aboutsummaryrefslogtreecommitdiff
path: root/TODOS.org
diff options
context:
space:
mode:
authorjahoti <jahoti@tilde.team>2021-06-28 00:00:00 +0000
committerjahoti <jahoti@tilde.team>2021-06-28 00:00:00 +0000
commitedbbe4002dadd31fd7eab0522a953e1b1b435767 (patch)
tree51a3a8fdf0f7cbcc8cd3145d15a4c7dc41cc2920 /TODOS.org
parent86ad1c6e0cf8a9ec3a529be10d7c7d1bfdf4620e (diff)
downloadbrowser-extension-edbbe4002dadd31fd7eab0522a953e1b1b435767.tar.gz
browser-extension-edbbe4002dadd31fd7eab0522a953e1b1b435767.zip
License script-blocking techniques from NoScript in machine-readable format.
In-page blocking now works on Firefox, and JavaScript/data- URLs are properly blocked to ensure no JavaScript leaks in through backdoors. Blocking of HTML/XML data: urls should be refined (eventually) to align with current practice for pages in general. Also, script-blocking is now filtered by nonce, making it possible (albeit perhaps not desirable) to inject scripts before the DOM is complete.
Diffstat (limited to 'TODOS.org')
-rw-r--r--TODOS.org13
1 files changed, 8 insertions, 5 deletions
diff --git a/TODOS.org b/TODOS.org
index 8fe65d2..63f7985 100644
--- a/TODOS.org
+++ b/TODOS.org
@@ -19,13 +19,10 @@ TODO:
- add some nice styling to settings page
- make script bag components re-orderable (via drag&drop in options page) -- CRUCIAL
- find some way not to require each chrome user to modify manifest.json
-- rename the extension to something good
- test with more browser forks (Abrowser, Parabola IceWeasel, LibreWolf)
- also see if browsers based on pre-quantum FF support enough of
WebExtensions for easy porting
- make sure page's own csp in <head> doesn't block our scripts
-- make blocking more torough -- CRUCIAL
- - mind the data: urls -- CRUCIAL
- find out how and make it possible to whitelist non-https urls and
whether we can inject csp to them
- create a repository to host scripts
@@ -47,11 +44,17 @@ TODO:
- make extension's all html files proper XHTML
- split options_main.js into several smaller files
- validate settings data on import
-- find some good hatchet icon and rename the extension to "Hachette" (unless
- someone suggests another good name before we do so)
+- rename the extension to something good
+ - find some good hatchet icon and rename the extension to "Hachette"
+ (unless someone suggests another good name before we do so)
- add an option to disable script blocking globally
+- Add support to settings_query for non-standard URLs
+ (e.g. file:// and about:)
+- Process HTML files in data: URLs instead of just blocking them
DONE:
+- make blocking more torough -- DONE 2021-06-28
+ - mind the data: urls -- CRUCIAL
- employ copyright file in Debian format -- DONE 2021-06-25
- find out what causes storage sometimes not to get initialized under IceCat 60 -- DONE 2021-06-23
- make it possible to export page settings in some format -- DONE 2021-06-19