Related issue:
https://github.com/uBlockOrigin/uBlock-issues/issues/2526
Improvements:
Support fulfilling the response with the content of a
`web_accessible_resources` resource, using the syntax already
supported by `prevent-xhr`: `war:[name of resource]`
Support fulfilling the response with randomized text with length
specified using `length:min[-max]` directive.
Essentially a complement of `trusted-prune-inbound-object.js` added in
1c9da227d7
To perform object pruning on any object returned synchronously by
any given call.
The arguments for `trusted-prune-outbound-object` in order are:
- The name of the property to trap. Must be a function, and must
exist when the scriptlet tries to install the trap.
- The properties to prune (as with `json-prune`)
- The properties which must all be present for pruning to occur
(as with `json-prune`)
The scriptlets `json-prune.js` and `evaldata-prune.js` essentially
perform the same function, and will eventually be rewritten to
internally delegate to generic `trusted-prune-outbound-object.js`.
As per discussion with filter list maintainers.
To perform object pruning for any given call which has an object
as argument (hence "inbound").
Since `json-prune-stringify` scriptlet is a specific form of
pruning inbound objects, it has been removed.
The arguments for `trusted-prune-inbound-object` in order are:
- The name of the property to trap. Must be a function, and must
exist when the scriptlet tries to install the trap.
- The position of the object to prune in the argument list when
the trapped function is called. The position is 1-based and
must be an integer greater than 0.
- The properties to prune (as with `json-prune`)
- The properties which must all be present for pruning to occur
(as with `json-prune`)
- Varargs:
- `, dontOverwrite, 1`: do not modify the target inbound object
Examples:
Remove `title` and `name` properties before passing the object to
`JSON.stringify` call:
example.org##+js(trusted-prune-inbound-object, JSON.stringify, 1, title name)
Remove `status` property before passing the object to `Object.keys`
call but do not modify caller's instance of the object:
example.org##+js(trusted-prune-inbound-object, Object.keys, 1, status, , dontOverwrite, 1)
If the `version` vararg is present and set to `2`, and if a
fetch Request argument is present, it will be cloned before
being matched to `propsToMatch` properties.
Additionally, created a `.fn` version of `[...]-fetch-response`
scriptlets to avoid redundant code in final injected scriptlets.
Prevent usage of specific or all (default) canvas APIs.
Syntax
```text
example.com##+js(prevent-canvas [, contextType])
```
- `contextType`: A specific type of canvas API to prevent (default to all
APIs). Can be a string or regex which will be matched against the type
used in getContext() call. Prepend with `!` to test for no-match.
Examples
1. Prevent `example.com` from accessing all canvas APIs
```adblock
example.com##+js(prevent-canvas)
```
2. Prevent access to any flavor of WebGL API, everywhere
```adblock
*##+js(prevent-canvas, /webgl/)
```
3. Prevent `example.com` from accessing any flavor of canvas API except `2d`
```adblock
example.com##+js(prevent-canvas, !2d)
```
References
https://developer.mozilla.org/en-US/docs/Web/API/HTMLCanvasElement/getContext