Opened 5 years ago

Closed 5 years ago

Last modified 4 years ago

#748 closed change (incomplete)

Implement blocking of inline JavaScript

Reported by: mikhaelkh Assignee:
Priority: Unknown Milestone:
Module: Platform Keywords:
Cc: mapx, trev, greiner, sebastian Blocked By:
Blocking: Platform: Chrome
Ready: no Confidential: no
Tester: Unknown Verified working: no
Review URL(s):

Description (last modified by trev)

Blocking inline JavaScript is possible in Chrome, by injecting a fake Content-Security-Policy header into the server response for particular websites. Maybe this possibility should be used in Adblock Plus.

Change History (13)

comment:1 Changed 5 years ago by mikhaelkh

I forgot to set platform to Chrome

comment:2 Changed 5 years ago by mapx

  • Component changed from Unknown to Platform
  • Platform changed from Unknown to Chrome

comment:3 Changed 5 years ago by mapx

  • Cc mapx added

comment:4 Changed 5 years ago by sebastian

  • Resolution set to invalid
  • Status changed from new to closed

Adblock Plus already reliable blocks JavaScript. However Adblock Plus is only blocking some external scripts, and doesn't completely disable JavaScript on given pages. There are other extensions that lets you do that.

comment:5 Changed 5 years ago by trev

  • Description modified (diff)
  • Summary changed from Implement new javascript blocking to Implement blocking of inline JavaScript

Note that this feature has been discussed a while ago for Firefox where it is more straightforward to implement. The problem is that blocking all inline scripts without distinguishing between them doesn't seem to be a useful feature. While it will allow getting rid of some anti-adblock messages, in 99% of the cases it will also break the website as a side-effect.

comment:6 Changed 5 years ago by trev

  • Cc trev added

comment:7 Changed 5 years ago by mapx

something about JS injection, here:
https://issues.adblockplus.org/ticket/756

comment:9 Changed 4 years ago by trev

Not quite the same thing - he is "blocking" individual scripts (something that inevitably causes a massive performance overhead). Not that it is significantly more useful as a result, anti-adblock messages can easily be combined with required website functionality in the same <script> tag. They won't do that for a small extension like uBlock but they will definitely do it if we implement something like that.

comment:10 Changed 4 years ago by mapx

A lot of people are using the userscripts (see anti adblock killer for example) to defeat the anti adblock tricks, so they give up on performance. Anyway the advanced users can use it to create their own filters (even if such rules wont be included by easylist). A tool which can create only specific filters.
I guess the maintenance of a site using that spaghetti sort of code is not very convenient (a contains-type selection can be refined to function level I guess)

comment:11 Changed 4 years ago by mapx

  • Cc greiner sebastian added

comment:13 Changed 4 years ago by mario86

"Not quite the same thing". Ok. Here is a separate ticket for this: #3207

@trev: It is not true that we need this only for anti-adblock messages. Instead, some very popular German websites found a way to trick ABP and show obnoxious click-bait ads that can not be blocked with the current ABP functionality. Also performance should not be an issue, as uBlock Origin implemented this without noticeable performance impact.

Note: See TracTickets for help on using tickets.