per filter base script src replacement

[xuefer]

I'd like to replace some bad/evil/ad script src to alternative or dummy one with dummy functions
blocking them works most of the time but in some website other part of the script rely on this script

[lewisje]

In NoScript, this sort of thing is called "surrogate scripts": http://hackademix.net/2011/09/29/script-surrogates-quick-reference/

For browsers other than Firefox, the closest thing I can think of is making a custom UserScript (in TamperMonkey, ViolentMonkey, or your other favorite UserScript environment) for this purpose.

[xuefer]

exactly, with greasemonkey it works on FireFox
with TamperMonkey no one is able to make it with, there're discussions about this

the earliest inject is @run-at document-start. userscript is executed before page code in firefox, but in chrome it's after page code is executed. it is said that extension is not allowed to slow down page, but i think uBlock get a early chance to replace it

[lewisje]

Are you sure that TamperMonkey can't run at document-start? I remember experimenting with a UserScript for a different purpose (to force emoji fallback), and I noticed a difference between @run-at document-start and @run-at document-end when I tried switching.

Please link to any relevant discussions.

[xuefer]

1st it does support some kind of "run at document-start" but it's too late, code is already executed, i've created a script that do alert(window.somevariablecreatedbythepage), i expect it to be "undefined" but's a defined value

and 2nd,
quote from https://gist.github.com/BrockA/2620135
"This does not seem to work in Chrome with TamperMonkey. It looks like the beforescriptexecute event never fires..."
beforescriptexecute is not even supported by chrome yet

[xuefer]

http://userscripts-mirror.org/scripts/show/125936 this is exactly what i wanted, no discussion in this url though

without beforescriptexecute it's impossible to replace the url. but maybe uBlock can

blocking standalone ad script most of the time won't harm the page's function, not even a single error may rise
but blocking ad script while the page will check if ad is loaded/initialized by checking variables set by ad.js, or blocking evil js, using uBlock, will break the page. please really consider replacing beside blocking as uBlock feature

[xuefer]

for document-start, sometimes it works, sometime it doesn't
this this page i use the following script
// ==UserScript==
// @name My Fancy New Userscript
// @namespace http://your.homepage/
// @Version 0.1
// @description enter something useful
// @author You
// @match #1255
// @run-at document.start
// @grant none
// ==/UserScript==

alert(window.FastClick);

it will output function body, or undefined

same apples to https://account.cyanogenmod.org/device/
// ==UserScript==
// @name My Fancy New Userscript
// @namespace http://your.homepage/
// @Version 0.1
// @description enter something useful
// @author You
// @match https://account.cyanogenmod.org/device/*
// @run-at document-start
// @grant none
// ==/UserScript==

alert(window.google);
window.addEventListener('beforescriptexecute', function(e) {
alert("beforescriptexecute");
});

sometimes object, sometimes undefined. never beforescriptexecute

http://userscripts-mirror.org/topics/121108.html

https://greasyfork.org/en/scripts/9011-liveleak-html5-player
"Works with Firefox + Greasemonkey. Does not appear to work with Chrome + Tampermonkey, I believe due to Chrome not supporting the "beforescriptexecute" event."

[lewisje]

Maybe a combination of uBlock and a UserScript would work: Block the original script and supply your own with the dummy functions.

With that said, I can imagine a (highly brittle) syntax extension, something like $surrogate=name where name is the name that you have given to a surrogate script to be delivered instead of the blocked script (and then there would need to be some section where you store surrogate scripts, and maybe some way to deal with potentially multiple surrogates being sent because multiple filters were matched); I know at least in Chrome, the webRequest API allows for redirecting rather than cancelling the request, although I remember when gorhill tried something similar (redirecting to minimal content, like 1x1 transparent PNGs and empty HTML documents), it didn't play nice with HTTPS Everywhere and he dropped the idea: #18

However, maybe this is just out of scope for the extension, because we'd basically be re-creating TamperMonkey here.