I'm not sure I understand everything you said, but what about AJAX calls that return JSON responses? Shouldn't librejs leave those responses unchanged?
In the tests I'm doing, librejs is changing those responses as well - which of course break the application. >From where I'm looking this seems like a deal breaker :( Cheers Tony On Tue, Oct 21, 2014 at 11:33 AM, Loic J. Duros <[email protected]> wrote: > Tony França <[email protected]> writes: > > > Please look at those two screenshots of firefox opening the same static > file > > with and without librejs enabled. > > > > They are rendered in the same way in both cases, but when you look under > the > > hood, in the network tab, you can see that with LibreJS enabled, the > response > > it "got from the server" misteriously gets a <html>, a <head> and a > <body> > > elements - which just don't exist on the original file. > > > > This may not be a problem if you're opening the files on the browser > like I > > did on the screenshots, but it breaks when you load those files inside > ajax > > calls and use them as AngularJS templates. > > > > I think librejs shouldn't be allowed to change contents like that. > > Hi, > > Thought I'd bring a bit of background on this issue. > > LibreJS intercepts http responses, parses the contents of the response > and then analyzes the scripts that are directly embedded in the HTML, > those that are external, as well as the js attributes (events etc) in > HTML elements. It then modifies the DOM and serializes it again. That's > probably why you see the structure of the HTML has been modified > (corrected, really) like this. > > The reason we opted for this method in the first place (prior to Nik > taking over) is because there is no way to prevent each script > (especially those that are in element attributes) from running unless we > catch the response before it gets parsed/rendered by > Firefox/IceCat/Abrowser. There's a way to prevent the execution of both > external and embedded scripts (using beforescriptexecute) without > intercepting the response as we do, but there is no way to prevent > attribute scripts from executing unless we parse/modify the contents of > the responses. > > I think it would be possible to keep the unadulterated response and > only replace the elements modified by LibreJS, but it would take a fair > amount of work. > > Loic >
