Hi, I'm not sure if this belongs here, but this is the closest thing I found regarding the whole "JavaScript Trap" issue.
> Browser users also need a convenient facility to specify JavaScript code to > use instead of the JavaScript in a certain page. (The specified code might be > total replacement, or a modified version of the free JavaScript program in > that page.) Greasemonkey comes close to being able to do this, but not quite, > since it doesn't guarantee to modify the JavaScript code in a page before > that program starts to execute. http://www.gnu.org/philosophy/javascript-trap.html This problem can be circumvented by executing a user-script, at the top of the document, which fetches the content of the site being visited, closes the document (preventing unmodified script execution), replaces the links to the scripts and/or modifies the content directly, or removes offending scripts, and writes this to a new document executing curated scripts. For example: > getContent(); > document.close(); // close document + prevent execution of offending scripts > > function getContent() { > var client = new XMLHttpRequest(); > client.open('GET', 'https://allow-any-origin.appspot.com/' + > encodeURIComponent(document.location.href), true); > client.onreadystatechange = function() { > if (client.readyState !== 4) { > return; > } > > var response = client.response; > response = response.replace(/<title>(.+?)<\/title>/, > '<title>MODIFIED: $1</title>'); > document.write(response); // open new document + write modified urls > to scripts, modified scripts (or removed scripts) to page > }; > client.send(null); > } This example uses https://allow-any-origin.appspot.com/ to circumvent missing CORS headers, this could be hosted / re-implemented by a free provider with transparency + source code + etc. (possibly routing requests through TOR, preventing the service from being blocked) The idea behind this would be: 1. User gets Greasemonkey script to access only curated scripts 2. This script accesses a local ruleset and/or hosted/approved external ruleset 3. Fetches data, executes rules, writes data on site visit With this technique one could re-implement LibreJS as a browser script, making it browser independent / available for Chromium through Tampermonkey, and start creating a repository of modified scripts (like suggested in the aforementioned article). With kind regards / Mit freundlichen Grüßen, Marc A. Harnos
