From edbbe4002dadd31fd7eab0522a953e1b1b435767 Mon Sep 17 00:00:00 2001 From: jahoti Date: Mon, 28 Jun 2021 00:00:00 +0000 Subject: License script-blocking techniques from NoScript in machine-readable format. In-page blocking now works on Firefox, and JavaScript/data- URLs are properly blocked to ensure no JavaScript leaks in through backdoors. Blocking of HTML/XML data: urls should be refined (eventually) to align with current practice for pages in general. Also, script-blocking is now filtered by nonce, making it possible (albeit perhaps not desirable) to inject scripts before the DOM is complete. --- TODOS.org | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) (limited to 'TODOS.org') diff --git a/TODOS.org b/TODOS.org index 8fe65d2..63f7985 100644 --- a/TODOS.org +++ b/TODOS.org @@ -19,13 +19,10 @@ TODO: - add some nice styling to settings page - make script bag components re-orderable (via drag&drop in options page) -- CRUCIAL - find some way not to require each chrome user to modify manifest.json -- rename the extension to something good - test with more browser forks (Abrowser, Parabola IceWeasel, LibreWolf) - also see if browsers based on pre-quantum FF support enough of WebExtensions for easy porting - make sure page's own csp in doesn't block our scripts -- make blocking more torough -- CRUCIAL - - mind the data: urls -- CRUCIAL - find out how and make it possible to whitelist non-https urls and whether we can inject csp to them - create a repository to host scripts @@ -47,11 +44,17 @@ TODO: - make extension's all html files proper XHTML - split options_main.js into several smaller files - validate settings data on import -- find some good hatchet icon and rename the extension to "Hachette" (unless - someone suggests another good name before we do so) +- rename the extension to something good + - find some good hatchet icon and rename the extension to "Hachette" + (unless someone suggests another good name before we do so) - add an option to disable script blocking globally +- Add support to settings_query for non-standard URLs + (e.g. file:// and about:) +- Process HTML files in data: URLs instead of just blocking them DONE: +- make blocking more torough -- DONE 2021-06-28 + - mind the data: urls -- CRUCIAL - employ copyright file in Debian format -- DONE 2021-06-25 - find out what causes storage sometimes not to get initialized under IceCat 60 -- DONE 2021-06-23 - make it possible to export page settings in some format -- DONE 2021-06-19 -- cgit v1.2.3