Mirrors
/
noscript
mirror of https://github.com/hackademix/noscript.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Configurable "lazy_load" capability (see https://github.com/whatwg/html/issues/5250).

This commit is contained in:
hackademix 2024-08-24 09:38:02 +02:00
parent 059426a26b
commit 07db46a909
No known key found for this signature in database
GPG Key ID: 231A83AFDA9C2434
5 changed files with 46 additions and 38 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/_locales/en/messages.json
View File

@ -572,6 +572,9 @@
"cap_noscript": { "cap_noscript": {
"message": "noscript" "message": "noscript"
}, },
"cap_lazy_load": {
"message": "lazy load"
},
"cap_unchecked_css": { "cap_unchecked_css": {
"message": "unrestricted CSS" "message": "unrestricted CSS"
}, },

5
src/bg/LifeCycle.js
View File

@ -324,6 +324,11 @@ var LifeCycle = (() => {
ns.openOptionsPage({tab: 2, focus: "#opt-vintageTheme", hilite: "#sect-themes"}); ns.openOptionsPage({tab: 2, focus: "#opt-vintageTheme", hilite: "#sect-themes"});
})(); })();
} }
if (Ver.is(previousVersion, "<=", "11.4.35rc2")) {
// add the lazy_load capability to any preset which already has the script capability
await configureNewCap("lazy_load", ["DEFAULT", "TRUSTED", "CUSTOM"], caps => caps.has("script"));
}
}, },
async onUpdateAvailable(details) { async onUpdateAvailable(details) {

37
src/content/content.js
View File

@ -183,6 +183,43 @@ ns.on("capabilities", () => {
allowed: ns.canScript allowed: ns.canScript
}); });
if (!ns.allows("lazy_load")) {
// Force loading attributes to "eager", since CSP-based script blocking
// does not disable lazy loading as it should to address the privacy
// concerns mentioned in the specification.
// See https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42805
const toEager = el => el.setAttribute("loading", "eager");
const toEagerAll = parent => [... parent.querySelectorAll("[loading=lazy]")].forEach(toEager);
toEagerAll(document);
if (document.readyState === "loading") {
const observer = new MutationObserver(records => {
for (const r of records) {
console.log(r);
switch(r.type) {
case "attributes":
if (r.attributeName === "loading") {
toEager(r.target);
}
break;
case "subtree":
toEagerAll(r.target);
break;
}
}
});
observer.observe(document.documentElement, {subtree: true, attributeFilter: ["loading"]});
addEventListener("DOMContentLoaded", e => {
toEagerAll(document);
observer.disconnect();
});
}
}
if (!ns.allows("unchecked_css")) { if (!ns.allows("unchecked_css")) {
// protection against CSS PP0 (https://orenlab.sise.bgu.ac.il/p/PP0) // protection against CSS PP0 (https://orenlab.sise.bgu.ac.il/p/PP0)

37
src/content/onScriptDisabled.js
View File

@ -46,43 +46,6 @@ function onScriptDisabled() {
} }
} }
{
// Force loading attributes to "eager", since CSP-based script blocking
// does not disable lazy loading as it should to address the privacy
// concerns mentioned in the specification.
// See https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42805
const toEager = el => el.setAttribute("loading", "eager");
const toEagerAll = parent => [... parent.querySelectorAll("[loading=lazy]")].forEach(toEager);
toEagerAll(document);
if (document.readyState === "loading") {
const observer = new MutationObserver(records => {
for (const r of records) {
console.log(r);
switch(r.type) {
case "attributes":
if (r.attributeName === "loading") {
toEager(r.target);
}
break;
case "subtree":
toEagerAll(r.target);
break;
}
}
});
observer.observe(document.documentElement, {subtree: true, attributeFilter: ["loading"]});
addEventListener("DOMContentLoaded", e => {
toEagerAll(document);
observer.disconnect();
});
}
}
let eraser = { let eraser = {
tapped: null, tapped: null,
delKey: false, delKey: false,

2
src/nscl

@ -1 +1 @@
Subproject commit c59937693d3fd772add35e918eb90744ff55d148 Subproject commit 9cef1fb442641dbf8e44ad70deb990828d5b5de3