Revision edbbe400
Added by jahoti about 2 years ago
| TODOS.org | ||
|---|---|---|
| 19 | 19 |
- add some nice styling to settings page |
| 20 | 20 |
- make script bag components re-orderable (via drag&drop in options page) -- CRUCIAL |
| 21 | 21 |
- find some way not to require each chrome user to modify manifest.json |
| 22 |
- rename the extension to something good |
|
| 23 | 22 |
- test with more browser forks (Abrowser, Parabola IceWeasel, LibreWolf) |
| 24 | 23 |
- also see if browsers based on pre-quantum FF support enough of |
| 25 | 24 |
WebExtensions for easy porting |
| 26 | 25 |
- make sure page's own csp in <head> doesn't block our scripts |
| 27 |
- make blocking more torough -- CRUCIAL |
|
| 28 |
- mind the data: urls -- CRUCIAL |
|
| 29 | 26 |
- find out how and make it possible to whitelist non-https urls and |
| 30 | 27 |
whether we can inject csp to them |
| 31 | 28 |
- create a repository to host scripts |
| ... | ... | |
| 47 | 44 |
- make extension's all html files proper XHTML |
| 48 | 45 |
- split options_main.js into several smaller files |
| 49 | 46 |
- validate settings data on import |
| 50 |
- find some good hatchet icon and rename the extension to "Hachette" (unless |
|
| 51 |
someone suggests another good name before we do so) |
|
| 47 |
- rename the extension to something good |
|
| 48 |
- find some good hatchet icon and rename the extension to "Hachette" |
|
| 49 |
(unless someone suggests another good name before we do so) |
|
| 52 | 50 |
- add an option to disable script blocking globally |
| 51 |
- Add support to settings_query for non-standard URLs |
|
| 52 |
(e.g. file:// and about:) |
|
| 53 |
- Process HTML files in data: URLs instead of just blocking them |
|
| 53 | 54 |
|
| 54 | 55 |
DONE: |
| 56 |
- make blocking more torough -- DONE 2021-06-28 |
|
| 57 |
- mind the data: urls -- CRUCIAL |
|
| 55 | 58 |
- employ copyright file in Debian format -- DONE 2021-06-25 |
| 56 | 59 |
- find out what causes storage sometimes not to get initialized under IceCat 60 -- DONE 2021-06-23 |
| 57 | 60 |
- make it possible to export page settings in some format -- DONE 2021-06-19 |
| content/main.js | ||
|---|---|---|
| 11 | 11 |
const handle_page_actions = window.handle_page_actions; |
| 12 | 12 |
const url_item = window.url_item; |
| 13 | 13 |
const gen_unique = window.gen_unique; |
| 14 |
const sanitize_attributes = window.sanitize_attributes; |
|
| 14 | 15 |
|
| 15 | 16 |
/* |
| 16 | 17 |
* Due to some technical limitations the chosen method of whitelisting sites |
| ... | ... | |
| 26 | 27 |
let url = url_item(document.URL); |
| 27 | 28 |
let unique = gen_unique(url); |
| 28 | 29 |
let nonce = unique.substring(1); |
| 30 |
|
|
| 31 |
const scriptSuppressor = window.scriptSuppressor(nonce); |
|
| 29 | 32 |
|
| 30 | 33 |
function needs_blocking() |
| 31 | 34 |
{
|
| ... | ... | |
| 105 | 108 |
node.appendChild(meta); |
| 106 | 109 |
} |
| 107 | 110 |
|
| 108 |
function sanitize_attributes(node) |
|
| 109 |
{
|
|
| 110 |
if (node.attributes === undefined) |
|
| 111 |
return; |
|
| 112 |
|
|
| 113 |
/* |
|
| 114 |
* We have to do it in 2 loops, removing attribute modifies |
|
| 115 |
* our iterator |
|
| 116 |
*/ |
|
| 117 |
let attr_names = []; |
|
| 118 |
for (let attr of node.attributes) {
|
|
| 119 |
let attr_name = attr.localName; |
|
| 120 |
if (attr_name.startsWith("on"))
|
|
| 121 |
attr_names.push(attr_name); |
|
| 122 |
} |
|
| 123 |
|
|
| 124 |
for (let attr_name of attr_names) {
|
|
| 125 |
node.removeAttribute(attr_name); |
|
| 126 |
console.log("sanitized", attr_name);
|
|
| 127 |
} |
|
| 128 |
} |
|
| 129 |
|
|
| 130 | 111 |
if (needs_blocking()) {
|
| 112 |
// Script blocking for Gecko |
|
| 113 |
addEventListener('beforescriptexecute', scriptSuppressor, true);
|
|
| 114 |
|
|
| 131 | 115 |
var observer = new MutationObserver(handle_mutation); |
| 132 | 116 |
observer.observe(document.documentElement, {
|
| 133 | 117 |
attributes: true, |
| copyright | ||
|---|---|---|
| 42 | 42 |
OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION |
| 43 | 43 |
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. |
| 44 | 44 |
|
| 45 |
Files: content/freezer.js |
|
| 46 |
Copyright: 2005-2021 Giorgio Maone - https://maone.net |
|
| 47 |
2021 jahoti <jahoti@tilde.team> |
|
| 48 |
License: GPL-2+ |
|
| 49 |
|
|
| 45 | 50 |
Files: licenses/* |
| 46 | 51 |
Copyright: 2001, 2002, 2011-2013 Creative Commons |
| 47 | 52 |
License: CC-BY-4.0 |
| ... | ... | |
| 54 | 59 |
License: CC0 |
| 55 | 60 |
See `licenses/cc0.txt' |
| 56 | 61 |
|
| 57 |
Files: licenses/gpl-3.0.txt |
|
| 62 |
Files: licenses/gpl-2.txt licenses/gpl-3.0.txt
|
|
| 58 | 63 |
Copyright: 2007 Free Software Foundation, Inc. <https://fsf.org/> |
| 59 | 64 |
License: no-changing |
| 60 | 65 |
Everyone is permitted to copy and distribute verbatim copies of |
| ... | ... | |
| 100 | 105 |
Also see `https://koszko.org/en/articles/my-new-license.html' |
| 101 | 106 |
for more explanation. |
| 102 | 107 |
|
| 108 |
License: GPL-2+ |
|
| 109 |
This program is free software; you can redistribute it and/or modify |
|
| 110 |
it under the terms of the GNU General Public License as published by |
|
| 111 |
the Free Software Foundation; either version 2 of the License, or |
|
| 112 |
(at your option) any later version. |
|
| 113 |
. |
|
| 114 |
This program is distributed in the hope that it will be useful, |
|
| 115 |
but WITHOUT ANY WARRANTY; without even the implied warranty of |
|
| 116 |
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|
| 117 |
GNU General Public License for more details. |
|
| 118 |
. |
|
| 119 |
You should have received a copy of the GNU General Public License |
|
| 120 |
along with this program; if not, write to the Free Software |
|
| 121 |
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA |
|
| 122 |
|
|
| 103 | 123 |
License: CC-BY-SA-4.0 |
| 104 | 124 |
See `licenses/cc-by-sa-4.0.txt' |
| 105 | 125 |
|
| manifest.json | ||
|---|---|---|
| 81 | 81 |
"match_about_blank": true, |
| 82 | 82 |
"all_frames": true, |
| 83 | 83 |
"js": [ |
| 84 |
"content/freezer.js", |
|
| 84 | 85 |
"common/browser.js", |
| 85 | 86 |
"common/connection_types.js", |
| 86 | 87 |
"content/page_actions.js", |
Also available in: Unified diff
License script-blocking techniques from NoScript in machine-readable format.
In-page blocking now works on Firefox, and JavaScript/data- URLs are properly
blocked to ensure no JavaScript leaks in through backdoors. Blocking of HTML/XML
data: urls should be refined (eventually) to align with current practice for
pages in general.
Also, script-blocking is now filtered by nonce, making it possible (albeit
perhaps not desirable) to inject scripts before the DOM is complete.