Copy/pasting here a comment I made yesterday in Teams after I pondered this for a while:
gorhill May 22, 2018, 10:19 AM EDT
I won't implementing this filter option, I see too many issues with it. I am however open to implement a different filter option with similar purpose, but which would not suffer the issues I see with how
Security: testing same origin for redirect URL is not enough: both
Security: even with strictly same origin, a malicious filter list author could add bad stuff to a network request.
Given these concerns, I see a better way to implement similar option but with a more focused purpose: to remove specific query parameters from a URL:
Sticking to remove query parameters takes care of the ownership and malicious filter list author issue for the most part -- the filter removes query parameters, it can never rewrite them into something else.
The performance concern no longer exist with such filter, since it does not have to be a regex. The value of the
Now this does not remove some other concerns I see with
One is that it is designed as a block filter.
What if I really want to block using
My current thinking is that a
Anyway, as said I still need more than just one case to be an argument for such filter -- the last thing I want is to add technical debt to uBO for little tangible benefits overall. Note that a site could simply convert their
Also ABP code can handle
and other cases (utm_*) can be handled by specialized URL redirecting extensions.
Also I don't see how the new ABP build can get pass AMO review since it allow injection of arbitrary script. (Or I'm missed something?)
The background script of uBO-Extra can be made configurable (unlike the content script), so we can include a switch to enable / disable part of its URL rewriting rules.
Exception filters also obey the first-match rule. You could end up with another exception filter such that the
A scriptlet for that specific purpose seems to be the right approach (an XMLHttpRequest wrapper to remove query parameters), it's injected only on sites where it's needed, can be excepted, and adds no global overhead to network request handling.