[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Help-librejs] Proposal for solution of "script replacement before execu
From: |
Marc A. Harnos |
Subject: |
[Help-librejs] Proposal for solution of "script replacement before execution" problem stated by RMS in "The JavaScript Trap" article and possible solution for re-implementation of LibreJS as a user script, making LibreJS browser independent |
Date: |
Thu, 5 Nov 2015 01:06:58 +0100 |
Hi,
I'm not sure if this belongs here, but this is the closest thing I
found regarding the whole "JavaScript Trap" issue.
> Browser users also need a convenient facility to specify JavaScript code to
> use instead of the JavaScript in a certain page. (The specified code might be
> total replacement, or a modified version of the free JavaScript program in
> that page.) Greasemonkey comes close to being able to do this, but not quite,
> since it doesn't guarantee to modify the JavaScript code in a page before
> that program starts to execute.
http://www.gnu.org/philosophy/javascript-trap.html
This problem can be circumvented by executing a user-script, at the
top of the document, which fetches the content of the site being
visited, closes the document (preventing unmodified script execution),
replaces the links to the scripts and/or modifies the content
directly, or removes offending scripts, and writes this to a new
document executing curated scripts.
For example:
> getContent();
> document.close(); // close document + prevent execution of offending scripts
>
> function getContent() {
> var client = new XMLHttpRequest();
> client.open('GET', 'https://allow-any-origin.appspot.com/' +
> encodeURIComponent(document.location.href), true);
> client.onreadystatechange = function() {
> if (client.readyState !== 4) {
> return;
> }
>
> var response = client.response;
> response = response.replace(/<title>(.+?)<\/title>/,
> '<title>MODIFIED: $1</title>');
> document.write(response); // open new document + write modified urls
> to scripts, modified scripts (or removed scripts) to page
> };
> client.send(null);
> }
This example uses https://allow-any-origin.appspot.com/ to circumvent
missing CORS headers, this could be hosted / re-implemented by a free
provider with transparency + source code + etc. (possibly routing
requests through TOR, preventing the service from being blocked)
The idea behind this would be:
1. User gets Greasemonkey script to access only curated scripts
2. This script accesses a local ruleset and/or hosted/approved external ruleset
3. Fetches data, executes rules, writes data on site visit
With this technique one could re-implement LibreJS as a browser
script, making it browser independent / available for Chromium through
Tampermonkey, and start creating a repository of modified scripts
(like suggested in the aforementioned article).
With kind regards / Mit freundlichen Grüßen,
Marc A. Harnos
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Help-librejs] Proposal for solution of "script replacement before execution" problem stated by RMS in "The JavaScript Trap" article and possible solution for re-implementation of LibreJS as a user script, making LibreJS browser independent,
Marc A. Harnos <=