for all sites, if it's set. If not, the user's personal setting applies. For detailed information on valid url patterns, please see https://cloud.google.com/docs/chrome-enterprise/policies/url-patterns. Wildcards, *, are allowed. Note that this policy blocks JavaScript based on whether the origin of the top-level document (usually the page URL that is also displayed in the address bar) matches any of the patterns. Therefore this policy is not appropriate for mitigating web supply-chain attacks. For example, supplying the pattern "https://[*.]foo.com/" will not prevent a page hosted on, say, https://example.com from running a script loaded from https://www.foo.com/example.js. Furthermore, supplying the pattern "https://example.com/" will not prevent a document from https://example.com from running scripts if it is not the top-level document, but embedded as a sub-frame into a page hosted on another origin, say, https://www.bar.com.