summaryrefslogtreecommitdiff
path: root/TODOS.org
blob: 8fe65d24f4fa165db3dc819604a4d1f70b3d5131 (about) (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
TODO:
- parallelize fetching of remote scripts
- allow specifying whether a script occurring mutiple times directly
  or indirectly in a bag should be included multiple times or once
- make it possible to provide backup urls for remote scripts
- make it possible to cache remote scripts
- optimize url querying
- make it possible to automatically download page's served scripts and save them (of course, this by itself -- CRUCIAL
  would give little benefit, but it will make it easy to modify this set of scripts - useful, if some of
  those scripts are already free, as is often the case)
  - also, find some convenient way to automatically re-add "on" events ("onclick" & friends)
- add some good, sane error handling
- get rid of those warnings and exceptions in console (many are not even related to this extension;
  who invented this thing?) (gecko-only)
- make page settings easily and conveniently editable in popup -- CRUCIAL
  - in popup make it possible to edit both main frame page's
    settings and settings for pages that currently happen to
    live in iframes
- add some nice styling to settings page
- make script bag components re-orderable (via drag&drop in options page) -- CRUCIAL
- find some way not to require each chrome user to modify manifest.json
- rename the extension to something good
- test with more browser forks (Abrowser, Parabola IceWeasel, LibreWolf)
  - also see if browsers based on pre-quantum FF support enough of
    WebExtensions for easy porting
- make sure page's own csp in <head> doesn't block our scripts
- make blocking more torough -- CRUCIAL
  - mind the data: urls -- CRUCIAL
- find out how and make it possible to whitelist non-https urls and
  whether we can inject csp to them
- create a repository to host scripts
  - enable the extension to automatically fetch script substitutes from the repo
- make it possible to inject scripts to arbitrary places in DOM
  - make script blocking code omit those scripts
- check if prerendering has to be blocked -- CRUCIAL
- block prefetch
- rearrange files in extension, add some mechanism to build the extension
- all solutions to modularize js code SUCK; come up with own simple DSL
  to manage imports/exports
- perform never-ending refactoring of already-written code
- also implement support for whitelisting of non-https urls
- validate data entered in settings
- stop always using the same script nonce on given https(s) site (this
  improvement seems to be unachievable in case of other protocols)
- besides blocking scripts through csp, also block connections that needlessly
  fetch those scripts
- make extension's all html files proper XHTML
- split options_main.js into several smaller files
- validate settings data on import
- find some good hatchet icon and rename the extension to "Hachette" (unless
  someone suggests another good name before we do so)
- add an option to disable script blocking globally

DONE:
- employ copyright file in Debian format -- DONE 2021-06-25
- find out what causes storage sometimes not to get initialized under IceCat 60 -- DONE 2021-06-23
- make it possible to export page settings in some format -- DONE 2021-06-19
- make it possible to use wildcard urls in settings -- DONE 2021-05-14
- port to gecko-based browsers -- DONE 2021-05-13
- find a way to additionally block all other scripts using CSP -- DONE 2021-05-13
- only allow a single injection payload for page -- DONE 2021-05-13
- rename "bundles" to "bags" to avoid confusion with Web Bundles -- DONE 2021-05-12
- use non-predictable value in place of "myext-allow", utilizing hashes -- DONE 2021-05-12
- stop using modules (not available on all browsers) -- DONE 2021-05-12
- clean up the remnants of LibreJS -- DONE 2021-05-12
- implement whitelisting -- DONE 2021-05-07
- find way to also block scripts in non-http pages (e.g. file://) -- DONE 2021-05-07 (via content scripts, may not be perfect)
  (NoScript seems to be doing this through CSP)
- make page settings easily and conveniently editable in a separate window/tab -- DONE 2021-05-05
- replace comparisons with stricter ones (e.g. do `if(foo === undefined)` instead of `if(!foo)`) -- DONE
- make local storage safe (serialize storage accesses in background script) -- DONE
- split main.js into multiple files -- DONE 2021-01-05
- make it possible to store entire script files in storage (not just links) -- DONE 2021-01-05
  - make it possible to re-use the same script or set of scripts multiple times -- DONE 2021-01-05