-
-
Notifications
You must be signed in to change notification settings - Fork 387
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add surrogate-based replacement placeholders for Rumble and Google reCAPTCHA widgets #2805
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
ghostwords
added
widgets
Click-to-activate placeholders for blocked but potentially useful social buttons/widgets
surrogates
Replacement blank/noop/dummy/neutered versions of tracking scripts used to avoid site breakages
labels
Sep 27, 2021
We may remove fallbackScriptUrl entirely in the future.
ghostwords
force-pushed
the
rumble-replacement-widget
branch
from
September 29, 2021 18:58
27e25c4
to
7c3e885
Compare
ghostwords
force-pushed
the
rumble-replacement-widget
branch
from
September 29, 2021 20:07
7c3e885
to
cf0b61d
Compare
Workaround made unnecessary by surrogate-based replacement.
ghostwords
changed the title
Add replacement placeholder for Rumble widget
Add surrogate-based replacement placeholders for Rumble and Google reCAPTCHA widgets
Oct 19, 2021
ghostwords
force-pushed
the
rumble-replacement-widget
branch
from
October 22, 2021 19:39
f79fc58
to
e493039
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
surrogates
Replacement blank/noop/dummy/neutered versions of tracking scripts used to avoid site breakages
widgets
Click-to-activate placeholders for blocked but potentially useful social buttons/widgets
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Fixes #2739, fixes #2796 by implementing a new, surrogate script-driven widget replacement flow to support replacing more complex/dynamic widgets.
We don't (always) know the widget's element selector (because it's dynamically set by the page via a predefined config variable or widget API call). If our hardcoded selectors don't match, we fail to replace. If a widget is always initialized by calling the widget API, we might not have any hardcoded selectors at all.
To be clear, this PR doesn't add a new widget type; we dynamically generate a "type 4" (#2512) widget in the end of this new replacement flow:
/src/data/socialwidgets.json
) and sends it to the widget replacement content script.Messages from our surrogate are not to be trusted as unlike messages from content scripts, surrogate script messages can be easily modified and/or faked by the page. The background page is responsible for validating/sanitizing incoming widget data (content scripts should be kept as simple as possible).
Follows up on #2512, where we added a new widget type (the aforementioned "type 4") that on activation reinserts the replaced element and then also runs the (previously blocked) associated JavaScript resources.
To be followed up with improved Facebook and YouTube surrogates that should let us finally remove Facebook/YouTube domains from the yellowlist (#1593).