diff options
Diffstat (limited to 'TODOS.org')
| -rw-r--r-- | TODOS.org | 10 |
1 files changed, 4 insertions, 6 deletions
@@ -23,18 +23,15 @@ TODO: - find some way not to require each chrome user to modify manifest.json - rename the extension to something good - port to gecko-based browsers -- CRUCIAL -- make it possible to modify CSP to suit our custom scripts' needs - - find a way to additionally block all other scripts using CSP - as an additional safety measure +- make sure page's own csp doesn't block our scripts - make blocking more torough -- CRUCIAL - - also block intrinsics -- CRUCIAL - mind the data: urls -- CRUCIAL -- find out how and make it possible to whitelist non-https urls +- find out how and make it possible to whitelist non-https urls and + whether we can inject csp to them - create a repository to host scripts - enable the extension to automatically fetch script substitutes from the repo - make it possible to inject scripts to arbitrary places in DOM - make script blocking code omit those scripts -- facilitate waiting for script injection until DOM has loaded - check if prerendering has to be blocked -- CRUCIAL - block prefetch - rearrange files in extension, add some mechanism to build the extension @@ -43,6 +40,7 @@ TODO: - perform never-ending refactoring of already-written code DONE: +- find a way to additionally block all other scripts using CSP -- DONE 2021-05-13 - only allow a single injection payload for page -- DONE 2021-05-13 - rename "bundles" to "bags" to avoid confusion with Web Bundles -- DONE 2021-05-12 - use non-predictable value in place of "myext-allow", utilizing hashes -- DONE 2021-05-12 |