Skip to content

Enhancement: Add PCRE pre-processor of inbound HTML code. #11

Closed
tragicfame opened this Issue May 16, 2012 · 3 comments

2 participants

@tragicfame

Noticed in your comments that Javascript couldn't be disabled and that location tagging couldn't be disabled either. Perhaps a viable option would be to include PCRE into the mix (currently used in Safari, and may even be able to be used in the API) If you could run the inbound buffer through a series of Perl Regular Expressions to filter out things like script tags and such forth.

@mtigas
Owner
mtigas commented May 16, 2012

This is a pretty good solution that, I think, would work by hooking a regex search (like you're talking about) in -(void)connection:(NSURLConnection *)connection didReceiveData:(NSData *)data and -(void)connectionDidFinishLoading:(NSURLConnection *)connection (and the duplicated HTTPConnection* versions of those) in ProxyURLProtocol.

Will look into it.

@tragicfame

Just a really rough cut off the top of my head to kill off Javascript... Here's two RE's that may help. Granted I didn't test them first.

Catching Events:
/on(afterprint|beforeprint|beforeonload|blur|error|focus|haschange|load|message|offline|online|pagehide|pageshow|popstate|redo|resize|storage|undo|unload|blur|change|contextmenu|focus|formchange|forminput|input|invalid|reset|select|submit|keydown|keypress|keyup|click|dblclick|drag|dragend|dragenter|dragleave|dragover|dragstart|drop|mousedown|mousemove|mouseout|mouseover|mouseup|mousewheel|scroll|abort|canplay|canplaythrough|durationchange|emptied|ended|loadeddata|loadedmetadata|loadstart|pause|play|playing|progress|ratechange|readystatechange|seeked|seeking|stalled|suspend|timeupdate|volumechange|waiting)\=(\"|/')[^(\"|/')]+(\"|/')//gi

Catching Scripts:
s/<script.*(\/>|\/script>)//gi

@mtigas
Owner
mtigas commented Feb 1, 2014

fixed/superseded by the script-blocking patch in b634ef8

@mtigas mtigas closed this Feb 1, 2014
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.