LibreJS support

[ghost]

It would be good if Shaarli supported LibreJS, a Firefox extension for blocking non-free non-trivial javascript code.

[ArthurHoaro]

Can you sum up what this is, and what Shaarli should do?

[nodiscc]

AFAIK it requires that all javascript loaded by pages

• presents a valid free software license header
• is in a non-obfuscated/non-minified form

@fturco can you confirm? Can you send a sample output of LIbreJS when loading a Shaarli page?

[dper]

The goal of the LibreJS project is to ensure that all JavaScript run in one's browser is freely licensed.

GNU LibreJS aims to address the JavaScript problem described in Richard Stallman's article The JavaScript Trap. LibreJS is a free add-on for GNU IceCat and other Mozilla-based browsers. It blocks nonfree nontrivial JavaScript while allowing JavaScript that is free and/or trivial.

If a user has the LibreJS add-on installed, then their browser will only load and run JS if the JS is specified in a certain way. This involves adding a little bit of HTML to each page that, when read by LibreJS later, indicates the JavaScript code is freely licensed.

[ghost]

List of blocked JavaScript in http://localhost.lan/shaarli/

    Whitelist

    This script is detected as inline, nonfree, defining functions or methods, and the rest of the page as loading external scripts
    [{"attribute":"onclick","value":"document.location='?';"}]

    Whitelist

    This script is detected as inline, nonfree, defining functions or methods, and the rest of the page as loading external scripts
    [{"attribute":"onclick","value":"showQrCode(this); return false;"}]

    WhitelistNONTRIVIAL: innerHTML identifier
    http://localhost.lan/shaarli/plugins/qrcode/shaarli-qrcode.js
    WhitelistNONTRIVIAL: an open method similar to xhr.open is used
    http://localhost.lan/shaarli/inc/awesomplete.min.js

List of accepted JavaScript in http://localhost.lan/shaarli/

    LibreJS did not allow the execution of any scripts on this page: '
        There may be no scripts on this page (check source, C-u)
        The inline and on-page JavaScript code may not be free and/or may not have proper license information and external scripts (if present) may have been removed by default.
        External scripts may not be free and/or may not have proper licensing and are not part of the whitelist of free JavaScript libraries.

[virtualtam]

Thanks @fturco & @dper for the suggestion and explanations ;-)

Shaarli currently uses:

• 3rd party (MIT license):
  • awesomeplete,
  • bLazy,
• internal (zlib license):
  • some helper functions (mostly for text completion),
  • browser bookmarklets.

That being said, providing JavaScript License Web Labels is quite straightforward and could be part of the next release (0.7.0).

[ArthurHoaro]

More likely 0.8 with templates.

[ArthurHoaro]

On our side, Shaarli's compatible with LibreJS. However, there are two issues on LibreJS for this to work:

• they need to support our license (zlib/libpng)
• they need to support ES6 syntax, right now it ends up with a parse error

I've contacted them through their mailing list.

I'm closing this issue. Feel free to reopen if new elements comes up.