TODO: - parallelize fetching of remote scripts - allow specifying whether a script occurring mutiple times directly or indirectly in a bag should be included multiple times or once - make it possible to provide backup urls for remote scripts - make it possible to cache remote scripts - optimize url querying - make it possible to automatically download page's served scripts and save them (of course, this by itself -- CRUCIAL would give little benefit, but it will make it easy to modify this set of scripts - useful, if some of those scripts are already free, as is often the case) - also, find some convenient way to automatically re-add "on" events ("onclick" & friends) - add some good, sane error handling - get rid of those warnings and exceptions in console (many are not even related to this extension; who invented this thing?) (gecko-only) - make page settings easily and conveniently editable in popup -- CRUCIAL - in popup make it possible to edit both main frame page's settings and settings for pages that currently happen to live in iframes - add some nice styling to settings page - make script bag components re-orderable (via drag&drop in options page) -- CRUCIAL - find some way not to require each chrome user to modify manifest.json - rename the extension to something good - test with more browser forks (Abrowser, Parabola IceWeasel, LibreWolf) - also see if browsers based on pre-quantum FF support enough of WebExtensions for easy porting - make sure page's own csp in doesn't block our scripts - make blocking more torough -- CRUCIAL - mind the data: urls -- CRUCIAL - find out how and make it possible to whitelist non-https urls and whether we can inject csp to them - create a repository to host scripts - enable the extension to automatically fetch script substitutes from the repo - make it possible to inject scripts to arbitrary places in DOM - make script blocking code omit those scripts - check if prerendering has to be blocked -- CRUCIAL - block prefetch - rearrange files in extension, add some mechanism to build the extension - all solutions to modularize js code SUCK; come up with own simple DSL to manage imports/exports - perform never-ending refactoring of already-written code - also implement support for whitelisting of non-https urls - validate data entered in settings - stop always using the same script nonce on given https(s) site (this improvement seems to be unachievable in case of other protocols) - besides blocking scripts through csp, also block connections that needlessly fetch those scripts - make extension's all html files proper XHTML - split options_main.js into several smaller files - validate settings data on import - find some good hatchet icon and rename the extension to "Hachette" (unless someone suggests another good name before we do so) - add an option to disable script blocking globally DONE: - employ copyright file in Debian format -- DONE 2021-06-25 - find out what causes storage sometimes not to get initialized under IceCat 60 -- DONE 2021-06-23 - make it possible to export page settings in some format -- DONE 2021-06-19 - make it possible to use wildcard urls in settings -- DONE 2021-05-14 - port to gecko-based browsers -- DONE 2021-05-13 - find a way to additionally block all other scripts using CSP -- DONE 2021-05-13 - only allow a single injection payload for page -- DONE 2021-05-13 - rename "bundles" to "bags" to avoid confusion with Web Bundles -- DONE 2021-05-12 - use non-predictable value in place of "myext-allow", utilizing hashes -- DONE 2021-05-12 - stop using modules (not available on all browsers) -- DONE 2021-05-12 - clean up the remnants of LibreJS -- DONE 2021-05-12 - implement whitelisting -- DONE 2021-05-07 - find way to also block scripts in non-http pages (e.g. file://) -- DONE 2021-05-07 (via content scripts, may not be perfect) (NoScript seems to be doing this through CSP) - make page settings easily and conveniently editable in a separate window/tab -- DONE 2021-05-05 - replace comparisons with stricter ones (e.g. do `if(foo === undefined)` instead of `if(!foo)`) -- DONE - make local storage safe (serialize storage accesses in background script) -- DONE - split main.js into multiple files -- DONE 2021-01-05 - make it possible to store entire script files in storage (not just links) -- DONE 2021-01-05 - make it possible to re-use the same script or set of scripts multiple times -- DONE 2021-01-05