aboutsummaryrefslogtreecommitdiff
path: root/src/hydrilla/proxy/self_doc/en_US/policy_selection.html.jinja
blob: 687d2bd38274bf3adb060d19cb679ecc6e1d99cd (about) (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
{#
SPDX-License-Identifier: GPL-3.0-or-later OR CC-BY-SA-4.0

Documentation page describing how Haketilo selects policy to apply to a page.

This file is part of Hydrilla&Haketilo.

Copyright (C) 2022 Wojtek Kosior

Dual licensed under
* GNU General Public License v3.0 or later and
* Creative Commons Attribution Share Alike 4.0 International.

You can choose to use either of these licenses or both.


I, Wojtek Kosior, thereby promise not to sue for violation of this
file's licenses. Although I request that you do not make use of this
code in a proprietary work, I am not going to enforce this in court.
#}
{% extends "doc_base.html.jinja" %}

{% block title %} Policy selection {% endblock %}

{% block main %}
  {{ big_heading('Page policy selection') }}

  {% call section() %}
    {% call paragraph() %}
      When a web page is opened, Haketilo is capable of either
      {% call unordered_list() %}
        {% call list_entry() %}
          blocking page's own scripts and
          {{ doc_page_link('injecting payload', 'packages') }}
          configured by the user,
        {% endcall %}
        {% call list_entry() %}
          blocking page's own scripts and injecting an automatically-chosen
          payload that is usable with the page,
        {% endcall %}
        {% call list_entry() %}
          presenting a dialog asking whether to enable an automatically-chosen
          payload that is usable with the page,
        {% endcall %}
        {% call list_entry() %}
          {{ doc_page_link('blocking', 'script_blocking') }} page's own scripts
          or
        {% endcall %}
        {% call list_entry() %}
          allowing page's own scripts to execute normally (i.e. not modifying
          the page in any meaningful way).
        {% endcall %}
      {% endcall %}
    {% endcall %}
  {% endcall %}

  {% call section() %}
    {{ medium_heading('Policy precedence') }}

    {% call paragraph() %}
      User configures Haketilo's behavior by defining script-blocking and
      -allowing rules and by adding and enabling packages. Each rule and each
      package payload has a {{ doc_page_link('URL pattern', 'url_patterns') }}.
      This pattern determines which pages the policy is compatible with.
      Patterns also have well-defined specificity. When multiple rules and
      packages are combatible with given page's URL, the one with the most
      specific pattern "wins". In case of a tie, payload injection is assumed to
      take precedence over rule application.
    {% endcall %}

    {% call paragraph() %}
      In the absence of suitable rules and enabled packages, Haketilo may
      consider non-enabled packages that are suitable for use on the
      currently-visited site. It will either inject package payload
      automatically, ask the user whether to enable the package or ignore it
      completely. The user can switch between these 3 behaviors on the Haketilo
      {{ hkt_link('settings page', 'home.home') }}. Packages that were
      explicitly marked as disabled will always be ignored. Pattern specificity
      is also taken into account in case of multiple packages.
    {% endcall %}

    {% call paragraph() %}
      When absolutely no explicit policy appears suitable for given page,
      Haketilo will apply its default script handling behavrior. Whether
      JavaScript is blocked or allowed by default is also determined by user's
      choice on the {{ hkt_link('settings page', 'home.home') }}.
    {% endcall %}
  {% endcall %}

  {% call section() %}
    {{ medium_heading('Special cases') }}

    {% call paragraph() %}
      The sites served by Haketilo itself are exempt from all policies. These
      are <code>http://hkt.mitm.it</code>, <code>https://hkt.mitm.it</code>
      and <code>http://mitm.it</code>. Additionally, if Haketilo experiences an
      internal error (e.g. because it could not parse current URL as sent in by
      the browser), it will try to block page's JavaScript as a security
      measure.
    {% endcall %}

    {% call paragraph() %}
      Internally, Haketilo also has a special high-priority policy for serving
      files used by payloads and for making its APIs accessible to payload
      scripts. This is, however, an implementation detail and casual users need
      not care about it nor understand these nuances.
    {% endcall %}
  {% endcall %}
{% endblock main %}