[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Help-librejs] Proposal for solution of "script replacement before execu

From: Marc A. Harnos
Subject: [Help-librejs] Proposal for solution of "script replacement before execution" problem stated by RMS in "The JavaScript Trap" article and possible solution for re-implementation of LibreJS as a user script, making LibreJS browser independent
Date: Thu, 5 Nov 2015 01:06:58 +0100


I'm not sure if this belongs here, but this is the closest thing I
found regarding the whole "JavaScript Trap" issue.

> Browser users also need a convenient facility to specify JavaScript code to 
> use instead of the JavaScript in a certain page. (The specified code might be 
> total replacement, or a modified version of the free JavaScript program in 
> that page.) Greasemonkey comes close to being able to do this, but not quite, 
> since it doesn't guarantee to modify the JavaScript code in a page before 
> that program starts to execute.

This problem can be circumvented by executing a user-script, at the
top of the document, which fetches the content of the site being
visited, closes the document (preventing unmodified script execution),
replaces the links to the scripts and/or modifies the content
directly, or removes offending scripts, and writes this to a new
document executing curated scripts.

For example:

> getContent();
> document.close(); // close document + prevent execution of offending scripts
> function getContent() {
>     var client = new XMLHttpRequest();
>'GET', '' + 
> encodeURIComponent(document.location.href), true);
>     client.onreadystatechange = function() {
>         if (client.readyState !== 4) {
>             return;
>         }
>         var response = client.response;
>         response = response.replace(/<title>(.+?)<\/title>/, 
> '<title>MODIFIED: $1</title>');
>         document.write(response); // open new document + write modified urls 
> to scripts, modified scripts (or removed scripts) to page
>     };
>     client.send(null);
> }

This example uses to circumvent
missing CORS headers, this could be hosted / re-implemented by a free
provider with transparency + source code + etc. (possibly routing
requests through TOR, preventing the service from being blocked)

The idea behind this would be:

1. User gets Greasemonkey script to access only curated scripts
2. This script accesses a local ruleset and/or hosted/approved external ruleset
3. Fetches data, executes rules, writes data on site visit

With this technique one could re-implement LibreJS as a browser
script, making it browser independent / available for Chromium through
Tampermonkey, and start creating a repository of modified scripts
(like suggested in the aforementioned article).

With kind regards / Mit freundlichen Grüßen,
Marc A. Harnos

reply via email to

[Prev in Thread] Current Thread [Next in Thread]