aboutsummaryrefslogtreecommitdiff
path: root/TODOS.org
diff options
context:
space:
mode:
Diffstat (limited to 'TODOS.org')
-rw-r--r--TODOS.org23
1 files changed, 14 insertions, 9 deletions
diff --git a/TODOS.org b/TODOS.org
index 63f7985..13b9207 100644
--- a/TODOS.org
+++ b/TODOS.org
@@ -20,20 +20,15 @@ TODO:
- make script bag components re-orderable (via drag&drop in options page) -- CRUCIAL
- find some way not to require each chrome user to modify manifest.json
- test with more browser forks (Abrowser, Parabola IceWeasel, LibreWolf)
- - also see if browsers based on pre-quantum FF support enough of
- WebExtensions for easy porting
- make sure page's own csp in <head> doesn't block our scripts
-- find out how and make it possible to whitelist non-https urls and
- whether we can inject csp to them
- create a repository to host scripts
- enable the extension to automatically fetch script substitutes from the repo
- make it possible to inject scripts to arbitrary places in DOM
- make script blocking code omit those scripts
- check if prerendering has to be blocked -- CRUCIAL
- block prefetch
-- rearrange files in extension, add some mechanism to build the extension
-- all solutions to modularize js code SUCK; come up with own simple DSL
- to manage imports/exports
+- rearrange files in extension
+- supplement the build script with a makefile, also produce zipped arifacts
- perform never-ending refactoring of already-written code
- also implement support for whitelisting of non-https urls
- validate data entered in settings
@@ -49,11 +44,21 @@ TODO:
(unless someone suggests another good name before we do so)
- add an option to disable script blocking globally
- Add support to settings_query for non-standard URLs
- (e.g. file:// and about:)
+ (e.g. file:// and ftp://)
- Process HTML files in data: URLs instead of just blocking them
+- improve CSP injection for pathological cases like <script> before <head>
+- Fix FF script blocking and whitelisting (FF seems to be by itself repeatedly
+ injecting CSP headers that were injected once, this makes it impossible to
+ whielist site that was unwhitelisted before; FF also seems to be removing our
+ injected script's nonce for no reason 🙁)
DONE:
-- make blocking more torough -- DONE 2021-06-28
+- find out if we can successfully use CSP to block file:// under FF -- DONE 2021-06-30
+- come up with own simple DSL to manage imports/exports -- DONE 2021-06-30
+- add some mechanism to build the extension -- DONE 2021-06-30
+- see if browsers based on pre-quantum FF support enough of -- DONE 2021-06-29
+ WebExtensions for easy porting (no, those we know dropped the support)
+- make blocking more thorough -- DONE 2021-06-28
- mind the data: urls -- CRUCIAL
- employ copyright file in Debian format -- DONE 2021-06-25
- find out what causes storage sometimes not to get initialized under IceCat 60 -- DONE 2021-06-23