Open charlessuh opened 3 months ago
charlessuh
commented
3 months ago One interesting strategy I noticed Noir is using is to embed a helper script like <script id="noir-helper" class="noir noir-helper" src="safari-web-extension://E0D31760-3AB2-4B4D-B79D-58B41AF2DEFD/dist/noirhelper.js"></script>, which seems to get around CSP.
Maybe you could communicate from the content script <-> page helper script using a custom event or some other mechanism.
Versty
commented
2 months ago @charlessuh Thank you for reporting! Could you please provide examples of problematic websites?
Versty
commented
1 month ago @charlessuh Any updates?
Versty
commented
1 month ago @charlessuh We have discussed this issue with development team. We are currently working towards this direction, will do our best to improve this behaviour in future versions.
Please answer the following questions for yourself before submitting an issue
AdGuard version
4.5.5
Environment
Ad Blocking
No response
Privacy
No response
Social
No response
Annoyances
No response
Security
No response
Other
No response
Language-specific
No response
Advanced protection for Safari
Which DNS server do you use?
DNS protection disabled
DNS protocol
DNS protection disabled
Custom DNS
No response
DNS filtering
Custom DNS filter
No response
DNS implementation
DNS protection disabled
Tunnel mode
DNS protection disabled
Low-level settings
Bootstrap server: Fallback server: Blocking mode, etc:
Issue Details
This was (partially) fixed in the Safari repo:
Expected Behavior
No response
Actual Behavior
The following code doesn't work on a website using CSP to restrict inline scripts:
https://github.com/AdguardTeam/AdguardForiOS/blob/25f8f104b1f775f3a2abc2f160db3eb40adffa07/AdguardExtension/SafariWebExtension/extension/src/pages/content/content.ts#L40-L56
Screenshots
No response
Additional Information
No response