|
1
|
TODO:
|
|
2
|
- parallelize fetching of remote scripts
|
|
3
|
- allow specifying whether a script occurring mutiple times directly
|
|
4
|
or indirectly in a bag should be included multiple times or once
|
|
5
|
- make it possible to provide backup urls for remote scripts
|
|
6
|
- make it possible to cache remote scripts
|
|
7
|
- optimize url querying
|
|
8
|
- make it possible to automatically download page's served scripts and save them (of course, this by itself -- CRUCIAL
|
|
9
|
would give little benefit, but it will make it easy to modify this set of scripts - useful, if some of
|
|
10
|
those scripts are already free, as is often the case)
|
|
11
|
- also, find some convenient way to automatically re-add "on" events ("onclick" & friends)
|
|
12
|
- add some good, sane error handling
|
|
13
|
- get rid of those warnings and exceptions in console (many are not even related to this extension;
|
|
14
|
who invented this thing?) (gecko-only)
|
|
15
|
- make page settings easily and conveniently editable in popup -- CRUCIAL
|
|
16
|
- in popup make it possible to edit both main frame page's
|
|
17
|
settings and settings for pages that currently happen to
|
|
18
|
live in iframes
|
|
19
|
- add some nice styling to settings page
|
|
20
|
- make script bag components re-orderable (via drag&drop in options page) -- CRUCIAL
|
|
21
|
- find some way not to require each chrome user to modify manifest.json
|
|
22
|
- test with more browser forks (Abrowser, Parabola IceWeasel, LibreWolf)
|
|
23
|
- also see if browsers based on pre-quantum FF support enough of
|
|
24
|
WebExtensions for easy porting
|
|
25
|
- make sure page's own csp in <head> doesn't block our scripts
|
|
26
|
- find out how and make it possible to whitelist non-https urls and
|
|
27
|
whether we can inject csp to them
|
|
28
|
- create a repository to host scripts
|
|
29
|
- enable the extension to automatically fetch script substitutes from the repo
|
|
30
|
- make it possible to inject scripts to arbitrary places in DOM
|
|
31
|
- make script blocking code omit those scripts
|
|
32
|
- check if prerendering has to be blocked -- CRUCIAL
|
|
33
|
- block prefetch
|
|
34
|
- rearrange files in extension, add some mechanism to build the extension
|
|
35
|
- all solutions to modularize js code SUCK; come up with own simple DSL
|
|
36
|
to manage imports/exports
|
|
37
|
- perform never-ending refactoring of already-written code
|
|
38
|
- also implement support for whitelisting of non-https urls
|
|
39
|
- validate data entered in settings
|
|
40
|
- stop always using the same script nonce on given https(s) site (this
|
|
41
|
improvement seems to be unachievable in case of other protocols)
|
|
42
|
- besides blocking scripts through csp, also block connections that needlessly
|
|
43
|
fetch those scripts
|
|
44
|
- make extension's all html files proper XHTML
|
|
45
|
- split options_main.js into several smaller files
|
|
46
|
- validate settings data on import
|
|
47
|
- rename the extension to something good
|
|
48
|
- find some good hatchet icon and rename the extension to "Hachette"
|
|
49
|
(unless someone suggests another good name before we do so)
|
|
50
|
- add an option to disable script blocking globally
|
|
51
|
- Add support to settings_query for non-standard URLs
|
|
52
|
(e.g. file:// and about:)
|
|
53
|
- Process HTML files in data: URLs instead of just blocking them
|
|
54
|
|
|
55
|
DONE:
|
|
56
|
- make blocking more torough -- DONE 2021-06-28
|
|
57
|
- mind the data: urls -- CRUCIAL
|
|
58
|
- employ copyright file in Debian format -- DONE 2021-06-25
|
|
59
|
- find out what causes storage sometimes not to get initialized under IceCat 60 -- DONE 2021-06-23
|
|
60
|
- make it possible to export page settings in some format -- DONE 2021-06-19
|
|
61
|
- make it possible to use wildcard urls in settings -- DONE 2021-05-14
|
|
62
|
- port to gecko-based browsers -- DONE 2021-05-13
|
|
63
|
- find a way to additionally block all other scripts using CSP -- DONE 2021-05-13
|
|
64
|
- only allow a single injection payload for page -- DONE 2021-05-13
|
|
65
|
- rename "bundles" to "bags" to avoid confusion with Web Bundles -- DONE 2021-05-12
|
|
66
|
- use non-predictable value in place of "myext-allow", utilizing hashes -- DONE 2021-05-12
|
|
67
|
- stop using modules (not available on all browsers) -- DONE 2021-05-12
|
|
68
|
- clean up the remnants of LibreJS -- DONE 2021-05-12
|
|
69
|
- implement whitelisting -- DONE 2021-05-07
|
|
70
|
- find way to also block scripts in non-http pages (e.g. file://) -- DONE 2021-05-07 (via content scripts, may not be perfect)
|
|
71
|
(NoScript seems to be doing this through CSP)
|
|
72
|
- make page settings easily and conveniently editable in a separate window/tab -- DONE 2021-05-05
|
|
73
|
- replace comparisons with stricter ones (e.g. do `if(foo === undefined)` instead of `if(!foo)`) -- DONE
|
|
74
|
- make local storage safe (serialize storage accesses in background script) -- DONE
|
|
75
|
- split main.js into multiple files -- DONE 2021-01-05
|
|
76
|
- make it possible to store entire script files in storage (not just links) -- DONE 2021-01-05
|
|
77
|
- make it possible to re-use the same script or set of scripts multiple times -- DONE 2021-01-05
|