Merge remote-tracking branch 'refs/remotes/origin/master' into legacy…

…permissions
andryou · Jun 14, 2016 · 94faaf3 · 94faaf3
2 parents 3fb421e + b507926
commit 94faaf3
Show file tree

Hide file tree

Showing 9 changed files with 38 additions and 28 deletions.
diff --git a/html/options.html b/html/options.html
@@ -60,7 +60,11 @@
 				</select><br /><i>(Default: Relaxed; Relaxed = whitelisted domains will not be blocked; Strict = domains in the unwanted domain list will be blocked even if whitelisted)</i></td></tr>
 				<tr><td class="rowtitle"><label for="antisocial">Antisocial Mode</label>:</td><td><input type="checkbox" id="antisocial" class="save" /><br /><i>(Default: disabled; always remove social widgets/buttons, even if whitelisted)</i><br /><i>For more comprehensive blocking, check out <a href="https://chrome.google.com/webstore/detail/ghostery/mlomiejdfkolichcflejclcbmpeaniij" target="_blank">Ghostery</a>, <a href="https://chrome.google.com/webstore/detail/disconnect/jeoacafpbcihiomhlakheieifhpjdfeo" target="_blank">Disconnect</a>, <a href="https://chrome.google.com/webstore/detail/blur/epanfjkfahimkgomnigadpkobaefekcd" target="_blank">Blur</a>, and/or <a href="https://chrome.google.com/webstore/detail/ublock-origin/cjpalhdlnbpafiamejdnhcphjbkeiagm?hl=en" target="_blank">uBlock Origin</a> with all of the subscription lists on the <a href="https://www.fanboy.co.nz/" target="_blank">Fanboy site</a></i></td></tr>
 				<tr><td class="rowtitle"><label for="webbugs">Remove Webbugs</label>:</td><td><input type="checkbox" id="webbugs" class="save" /> <i>(Default: enabled; remove "invisible" third-party elements)</i></td></tr>
-				<tr><td class="rowtitle"><label for="referrer">Block Click-Through Referrer</label>:</td><td><input type="checkbox" id="referrer" class="save" /> <i>(Default: enabled; blocks referrer information when clicking on external links)</i></td></tr>
+				<tr><td class="rowtitle"><label for="referrer">Block Click-Through Referrer</label>:</td><td><select id="referrer" class="savechange">
+					<option value="false">Disabled</option>
+					<option value="true">Only on Unwhitelisted Domains</option>
+					<option value="alldomains">On All Domains</option>
+				</select><br /><i>(Default: Only on Unwhitelisted Domains; blocks referrer information when clicking on third-party links (note: setting this to "All Domains" may cause issues (e.g. thumbnails in Tweetdeck))</i></td></tr>
 				<tr><td class="rowtitle"><label for="useragentspoof">User-Agent Spoof</label>:</td><td><select id="useragentspoof" class="savechange">
 					<option value="off">-Off-</option>
 					<option value="chrome50">Chrome 50.0.2661.102</option>

diff --git a/html/updated.html b/html/updated.html
@@ -9,27 +9,32 @@
 	<div id="message"></div> 
 	<div id="main">
 	<div id="header"><span id="title">ScriptSafe</span><br /><br />
-	<h1>Updated to v<span id="versionno"></span>! (Monday, June 13, 2016)</h1>
+	<h1>Updated to v<span id="versionno"></span>! (Tuesday, June 14, 2016)</h1>
 	<br />
 	<hr>
 	<div style="text-align: left; line-height: 18px; font-size: 13px;"><br />
+	I am pushing this update out because it fixes some important issues with other extensions, as well as blocking behaviour if using "Allow" as "Default Mode".<br /><br />
+	Starting from v1.0.7.11, you will experience consistently fast page load times and the update notifications that many of you found to be annoying have been completely removed.<br /><br />
+	Over the past two weeks, significant updates have been made to ScriptSafe to bring more granular control, protection against WebRTC leaks, significant performance improvements, and most importantly, stronger security.<br /><br />
+	With this release you can expect stability and some peace and quiet, as I don't intend on pushing out another update unless absolutely required.<br /><br />
 	In this version you will find the following updates:
 	<ul>
-		<li><b>v1.0.7.11:</b><ul>
-			<li><strong>Announcement: <a href="https://github.com/andryou/scriptsafe/issues/29" target="_blank">changes to ScriptSafe updates</a></strong> (thank you to all those who helped test this release over this weekend)</li>
-			<li>Further important compatibility fixes for ScriptSafe to work in Chrome-derivative browsers (e.g. not crash)</li>
-			<li>Greatly reduced page load times/CPU usage if using large lists and "Block Click-Through Referrer" enabled</li>
-			<li>Removed update notification messages based on feedback</li>
-			<li>Better behaviour when visiting pages on blocked domains</li>
-			<li>Better handling of post-page-load inserted content</li>
+		<li><b>v1.0.7.12:</b><ul>
+			<li>Updated options for "Block Click-Through Referrer", whichs blocks referrer information when clicking on third-party links:<ul>
+				<li>Disabled - feature is disabled</li>
+				<li>Only on Unwhitelisted Domains - only applies to pages on unwhitelisted domains</li>
+				<li>All Domains - applies to third-party links on every domain, even if whitelisted</li>
+				<li><b>Default</b>: "Only on Unwhitelisted Domains" (as setting it to "All Domains" may cause issues (e.g. thumbnails in Tweetdeck))</li>
+			</ul></li>
+			<li>Corrected blocking behaviour if using "Allow" as "Default Mode"</li>
+			<li>Improve compatibility with other Chrome extensions</li>
 			<li>Updated unwanted content providers list</li>
 		</ul></li>
 	</ul>
 	I have put together <a href="https://github.com/andryou/scriptsafe/wiki" target="_blank">some documentation for ScriptSafe</a>, including "Getting Started" instructions.<br />
 	If you run into any issues, please <a href="https://github.com/andryou/scriptsafe/issues" target="_blank">create an issue in Github</a>.
 	<br /><br />
-	I am quite active on Twitter, so if you don't mind the occasional cat tweet, you are free to follow me: <a href="https://twitter.com/andryou" target="_blank">@andryou</a>.<br />
-	If you like ScriptSafe, check out one of my other extensions: <a href="https://chrome.google.com/webstore/detail/decreased-productivity/nlbpiflhmdcklcbihngeffpmoklbiooj" target="_blank">Decreased Productivity</a>.<br /><br />
+	I am quite active on Twitter, so if you don't mind the occasional cat tweet, you are free to follow me: <a href="https://twitter.com/andryou" target="_blank">@andryou</a>.<br /><br />
 	Thank you,<br />
 	-Andrew<br /><br /></div>
 	<hr>

diff --git a/js/options.js b/js/options.js
@@ -130,7 +130,7 @@ function loadOptions() {
 	loadElement("preservesamedomain");
 	loadCheckbox("paranoia");
 	loadCheckbox("classicoptions");
-	loadCheckbox("referrer");
+	loadElement("referrer");
 	loadCheckbox("rating");
 	loadCheckbox("domainsort");
 	loadElement("linktarget");
@@ -173,7 +173,7 @@ function saveOptions() {
 	saveElement("preservesamedomain");
 	saveCheckbox("paranoia");
 	saveCheckbox("classicoptions");
-	saveCheckbox("referrer");
+	saveElement("referrer");
 	saveCheckbox("rating");
 	saveCheckbox("cookies");
 	saveElement("useragentspoof");

diff --git a/js/popup.js b/js/popup.js
@@ -86,7 +86,7 @@ function init() {
 					var tabdomainfriendly = tabdomain.replace(/[.\[\]:]/g,"_");
 					var tabdomainroot = bkg.getDomain(tabdomain);
 					$("#currentdomain").html('<span title="'+tabdomain+'">'+tabdomain+'</span>');
-					if ((responseBlockedCount == 0 && responseAllowedCount == 0) || response.status == 'false' || response.enable == '1' || response.enable == '4') {
+					if ((responseBlockedCount == 0 && responseAllowedCount == 0) || response.status == 'false' || (response.mode == 'block' && (response.enable == '1' || response.enable == '4'))) {
 						if (response.status == 'false') {
 							$(".thirds").html('<i>ScriptSafe is disabled</i>');
 							$("#parent").append('<div class="box box1 snstatus" title="Enable ScriptSafe">Enable ScriptSafe</div>');
@@ -193,12 +193,12 @@ function init() {
 								if (itemdomain) {
 									allowed.push(itemdomain);
 									var itemdomainfriendly = itemdomain.replace(/[.\[\]:]/g,"_");
+									var baddiesstatus = response.alloweditems[i][4];
 									if ($('#allowed .choices[rel="'+itemdomain+'"]').length == 0) {
 										if (response.alloweditems[i][3] == '0') {
 											var trustval0 = '';
 											var trustval1 = '';
 											var allowedtype;
-											var baddiesstatus = response.alloweditems[i][4];
 											var trustType = bkg.trustCheck(itemdomain);
 											if (trustType == '1') {
 												trustval0 = ' selected';

diff --git a/js/scriptsafe.js b/js/scriptsafe.js
@@ -151,7 +151,7 @@ function inlineblock(req) {
     return { responseHeaders: headers };
 }
 function ScriptSafe(req) {
-	if (req.tabId == -1 || req.url === 'undefined' || localStorage["enable"] == "false") {
+	if (req.tabId == -1 || req.url === 'undefined' || localStorage["enable"] == "false" || req.url.substring(0,4) != 'http') {
 		return { cancel: false };
 	}
 	if (req.type == 'main_frame') {
@@ -184,7 +184,7 @@ function ScriptSafe(req) {
 		else elementStatusCheck = false;
 	}
 	if (elementStatusCheck && baddiesCheck && reqtype == "image") reqtype = 'webbug';
-	if ((reqtype == "page" && (domainCheckStatus == '1' || ((localStorage['annoyances'] == 'true' && (localStorage['annoyancesmode'] == 'strict' || (localStorage['annoyancesmode'] == 'relaxed' && domainCheckStatus != '0'))) && baddiesCheck == '1') || (localStorage['antisocial'] == 'true' && baddiesCheck == '2'))) || (reqtype == "frame" && (localStorage['iframe'] == 'true' || localStorage['frame'] == 'true')) || (reqtype == "script" && localStorage['script'] == 'true') || (reqtype == "object" && (localStorage['object'] == 'true' || localStorage['embed'] == 'true')) || (reqtype == "image" && localStorage['image'] == 'true') || reqtype == "webbug" || (reqtype == "xmlhttprequest" && ((localStorage['xml'] == 'true' && (thirdPartyCheck || domainCheckStatus == '1' || baddiesCheck)) || localStorage['xml'] == 'all'))) {
+	if ((reqtype == "page" && localStorage['mode'] == 'block' && (domainCheckStatus == '1' || ((localStorage['annoyances'] == 'true' && (localStorage['annoyancesmode'] == 'strict' || (localStorage['annoyancesmode'] == 'relaxed' && domainCheckStatus != '0'))) && baddiesCheck == '1') || (localStorage['antisocial'] == 'true' && baddiesCheck == '2'))) || (reqtype == "frame" && (localStorage['iframe'] == 'true' || localStorage['frame'] == 'true')) || (reqtype == "script" && localStorage['script'] == 'true') || (reqtype == "object" && (localStorage['object'] == 'true' || localStorage['embed'] == 'true')) || (reqtype == "image" && localStorage['image'] == 'true') || reqtype == "webbug" || (reqtype == "xmlhttprequest" && ((localStorage['xml'] == 'true' && (thirdPartyCheck || domainCheckStatus == '1' || baddiesCheck)) || localStorage['xml'] == 'all'))) {
 		// request qualified for filtering, so continue.
 	} else {
 		return { cancel: false };
@@ -213,7 +213,7 @@ function ScriptSafe(req) {
 }
 function enabled(url) {
 	var domainCheckStatus = domainCheck(url);
-	if (localStorage["enable"] == "true" && domainCheckStatus != '0' && (domainCheckStatus == '1' || (localStorage["mode"] == "block" && domainCheckStatus == '-1')) && url.indexOf('https://chrome.google.com/webstore') == -1) 
+	if (localStorage["enable"] == "true" && domainCheckStatus != '0' && (domainCheckStatus == '1' || (localStorage["mode"] == "block" && domainCheckStatus == '-1')) && url.indexOf('https://chrome.google.com/webstore') == -1 && (url.substring(0,4) == 'http' || url == 'chrome://newtab/')) 
 		return 'true';
 	return 'false';
 }

diff --git a/js/ss.js b/js/ss.js
@@ -44,6 +44,7 @@ function block(event) {
 	var elementStatusCheck;
 	var domainCheckStatus;
 	var absoluteUrl = relativeToAbsoluteUrl(elSrc);
+	if (absoluteUrl.substr(0,4) == 'http') return;
 	var elWidth = $(el).attr('width');
 	var elHeight = $(el).attr('height');
 	var elStyle = $(el).attr('style');
@@ -62,7 +63,7 @@ function block(event) {
 			elementStatusCheck = true;
 		else elementStatusCheck = false;
 	}
-	if (elSrc.substr(0,17) != 'chrome-extension:' && elementStatusCheck && (
+	if (elementStatusCheck && (
 		(
 			(
 				(
@@ -74,7 +75,7 @@ function block(event) {
 					|| (elType == "VIDEO" && SETTINGS['VIDEO'] == 'true')
 					|| (elType == "AUDIO" && SETTINGS['AUDIO'] == 'true')
 					|| (elType == "IMG" && SETTINGS['IMAGE'] == 'true')
-					|| (elType == "A" && SETTINGS['REFERRER'] == 'true')
+					|| (elType == "A" && (SETTINGS['REFERRER'] == 'alldomains' || (SETTINGS['REFERRER'] == 'true' && SETTINGS['DOMAINSTATUS'] != '0')))
 				)
 				&& (
 					(SETTINGS['PRESERVESAMEDOMAIN'] != 'false' && (thirdPartyCheck || domainCheckStatus == '1' || baddiesCheck))
@@ -93,9 +94,9 @@ function block(event) {
 			)
 		)
 		|| (
-			SETTINGS['REFERRER'] == 'true' && elType == "A" && (thirdPartyCheck || domainCheckStatus == '1' || baddiesCheck)
+			(SETTINGS['REFERRER'] == 'alldomains' || (SETTINGS['REFERRER'] == 'true' && SETTINGS['DOMAINSTATUS'] != '0')) && elType == "A" && (thirdPartyCheck || domainCheckStatus == '1' || baddiesCheck)
 	))) {
-			if (SETTINGS['REFERRER'] == 'true' && elType == "A" && (thirdPartyCheck || domainCheckStatus == '1' || baddiesCheck)) {
+			if ((SETTINGS['REFERRER'] == 'alldomains' || (SETTINGS['REFERRER'] == 'true' && SETTINGS['DOMAINSTATUS'] != '0')) && elType == "A" && (thirdPartyCheck || domainCheckStatus == '1' || baddiesCheck)) {
 				$(el).attr("rel","noreferrer");
 			} else {
 				event.preventDefault();
@@ -107,12 +108,13 @@ function block(event) {
 				else $(el).remove();
 			}
 		} else {
-			if (SETTINGS['EXPERIMENTAL'] == '0' && elSrc.substr(0,11) != 'javascript:' && elSrc.substr(0,17) != 'chrome-extension:' && (elType == "IFRAME" || elType == "FRAME" || elType == "EMBED" || elType == "OBJECT" || elType == "SCRIPT")) {
+			if (SETTINGS['EXPERIMENTAL'] == '0' && (elType == "IFRAME" || elType == "FRAME" || elType == "EMBED" || elType == "OBJECT" || elType == "SCRIPT")) {
 				chrome.extension.sendRequest({reqtype: "update-allowed", src: absoluteUrl, node: elType});
 			}
 		}
 }
 function postLoadCheck(elSrc) {
+	if (elSrc.substring(0,4) != 'http') return false;
 	var domainCheckStatus;
 	var thirdPartyCheck;
 	var elementStatusCheck;
@@ -196,7 +198,7 @@ function ScriptSafe() {
 	if (SETTINGS['IMAGE'] == 'true') $("img[data-ss"+timestamp+"!='1']").each(function() { var elSrc = getElSrc(this); if (elSrc) { elSrc = relativeToAbsoluteUrl(elSrc.toLowerCase()); if (postLoadCheck(elSrc)) { $(this).remove(); } else { $(this).attr("data-ss"+timestamp,'1'); } } });
 	if (SETTINGS['SCRIPT'] == 'true' && SETTINGS['EXPERIMENTAL'] == '0') {
 		clearUnloads();
-		$("script[data-ss"+timestamp+"!='1']").each(function() { var elSrc = getElSrc(this); if (elSrc) { elSrc = relativeToAbsoluteUrl(elSrc.toLowerCase()); if (postLoadCheck(elSrc)) { chrome.extension.sendRequest({reqtype: "update-blocked", src: elSrc, node: 'SCRIPT'}); $(this).remove(); } else { if (elSrc.substr(0,11) != 'javascript:' && elSrc.substr(0,17) != 'chrome-extension:') { chrome.extension.sendRequest({reqtype: "update-allowed", src: elSrc, node: "SCRIPT"}); $(this).attr("data-ss"+timestamp,'1'); } } } });
+		$("script[data-ss"+timestamp+"!='1']").each(function() { var elSrc = getElSrc(this); if (elSrc) { elSrc = relativeToAbsoluteUrl(elSrc.toLowerCase()); if (postLoadCheck(elSrc)) { chrome.extension.sendRequest({reqtype: "update-blocked", src: elSrc, node: 'SCRIPT'}); $(this).remove(); } else { if (elSrc.substr(0,4) == 'http') { chrome.extension.sendRequest({reqtype: "update-allowed", src: elSrc, node: "SCRIPT"}); $(this).attr("data-ss"+timestamp,'1'); } } } });
 		if ((SETTINGS['PRESERVESAMEDOMAIN'] == 'false' || (SETTINGS['PRESERVESAMEDOMAIN'] != 'false' && SETTINGS['DOMAINSTATUS'] == '1'))) {
 			$("a[href^='javascript']").attr("href","javascript:;");
 			$("[onClick]").removeAttr("onClick");
@@ -229,7 +231,7 @@ function loaded() {
 	ScriptSafe();
 	$('body').unbind('DOMNodeInserted.ScriptSafe');
 	$('body').bind('DOMNodeInserted.ScriptSafe', ScriptSafe);
-	if (SETTINGS['REFERRER'] == 'true') {
+	if (SETTINGS['REFERRER'] == 'alldomains' || (SETTINGS['REFERRER'] == 'true' && SETTINGS['DOMAINSTATUS'] != '0')) {
 		$('body').unbind('DOMNodeInserted.ScriptSafeReferrer');
 		$('body').bind('DOMNodeInserted.ScriptSafeReferrer', blockreferrer);
 		blockreferrer();

diff --git a/js/yoyo.js b/js/yoyo.js
@@ -28,7 +28,6 @@ var antisocial2 = [
 'api.facebook.com',
 'api.pinterest.com',
 'api.solidopinion.com',
-'api.twitter.com',
 'assets.pinterest.com',
 'cdn.api.twitter.com',
 'cdn-social.janrain.com',

diff --git a/manifest.json b/manifest.json
@@ -47,5 +47,5 @@
    "options_page": "html/options.html",
    "permissions": [ "http://*/*", "https://*/*", "tabs", "unlimitedStorage", "webRequest", "webRequestBlocking", "storage", "notifications" ],
    "update_url": "http://clients2.google.com/service/update2/crx",
-   "version": "1.0.7.11"
+   "version": "1.0.7.12"
 }
diff --git a/readme.md b/readme.md
@@ -3,4 +3,4 @@ A Chrome extension that gives users control of the web and more secure browsing
 
 **This branch uses the legacy permissions (pre v1.0.6.19), meaning it does not request the Privacy permission (does not have WebRTC Protection).**
 
-**More information (quick start, feature list, domain expressions/examples, and more) here: https://github.com/andryou/scriptsafe/wiki**
+More information (quick start, feature list, domain expressions/examples, and more) here: **https://github.com/andryou/scriptsafe/wiki**
Original file line number	Diff line number	Diff line change
Expand Up		@@ -3,4 +3,4 @@ A Chrome extension that gives users control of the web and more secure browsing

		This branch uses the legacy permissions (pre v1.0.6.19), meaning it does not request the Privacy permission (does not have WebRTC Protection).

		More information (quick start, feature list, domain expressions/examples, and more) here: https://github.com/andryou/scriptsafe/wiki
		More information (quick start, feature list, domain expressions/examples, and more) here: https://github.com/andryou/scriptsafe/wiki