diff options
Diffstat (limited to 'TODOS.org')
-rw-r--r-- | TODOS.org | 23 |
1 files changed, 14 insertions, 9 deletions
@@ -20,20 +20,15 @@ TODO: - make script bag components re-orderable (via drag&drop in options page) -- CRUCIAL - find some way not to require each chrome user to modify manifest.json - test with more browser forks (Abrowser, Parabola IceWeasel, LibreWolf) - - also see if browsers based on pre-quantum FF support enough of - WebExtensions for easy porting - make sure page's own csp in <head> doesn't block our scripts -- find out how and make it possible to whitelist non-https urls and - whether we can inject csp to them - create a repository to host scripts - enable the extension to automatically fetch script substitutes from the repo - make it possible to inject scripts to arbitrary places in DOM - make script blocking code omit those scripts - check if prerendering has to be blocked -- CRUCIAL - block prefetch -- rearrange files in extension, add some mechanism to build the extension -- all solutions to modularize js code SUCK; come up with own simple DSL - to manage imports/exports +- rearrange files in extension +- supplement the build script with a makefile, also produce zipped arifacts - perform never-ending refactoring of already-written code - also implement support for whitelisting of non-https urls - validate data entered in settings @@ -49,11 +44,21 @@ TODO: (unless someone suggests another good name before we do so) - add an option to disable script blocking globally - Add support to settings_query for non-standard URLs - (e.g. file:// and about:) + (e.g. file:// and ftp://) - Process HTML files in data: URLs instead of just blocking them +- improve CSP injection for pathological cases like <script> before <head> +- Fix FF script blocking and whitelisting (FF seems to be by itself repeatedly + injecting CSP headers that were injected once, this makes it impossible to + whielist site that was unwhitelisted before; FF also seems to be removing our + injected script's nonce for no reason 🙁) DONE: -- make blocking more torough -- DONE 2021-06-28 +- find out if we can successfully use CSP to block file:// under FF -- DONE 2021-06-30 +- come up with own simple DSL to manage imports/exports -- DONE 2021-06-30 +- add some mechanism to build the extension -- DONE 2021-06-30 +- see if browsers based on pre-quantum FF support enough of -- DONE 2021-06-29 + WebExtensions for easy porting (no, those we know dropped the support) +- make blocking more thorough -- DONE 2021-06-28 - mind the data: urls -- CRUCIAL - employ copyright file in Debian format -- DONE 2021-06-25 - find out what causes storage sometimes not to get initialized under IceCat 60 -- DONE 2021-06-23 |