Add an option to configure allowed "trust" level for a filter list

[ameshkov]

Currently, we keep a huge list of exclusions that are applied to all third-party filter lists, but not to ours (see "General exclusions" there): https://github.com/AdguardTeam/FiltersRegistry/blob/master/filters/exclusions.txt

Instead of this list, we should introduce a concept of a "trust" level that can be configurable in the filter list's metadata.json.

Here are the possible values for it:

• low - default level, we should use it when "trust" property is not configured at all.
• high - trusted third-party filter lists, we allow some advanced rules from there.
• full - all types of filter rules are allowed. Only AdGuard filters have full trust at the moment.

Types of rules allowed or disallowed by the trust level:

• JS rules (#%#, #@%#, but not scriptlets(!)) - full
• $replace rules - full
• Scriptlets (#%#//scriptlet, ##+js, #$# (ABP)) -- high, full
• $redirect and $rewrite:abp-resource -- low, high, full

Here's what we should keep in the general exclusions:

!##################################################
!############### General exclusions ###############
!##################################################
! Excluding unsupported modifiers and rules
:xpath(
(:scope
##script:inject
! These rules should be converted automatically
##^
##+js
##script:inject

Please note, that ##^, ##+js, and ##script:inject should be converted automatically so they won't be actually excluded, see https://github.com/AdguardTeam/FiltersCompiler/issues/52 and https://github.com/AdguardTeam/FiltersCompiler/issues/60

[krystian3w]

html filtering: What level of trust for html filtering? #60 / https://github.com/AdguardTeam/FiltersRegistry/issues/280

[ameshkov]

@krystian3w should be allowed in low level

[Yuki2718]

Does AdGuard's css filter #$# work without Trusted checked? Tried to test but failed because generic injection of #$#, which I added in my personal list, is apparently not allowed.

[Alex-302]

Is the rule in user rules, or added in custom filter?

[Alex-302]

@Yuki2718

[Yuki2718]

@Alex-302 Custom list

[Alex-302]

CSS rules need to be allowed when you import filter.

[Yuki2718]

@Alex-302 You mean user must check the Trusted box?

[Alex-302]

Yes. For the case if foreign filter is used(protection from dangerous JS).

[Yuki2718]

Okay, thanks!

[ameshkov]

@Alex-302 foreign -> third-party :)