MozillaZine

YouTube Anywhere Player, Capture & Print, Bluhell, etc

Announce and Discuss the Latest Theme and Extension Releases.
chiaz
 
Posts: 4
Joined: December 1st, 2012, 8:32 am

Post Posted December 1st, 2012, 10:20 am

Hi..my facebook page is blocked by fb pishing protector saying this:

An attempt to inject a remote/unknown script has been blocked.

Suspicious Script: https://fbstatic-a.akamaihd.net/rsrc.ph ... vBgj_2K.js
Event Date: Sat Dec 01 2012 16:18:19 GMT+0100 (ora solare Europa occidentale)

what is it? what should I do to use my page? thanks

diegocr

User avatar
 
Posts: 182
Joined: July 7th, 2008, 1:02 pm

Post Posted December 1st, 2012, 11:42 am

It's a false positive, a fixed version has been uploaded and is awaiting review:

https://addons.mozilla.org/en-US/firefo ... /versions/

Thank you for the report.
You have your way. I have my way. As for the right way, the correct way, and the only way, it does not exist...
https://addons.mozilla.org/user/diegocr/

liquidsg
 
Posts: 1
Joined: December 1st, 2012, 11:43 am

Post Posted December 1st, 2012, 11:44 am

Thanks for this, diegocr! I will try it asap. I just got this error myself

An attempt to inject a remote/unknown script has been blocked.

Suspicious Script: https://fbstatic-a.akamaihd.net/rsrc.ph ... Am4RHaN.js
Event Date: Sat Dec 01 2012 19:55:04 GMT+0200 (FLE Standard Time)

diegocr

User avatar
 
Posts: 182
Joined: July 7th, 2008, 1:02 pm

Post Posted December 2nd, 2012, 12:07 pm

You're welcome. I hope i was fast enough to not cause much headache.
You have your way. I have my way. As for the right way, the correct way, and the only way, it does not exist...
https://addons.mozilla.org/user/diegocr/

tuk0z

User avatar
 
Posts: 50
Joined: July 24th, 2004, 9:05 am
Location: UE

Post Posted January 1st, 2013, 7:42 am

Hey - Happy New Year ;)
Thank you for the Clean Links add-on that I use happily.
Please is there a way to make it not touch the bookmarklets links?
Firefox/-dev/Palemoon & ex-Opera fan - Arch Linux, Android, Windows phone - RAID-lvm Core i3, Atom systems
"Anyone who slaps a 'this page is best viewed with Browser X' label on a Web page appears to be yearning for the bad old days, be4 the Web..." - Tim Berners-Lee, July 1996

diegocr

User avatar
 
Posts: 182
Joined: July 7th, 2008, 1:02 pm

Post Posted January 1st, 2013, 1:01 pm

HNY :)

Add "javascript:" to the "Skip links matching with" preferences option:

Image

Cheers.
You have your way. I have my way. As for the right way, the correct way, and the only way, it does not exist...
https://addons.mozilla.org/user/diegocr/

Fritz_Geiger
 
Posts: 9
Joined: January 4th, 2013, 1:19 pm

Post Posted January 4th, 2013, 3:31 pm

diegocr wrote:preferences option:


BTW, the only place where I found CL preferences is about:config.
FF v3.6.28; tried also with all other extensions/add-ons disabled -
even in add-ons list, no interface to preferences...

... I set extensions.cleanlinks.highlight to true - successfully;
but when I tried to tune/add extensions.cleanlinks.remove, I failed. Well, partially.

I added "|\?\w+" at the end of the default string,
and it converts [...]out.php?member=bla-bla-bla to [...]out.php# (why anchor? can't guess...),
but [...]index.html?31xbla-bla-bla remains intact.

As far as I know, "\w" in RegExp means letters too, not only literals.
May be your syntax differs from javascript default?
Or - what I am doing wrong?

Sorry, I have very little knowledge in programming and can not figure out a problem myself;
the only programmer language I can use/understand is BCL, and a very small bit of REXX...

diegocr

User avatar
 
Posts: 182
Joined: July 7th, 2008, 1:02 pm

Post Posted January 4th, 2013, 5:09 pm

Fritz_Geiger wrote:the only place where I found CL preferences is about:config.


Sorry about that, it's because inline options are being used which is a Fx4+ feature.

Fritz_Geiger wrote:I added "|\?\w+" at the end of the default string,
and it converts [...]out.php?member=bla-bla-bla to [...]out.php# (why anchor? can't guess...),
but [...]index.html?31xbla-bla-bla remains intact.


That's due the "remove" regexp pattern is internally constructed in such a way that removing query's keys will also remove their corresponding value. So, by using \?\w+ you are really removing everything beyond the ?, i.e. all query parameters from the URL in the form key=value, since ?member=xyz&foo=bar is converted to ?foo=bar and so on.

fwiw, \w is equivalent to [A-Za-z0-9_]

Fritz_Geiger wrote:... and a very small bit of REXX...


REXX is fun, I learned programming using it. :-)
You have your way. I have my way. As for the right way, the correct way, and the only way, it does not exist...
https://addons.mozilla.org/user/diegocr/

Fritz_Geiger
 
Posts: 9
Joined: January 4th, 2013, 1:19 pm

Post Posted January 5th, 2013, 10:00 am

diegocr wrote:which is a Fx4+ feature.


I guessed something like this; it was not complain, only a note for future help/documentation/FAQ/&.

(Side note: that person, who need to use regular expressions, _must_ have enough skills to use about:config.)

diegocr wrote:removing query's keys will also remove their corresponding value.


Well, does this phrase means that CL cuts only _query_strings_ (consisting of "field=value", or only "field=")?
I. e. it is required (for CL to function) that link contains "=" symbol?

Please, if it is possible and not annoying, publish the aglorythm CL uses, something like this:
0. find all links on the loaded page;
1. exclude all links that contain (in any place) strings listed in extensions.cleanlinks.skipwhen; process all other links;
2. if link contains (in any place? in query string field? after .php/.html/&?) string listed in extensions.cleanlinks.remove, remove that string.

diegocr wrote:So, by using \?\w+ you are really removing everything beyond the ?,


Yes, it is desired to function in that way.

diegocr wrote:i.e. all query parameters


Only _parameters_ (containing / ending with "=")?
Not "any literal+numerical+underscore symbols"?

diegocr wrote:from the URL in the form key=value, since ?member=xyz&foo=bar is converted to ?foo=bar and so on.


This looks very logical. In terms of elaborating _query_string_,
but _not_ logical in terms of elaborating _any_ string.

I wish ?member=xyz&foo=bar is converted to NUL (to strengthen the thought - in one step).
Yes, I need to replace my \?\w+ with something like \?[&0-9A-Za-z]+...
but only after I see that (with my current \?\w+) ?member=xyz&foo=bar is converted to &foo=bar.

Now:
?member=xyz (in http://www.f.b/dsc/?member=xyz) is not converted at all;
?member=xyz (in http://www.f.b/dsc/out.html?member=xyz) is converted to #;
?member=xyz&foo=bar in direct link (in http://www.f.b/dsc/?member=xyz&foo=bar) is not converted at all;
?member=xyz&foo=bar in redirect link (in http://www.f.b/phpBB2/goto/http://www.f ... yz&foo=bar) is converted to ?member=xyz#.

My examples - http://v-sud.org/temp/CL/CLtest.html.

I understand, that I may expect something _other_ than CL was planned for...
however, any result, even simple knowledge of CL's logic, is affordable.

diegocr

User avatar
 
Posts: 182
Joined: July 7th, 2008, 1:02 pm

Post Posted January 6th, 2013, 1:56 pm

The algorithm is something kinda basic...

1. First we check if the link matches with the skip pattern, and do nothing if so.

2. if 'javascript:' is at the beginning of the link and a nested link is found beyond, remove everything but the link.

3. Check and try to decode any encoded part..

4. Iterate through the link as long nested ones are found.

5. If a nested link were found, or the 'remove' pattern matches the actual link, proceed to perform some final cleanup..

5a. If a hash tag if found, save it.

5b. Replace & by & and remove anything on the link matching the user-provided pattern.

5c. If a hash tag was previously found, append that - otherwise, just append a plain one (This prevents certain links from becoming broken if something is appended to it later using JS events.. Naturally this side effect is not present while using Delegation Mode - yet the hash tag is still appended, though..)


The 'remove' pattern is constrcuted this way:

new RegExp('\\b('+ USER_PREF +')=.+?(&|$)','g');

So, this should answer your question on what gets removed, a key=value pair where value is at least one char long.


Your examples page is interesting and tells me there's something wrong somewhere since we are not getting the same results, be it my add-on or Gecko engine across Fx versions...

Example 1: It'd work by using \?\w* rather than \?\w+

Example 2: Same here, most likely the boundary delimiter is preventing it from working, and since there were no nested link it isn't touched (step #5)

Example 3: It's converted here to http://www.ebay.com/dsc/?_pppn=v3 ..

Example 4: Here to http://foo.bar/scj/cgi/out.php#

Example 5: No value so it isn't touched.

Maybe you are trying to achieve something CL was not designed to, as you pointed out - the main purpose of the add-on is to avoid lame user tracking and such practices, being as result faster page loading since no intermediate websites are requested while browsing. Everything else beyond that is outside of the scope of the add-on, but needless to say that i listen for feature requests and bugs.
You have your way. I have my way. As for the right way, the correct way, and the only way, it does not exist...
https://addons.mozilla.org/user/diegocr/

Fritz_Geiger
 
Posts: 9
Joined: January 4th, 2013, 1:19 pm

Post Posted January 7th, 2013, 5:27 pm

diegocr wrote:5a.


diegocr wrote:5b.


diegocr wrote:5c.


Thanks, now I see/understand this - lines 191...196 of the program file, browser.js.

diegocr wrote:yet the hash tag is still appended, though..


I'll risk!

Line 194 is too complex for me, and editing it is potentially dangerous,
so I applied very quick-and-dirty hack - removed # from line 23 (empty quotation marks remained)...
hope this will not affect other places than line 194...

diegocr wrote:new RegExp('\\b('+ USER_PREF +')=.+?(&|$)','g');

So, this should answer your question


Absolutely.

I edited line 403, now it looks... "transit/pass-through":
this.op[p] = new RegExp('(' + this.op[p] + ')', 'g');

Yes, I understand the consequences - all resulting problems are now mine.

diegocr wrote:Example 1: It'd work by using \?\w* rather than \?\w+


Again, you are right, my fault...
Today I am using overkill \?.* (and utm_\w+) in extensions.cleanlinks.remove, but it can be too wide, I'll continue to experiment...
may be exact \?[&0-9=A-Z_a-z]* will be better...

diegocr wrote:Example 2: Same here, most likely the boundary delimiter is preventing it from working


My experiment with line 403 also supports this thought.

diegocr wrote:Example 3: It's converted here to http://www.ebay.com/dsc/?_pppn=v3 ..


... with ending #, of cause...

diegocr wrote:Example 5: No value so it isn't touched.


Yes, yes, I understood already... :-)

diegocr wrote:achieve something CL was not designed to


It was not designed to, but now it does (locally, in my system, but does exact as I desired).

After modification CL became less fool-proof and less user-friendly,
but it does the trick I want.

diegocr wrote:Everything else beyond that is outside of the scope of the add-on


You are wisard.

You felt (saw in crystal ball or whatewer other magic you used) that I was planning to ask
to implement the ability to _modify_ (not only cut) any link - i. e. _full_ search and replace.

...Well, ending with joking...

If it requires not much efforts, can you implement "transit/pass-through/expert" mode?
With additional query, or through some about:config key only - to exclude "lame user"?

diegocr

User avatar
 
Posts: 182
Joined: July 7th, 2008, 1:02 pm

Post Posted January 8th, 2013, 1:14 am

Fritz_Geiger wrote:I'll risk! ... hope this will not affect other places than line 194...


No problem as long you're using Delagation Mode, otherwise there will be issues with cleaned Ad[Sense] links and the like...

Fritz_Geiger wrote:Yes, I understand the consequences - all resulting problems are now mine.


That's the fun of hacking :mrgreen: ;-)

Fritz_Geiger wrote:You are wisard. You felt (saw in crystal ball or whatewer other magic you used) that I was planning to ask ....


Heh, after asking for the algorithm one does not need to be a wizard to guess you were dealing with the code, or that you'd ask for additional features if unsuccessful :-)

Well, a search&replace feature shouldn't be hard to implement, in fact... it'd take more time implementing the configrable options which controls it. Hence, for now i'll add it to my TODO list but in the meanwhile you may could use the following:

Code: Select all
for(let [k,v] in Iterator({
      "replace.this" : "by.this",
      "heaven" : "hell",
      "you.get" : "the.point ;-)"
   }) {
      
      h = h.replace(k,v,'g');
   }


Obviously, as long you don't mind having that hardcoded... It must be at line 196 (just before the "return h;")

Hope that helps!
You have your way. I have my way. As for the right way, the correct way, and the only way, it does not exist...
https://addons.mozilla.org/user/diegocr/

yayayaaa
 
Posts: 3
Joined: February 26th, 2013, 12:46 pm

Post Posted April 11th, 2013, 6:57 pm

Hello,

I don't know if this is the place to post this, but I have a question about Encrypted Communication. Does it also encrypt attachments, or just the body text of the e-mail?

Thank you.

diegocr

User avatar
 
Posts: 182
Joined: July 7th, 2008, 1:02 pm

Post Posted April 11th, 2013, 7:04 pm

Just the body text of the e-mail.
You have your way. I have my way. As for the right way, the correct way, and the only way, it does not exist...
https://addons.mozilla.org/user/diegocr/

yayayaaa
 
Posts: 3
Joined: February 26th, 2013, 12:46 pm

Post Posted April 16th, 2013, 11:35 am

diegocr wrote:Just the body text of the e-mail.
Thank you!

Return to Extension/Theme Releases


Who is online

Users browsing this forum: No registered users and 4 guests