Luminous injects scripts into non-html files. #107
Comments
|
Fixed in Privacy Badger by EFForg/privacybadger#1954 |
Seems straight forward enough. When I have time I'll try integrating the script into the injection controller and sending a pull request. There seems to be a boolean controlling whether whether luminous injects its scripts. I'll try to find where the rest if the injection conditions are and put this code there. |
|
@ghostwords Thank you for sharing your solution! Hi @StaticallyTypedRice! Thank you for reporting the issue and for creating a pull request with a possible solution! In the case of luminous the issue is related to the support for the filterResponseData API (filterResponseData support #86). The code responsible for injecting scripts into the wrong places is this:
From my tests, we do not have that kind of problem with the strategy used in Chrome or in older versions of Firefox (the "cookie strategy"). You can get a better context on this here: Not being able to guarantee interception #55 The options I believe we have to solve this: 1 - Remove
2 - Create an advanced option to disable this type of injection. 3 - Make filterResponseData work better. Not sure how to do this yet... I opened a pull request indicating the points in the code that would need to be improved: [WIP] Improve filterResponseData #110 Thoughts? |
|
Interesting. Since this is a privacy and security focused extension, it's better to have false positives than negatives. I'll try a few solutions when I have time, but if it's causes the extension to not be guaranteed to inject into places where the code is needed, it's a huge problem. |
|
Ok, new idea. Can we rely on the
Examples:
I'm doing an experiment, it seems promising so far: https://github.com/gbaptista/luminous/pull/110/files |
|
Actually, I do need the solution shared by @ghostwords. It does not happen in Firefox this way because I use the filterResponseData. But - not sure why - the Chrome requests for xml documents are injecting the code... Fixed for Chrome: https://github.com/gbaptista/luminous/pull/110/files#diff-73fb9f3ddac1b537a0a71b3895bccfc7 Thank you again! |
|
@StaticallyTypedRice I believe that in the last correction I made the problem was solved. Can you please check if the problem still happens on version |
|
It seems to be fixed on Linux Edit: Never mind, it's fixed everywhere! |
|
awesome, thanks! |
Currently in Firefox (and I assume other browsers), Luminous injects its blocking code into all files loaded from the URL bar, including XML, JSON, text and image files. This causes these files to be corrupted as the injection messes with the syntax or data structure.
You can see it most clearly when you visit a text file with Luminous enabled: https://github.com/robots.txt
The text was updated successfully, but these errors were encountered: