diff options
author | Wojtek Kosior <wk@koszkonutek-tmp.pl.eu.org> | 2021-06-18 11:45:01 +0200 |
---|---|---|
committer | Wojtek Kosior <wk@koszkonutek-tmp.pl.eu.org> | 2021-06-18 11:45:01 +0200 |
commit | 7ee7889ae8f1473474254553ec3b3469fb0a935b (patch) | |
tree | 153fe596bc65600e21d856f97231f8195f79b9ec /TODOS.org | |
parent | 6bae771df7b238f8ef4e992660e911fb5808299c (diff) | |
download | browser-extension-7ee7889ae8f1473474254553ec3b3469fb0a935b.tar.gz browser-extension-7ee7889ae8f1473474254553ec3b3469fb0a935b.zip |
when possible inject CSP as http(s) header using webRequest instead of adding a <meta> tag
Diffstat (limited to 'TODOS.org')
-rw-r--r-- | TODOS.org | 11 |
1 files changed, 8 insertions, 3 deletions
@@ -24,7 +24,7 @@ TODO: - test with more browser forks (Abrowser, Parabola IceWeasel, LibreWolf) - also see if browsers based on pre-quantum FF support enough of WebExtensions for easy porting -- make sure page's own csp doesn't block our scripts +- make sure page's own csp in <head> doesn't block our scripts - make blocking more torough -- CRUCIAL - mind the data: urls -- CRUCIAL - find out how and make it possible to whitelist non-https urls and @@ -39,8 +39,13 @@ TODO: - all solutions to modularize js code SUCK; come up with own simple DSL to manage imports/exports - perform never-ending refactoring of already-written code -- when redirecting to target, make it possible to smartly recognize - and remove previous added target +- also implement support for whitelisting of non-https urls +- validate data entered in settings +- stop always using the same script nonce on given https(s) site (this + improvement seems to be unachievable in case of other protocols) +- besides blocking scripts through csp, also block connections that needlessly + fetch those scripts +- make extension's all html files proper XHTML DONE: - make it possible to use wildcard urls in settings -- DONE 2021-05-14 |