New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

scriplet injections are Not Logged #2877

Closed
joey04 opened this Issue Aug 15, 2017 · 5 comments

Comments

Projects
None yet
3 participants
@joey04

joey04 commented Aug 15, 2017

Can you add Logging of scriplet injections? As far as I can tell, that's the only type of rule that's not already logged.

@joey04

This comment has been minimized.

joey04 commented Sep 19, 2017

I decided to take a stab at adding this yesterday, and thankfully got some results quickly. I then polished it today and now have a satisfactory solution for my limited use of injectors -- one each at a few sites.

thefreedictionary.com##script:inject(setTimeout-defuser.js, warn)
is the rule shown here:

all

Note the >> indicator (opposite of redirect).

This is the diff for all of my additions.

The TODOs for a full, general solution are in the diff.


Final thought: the retrieveUserScripts function may not be the best place to call the logging function, as shown below. But scriplet injectors are a special class of rule, and how best to do it is up to gorhill or somebody else with a deeper knowledge of it.

console

The console log and logger capture show that going to thefreedictionary homepage results in 4 invocations of retrieveUserScripts. Then typing "inject" and going to that page results in just 1 invocation of the function.

logger

@gorhill gorhill closed this in dec0b80 Dec 17, 2017

gorhill added a commit that referenced this issue Dec 23, 2017

@Remu-rin

This comment has been minimized.

Remu-rin commented Dec 23, 2017

@gorhill
Thanks for the fix. Now it's easy to observe scriptlet injections and I have a question, triggered by uBlockOrigin/uAssets@43eb464
Is $badfilter supposed to work with script:inject filters? Looks like it works only for the exact string where it's placed. If the same script:inject exists somewhere without $badfilter (e.g. uAssets or the same My filters), then it's not discarded and working.

@gorhill

This comment has been minimized.

Owner

gorhill commented Dec 23, 2017

badfilter is only for network filters.

##script:inject is parsed as a cosmetic filter, so if you want to cancel it, just use the exception filter syntax:

#@#script:inject(...)

The exception syntax #@# for cosmetic filters is equivalent of badfilter for network filters.

Is the scriptlet filter for 4chan.org causing issues?

@Remu-rin

This comment has been minimized.

Remu-rin commented Dec 23, 2017

Thanks, it works as expected.

@Remu-rin

This comment has been minimized.

Remu-rin commented Jan 2, 2018

Is the scriptlet filter for 4chan.org causing issues?

Didn't saw edit. Not now, but back then the first version of filter for 4chan (linked above) broke Violentmonkey there, as you remember. So I thought it would be useful to know how to disable specific scriptlet filter if some problems occur in the future, since now injections would be logged properly.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment