diff options
| author | jahoti <jahoti@tilde.team> | 2021-06-28 00:00:00 +0000 |
|---|---|---|
| committer | jahoti <jahoti@tilde.team> | 2021-06-28 00:00:00 +0000 |
| commit | edbbe4002dadd31fd7eab0522a953e1b1b435767 (patch) | |
| tree | 51a3a8fdf0f7cbcc8cd3145d15a4c7dc41cc2920 /TODOS.org | |
| parent | 86ad1c6e0cf8a9ec3a529be10d7c7d1bfdf4620e (diff) | |
| download | browser-extension-edbbe4002dadd31fd7eab0522a953e1b1b435767.tar.gz browser-extension-edbbe4002dadd31fd7eab0522a953e1b1b435767.zip | |
License script-blocking techniques from NoScript in machine-readable format.
In-page blocking now works on Firefox, and JavaScript/data- URLs are properly
blocked to ensure no JavaScript leaks in through backdoors. Blocking of HTML/XML
data: urls should be refined (eventually) to align with current practice for
pages in general.
Also, script-blocking is now filtered by nonce, making it possible (albeit
perhaps not desirable) to inject scripts before the DOM is complete.
Diffstat (limited to 'TODOS.org')
| -rw-r--r-- | TODOS.org | 13 |
1 files changed, 8 insertions, 5 deletions
@@ -19,13 +19,10 @@ TODO: - add some nice styling to settings page - make script bag components re-orderable (via drag&drop in options page) -- CRUCIAL - find some way not to require each chrome user to modify manifest.json -- rename the extension to something good - test with more browser forks (Abrowser, Parabola IceWeasel, LibreWolf) - also see if browsers based on pre-quantum FF support enough of WebExtensions for easy porting - make sure page's own csp in <head> doesn't block our scripts -- make blocking more torough -- CRUCIAL - - mind the data: urls -- CRUCIAL - find out how and make it possible to whitelist non-https urls and whether we can inject csp to them - create a repository to host scripts @@ -47,11 +44,17 @@ TODO: - make extension's all html files proper XHTML - split options_main.js into several smaller files - validate settings data on import -- find some good hatchet icon and rename the extension to "Hachette" (unless - someone suggests another good name before we do so) +- rename the extension to something good + - find some good hatchet icon and rename the extension to "Hachette" + (unless someone suggests another good name before we do so) - add an option to disable script blocking globally +- Add support to settings_query for non-standard URLs + (e.g. file:// and about:) +- Process HTML files in data: URLs instead of just blocking them DONE: +- make blocking more torough -- DONE 2021-06-28 + - mind the data: urls -- CRUCIAL - employ copyright file in Debian format -- DONE 2021-06-25 - find out what causes storage sometimes not to get initialized under IceCat 60 -- DONE 2021-06-23 - make it possible to export page settings in some format -- DONE 2021-06-19 |