From 01937dc9d5215ef96ce756e3ccda51bf29032f58 Mon Sep 17 00:00:00 2001 From: Wojtek Kosior Date: Mon, 10 May 2021 18:07:05 +0200 Subject: initial commit --- TODOS.org | 51 +++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 51 insertions(+) create mode 100644 TODOS.org (limited to 'TODOS.org') diff --git a/TODOS.org b/TODOS.org new file mode 100644 index 0000000..2e3c210 --- /dev/null +++ b/TODOS.org @@ -0,0 +1,51 @@ +TODO: +- parallelize fetching of remote scripts +- make it possible to provide backup urls for remote scripts +- make it possible to cache remote scripts +- make it possible to use wildcards or something similar to be able to assign a script set to -- CRUCIAL + a set of domains or to a set of possible queries at a url +- make it possible to automatically download page's served scripts and save them (of course, this by itself -- CRUCIAL + would give little benefit, but it will make it easy to modify this set of scripts - useful, if some of + those scripts are already free, as is often the case) + - also, find some convenient way to automatically re-add "on" events ("onclick" & friends) +- add some good, sane error handling +- implement whitelisting (LibreJS had some code doing it, but we'll see if it's of any use for us) -- CRUCIAL +- make it possible to export page settings in some format -- CRUCIAL +- get rid of those warnings and exceptions in console (many are not even related to this extension; + who invented this thing?) (gecko-only) +- make page settings easily and conveniently editable in popup -- CRUCIAL + - in popup make it possible to edit both main frame page's + settings and settings for pages that currently happen to + live in iframes +- add some nice styling to settings page +- clean up the remnants of LibreJS +- stop using modules (not available on all browsers) -- CRUCIAL +- use non-predictable value in place of "myext-allow", utilizing hashes -- CRUCIAL +- rename the extension to something good +- port to gecko-based browsers -- CRUCIAL +- rename "bundles" to "bags" to avoid confusion with Web Bundles +- make it possible to modify CSP to suit our custom scripts' needs + - find a way to additionally block all other scripts using CSP + as an additional safety measure +- make blocking more torough -- CRUCIAL + - also block intrinsics -- CRUCIAL + - mind the data: urls -- CRUCIAL +- find out how and make it possible to whitelist non-https urls +- create a repository to host scripts + - enable the extension to automatically fetch script substitutes from the repo +- make it possible to inject scripts to arbitrary places in DOM + - make script blocking code omit those scripts +- facilitate waiting for script injection until DOM has loaded +- check if prerendering has to be blocked -- CRUCIAL +- block prefetch +- rearrange files in extension, add some mechanism to build the extension + +DONE: +- find way to also block scripts in non-http pages (e.g. file://) -- DONE 2021-05-07 (via content scripts, may not be perfect) + (NoScript seems to be doing this through CSP) +- make page settings easily and conveniently editable in a separate window/tab -- DONE 2021-05-05 +- replace comparisons with stricter ones (e.g. do `if(foo === undefined)` instead of `if(!foo)`) -- DONE +- make local storage safe (serialize storage accesses in background script) -- DONE +- split main.js into multiple files -- DONE 2021-01-05 +- make it possible to store entire script files in storage (not just links) -- DONE 2021-01-05 + - make it possible to re-use the same script or set of scripts multiple times -- DONE 2021-01-05 -- cgit v1.2.3