1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
|
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<!-- This manual is for GNU LibreJS (version 6.0.10.20151022, 22 October 2015),
a GNU IceCat extension to detect and block nonfree nontrivial
JavaScript on webpages.
Copyright (C) 2011 2012 2014 2015 Loic J. Duros
Permission is granted to copy, distribute and/or modify this document
under the terms of the GNU Free Documentation License, Version 1.3 or
any later version published by the Free Software Foundation; with no
Invariant Sections, with no Front-Cover Texts, and with no Back-Cover
Texts. A copy of the license is included in the section entitled
"GNU Free Documentation License". -->
<!-- Created by GNU Texinfo 5.2, http://www.gnu.org/software/texinfo/ -->
<head>
<title>GNU LibreJS 6.0.10.20151022: LibreJS Internals</title>
<meta name="description" content="GNU LibreJS 6.0.10.20151022: LibreJS Internals">
<meta name="keywords" content="GNU LibreJS 6.0.10.20151022: LibreJS Internals">
<meta name="resource-type" content="document">
<meta name="distribution" content="global">
<meta name="Generator" content="makeinfo">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<link href="index.html#Top" rel="start" title="Top">
<link href="index.html#SEC_Contents" rel="contents" title="Table of Contents">
<link href="index.html#Top" rel="up" title="Top">
<link href="Tests.html#Tests" rel="next" title="Tests">
<link href="Installation-Requirements.html#Installation-Requirements" rel="prev" title="Installation Requirements">
<style type="text/css">
<!--
a.summary-letter {text-decoration: none}
blockquote.smallquotation {font-size: smaller}
div.display {margin-left: 3.2em}
div.example {margin-left: 3.2em}
div.indentedblock {margin-left: 3.2em}
div.lisp {margin-left: 3.2em}
div.smalldisplay {margin-left: 3.2em}
div.smallexample {margin-left: 3.2em}
div.smallindentedblock {margin-left: 3.2em; font-size: smaller}
div.smalllisp {margin-left: 3.2em}
kbd {font-style:oblique}
pre.display {font-family: inherit}
pre.format {font-family: inherit}
pre.menu-comment {font-family: serif}
pre.menu-preformatted {font-family: serif}
pre.smalldisplay {font-family: inherit; font-size: smaller}
pre.smallexample {font-size: smaller}
pre.smallformat {font-family: inherit; font-size: smaller}
pre.smalllisp {font-size: smaller}
span.nocodebreak {white-space:nowrap}
span.nolinebreak {white-space:nowrap}
span.roman {font-family:serif; font-weight:normal}
span.sansserif {font-family:sans-serif; font-weight:normal}
ul.no-bullet {list-style: none}
-->
</style>
</head>
<body lang="en" bgcolor="#FFFFFF" text="#000000" link="#0000FF" vlink="#800080" alink="#FF0000">
<a name="LibreJS-Internals"></a>
<div class="header">
<p>
Next: <a href="Tests.html#Tests" accesskey="n" rel="next">Tests</a>, Previous: <a href="Installation-Requirements.html#Installation-Requirements" accesskey="p" rel="prev">Installation Requirements</a>, Up: <a href="index.html#Top" accesskey="u" rel="up">Top</a> [<a href="index.html#SEC_Contents" title="Table of contents" rel="contents">Contents</a>]</p>
</div>
<hr>
<a name="LibreJS-Internals-1"></a>
<h2 class="appendix">Appendix B LibreJS Internals</h2>
<p>LibreJS intercepts HTTP responses and rewrites their contents after
analyzing JavaScript within them. It does not remove script nodes and
attributes from the page, but instead “deactivates” them by modifying
the <code>type</code> and <code>src</code> attributes on script elements and by
moving the contents of inline JavaScript attributes such as onClick
into harmless attributes.
</p>
<p>LibreJS detects the most common cases using the HTTP response method
described above, but in extremely rare cases, or when running code
locally, LibreJS cannot detect JavaScript during the response stage.
</p>
<p>To remedy this issue, and as a final safeguard, LibreJS takes a look
at the scripts that are about to be executed while the browser engine is
parsing the page. If the script is not found in a list of accepted
scripts populated earlier, the execution will be prevented. This is to
ensure content types that are not regular HTML (binhex with HTML in it,
…) and JavaScript do not fall through the cracks and get executed.
</p>
</body>
</html>
|
