fmaury/seirdy.one
1
0
Fork 0
mirror of https://git.sr.ht/~seirdy/seirdy.one synced 2024-09-19 20:02:10 +00:00
Code Issues Projects Releases Wiki Activity

Correction: uBO can only inject certain scripts

Browse source
This commit is contained in:
Rohan Kumar 2022-06-07 11:02:47 -07:00
parent c9291830d0
commit a7cd9d94f7
No known key found for this signature in database
GPG key ID: 1E892DB2A5F84479
2 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
content/posts/layered-content-blocking.gmi
View file

@ -6,7 +6,7 @@ My views on the situation are a bit complicated.
## The existing content filtering landscape
uBlock Origin (not to be confused with the unrelated uBlock) has advanced content filters, with the ability to inject near-arbitrary content into pages.
uBlock Origin (not to be confused with the unrelated uBlock) has advanced content filters, with the ability to inject near-arbitrary stylesheets and a number of scripts into pages.
=> https://github.com/gorhill/uBlock uBlock Origin on GitHub

2
content/posts/layered-content-blocking.md
View file

@ -16,7 +16,7 @@ My views on the situation are a bit complicated.
The existing content filtering landscape
----------------------------------------
[uBlock Origin](https://github.com/gorhill/uBlock)[^2] has advanced content filters, with the ability to inject near-arbitrary content into pages. Injecting scripts and stylesheets is often necessary to bypass malicious "anti-adblock" scripts or to skip certain types of video ads on streaming platforms. Unfortunately, this presents a security risk: users must trust every filter to not inject malicious stylesheets. Furthermore, sometimes these extensions don't run their filters "in time"; a delay in running a filter could allow unwanted content to sneak through. This is especially common during browser launch. Nonetheless, its functionality makes the user-hostile Web considerably less frustrating, and I rely on it every day.
[uBlock Origin](https://github.com/gorhill/uBlock)[^2] has advanced content filters, with the ability to inject near-arbitrary stylesheets and a number of scripts into pages. Injecting scripts and stylesheets is often necessary to bypass malicious "anti-adblock" scripts or to skip certain types of video ads on streaming platforms. Unfortunately, this presents a security risk: users must trust every filter to not inject malicious stylesheets. Furthermore, sometimes these extensions don't run their filters "in time"; a delay in running a filter could allow unwanted content to sneak through. This is especially common during browser launch. Nonetheless, its functionality makes the user-hostile Web considerably less frustrating, and I rely on it every day.
Chromium's Manifest v3 includes the `declarativeNetRequest` API, which delegates these functions to the browser rather than the extension. Doing so avoids the timing issues visible in privileged extensions and does not require giving the extension access to the page. While these filters are more reliable and improve privilege separation, they are also substantially weaker. You can say goodbye to more advanced "anti-adblock" circumvention techniques.