Tony França <[email protected]> writes: > Please look at those two screenshots of firefox opening the same static file > with and without librejs enabled. > > They are rendered in the same way in both cases, but when you look under the > hood, in the network tab, you can see that with LibreJS enabled, the response > it "got from the server" misteriously gets a <html>, a <head> and a <body> > elements - which just don't exist on the original file. > > This may not be a problem if you're opening the files on the browser like I > did on the screenshots, but it breaks when you load those files inside ajax > calls and use them as AngularJS templates. > > I think librejs shouldn't be allowed to change contents like that.
Hi, Thought I'd bring a bit of background on this issue. LibreJS intercepts http responses, parses the contents of the response and then analyzes the scripts that are directly embedded in the HTML, those that are external, as well as the js attributes (events etc) in HTML elements. It then modifies the DOM and serializes it again. That's probably why you see the structure of the HTML has been modified (corrected, really) like this. The reason we opted for this method in the first place (prior to Nik taking over) is because there is no way to prevent each script (especially those that are in element attributes) from running unless we catch the response before it gets parsed/rendered by Firefox/IceCat/Abrowser. There's a way to prevent the execution of both external and embedded scripts (using beforescriptexecute) without intercepting the response as we do, but there is no way to prevent attribute scripts from executing unless we parse/modify the contents of the responses. I think it would be possible to keep the unadulterated response and only replace the elements modified by LibreJS, but it would take a fair amount of work. Loic
