mirror of
https://git.sr.ht/~seirdy/seirdy.one
synced 2024-12-24 01:42:10 +00:00
Correction: uBO can only inject certain scripts
This commit is contained in:
parent
c9291830d0
commit
a7cd9d94f7
2 changed files with 2 additions and 2 deletions
|
@ -6,7 +6,7 @@ My views on the situation are a bit complicated.
|
|||
|
||||
## The existing content filtering landscape
|
||||
|
||||
uBlock Origin (not to be confused with the unrelated uBlock) has advanced content filters, with the ability to inject near-arbitrary content into pages.
|
||||
uBlock Origin (not to be confused with the unrelated uBlock) has advanced content filters, with the ability to inject near-arbitrary stylesheets and a number of scripts into pages.
|
||||
|
||||
=> https://github.com/gorhill/uBlock uBlock Origin on GitHub
|
||||
|
||||
|
|
|
@ -16,7 +16,7 @@ My views on the situation are a bit complicated.
|
|||
The existing content filtering landscape
|
||||
----------------------------------------
|
||||
|
||||
[uBlock Origin](https://github.com/gorhill/uBlock)[^2] has advanced content filters, with the ability to inject near-arbitrary content into pages. Injecting scripts and stylesheets is often necessary to bypass malicious "anti-adblock" scripts or to skip certain types of video ads on streaming platforms. Unfortunately, this presents a security risk: users must trust every filter to not inject malicious stylesheets. Furthermore, sometimes these extensions don't run their filters "in time"; a delay in running a filter could allow unwanted content to sneak through. This is especially common during browser launch. Nonetheless, its functionality makes the user-hostile Web considerably less frustrating, and I rely on it every day.
|
||||
[uBlock Origin](https://github.com/gorhill/uBlock)[^2] has advanced content filters, with the ability to inject near-arbitrary stylesheets and a number of scripts into pages. Injecting scripts and stylesheets is often necessary to bypass malicious "anti-adblock" scripts or to skip certain types of video ads on streaming platforms. Unfortunately, this presents a security risk: users must trust every filter to not inject malicious stylesheets. Furthermore, sometimes these extensions don't run their filters "in time"; a delay in running a filter could allow unwanted content to sneak through. This is especially common during browser launch. Nonetheless, its functionality makes the user-hostile Web considerably less frustrating, and I rely on it every day.
|
||||
|
||||
Chromium's Manifest v3 includes the `declarativeNetRequest` API, which delegates these functions to the browser rather than the extension. Doing so avoids the timing issues visible in privileged extensions and does not require giving the extension access to the page. While these filters are more reliable and improve privilege separation, they are also substantially weaker. You can say goodbye to more advanced "anti-adblock" circumvention techniques.
|
||||
|
||||
|
|
Loading…
Reference in a new issue