search

AdguardTeam / Scriptlets

AdGuard scriptlets library
GNU General Public License v3.0
147 stars 29 forks source link

Improve 'trusted-set-cookie' / 'trusted-set-local-storage-item' — add ability to specify base64 as encoding #307

Open contribucious opened 1 year ago

contribucious commented 1 year ago

Steps to reproduce

  1. Add this user rule: 
    @@||www.coolblue.be^$important,document
  2. Go to https://www.coolblue.be/en and refuse cookies.
  3. Observe the apparition of a new cookie-preferences cookie with this value: 
    eyJmdW5jdGlvbmFsIjp0cnVlLCJhbmFseXRpY2FsIjp0cnVlLCJtYXJrZXRpbmciOmZhbHNlfQ%3D%3D

Goal

Replacing this rule (comment included):  #ᴄʀʏᴘᴛɪᴄ

! Base64 value for: {"functional":true,"analytical":true,"marketing":false}
coolblue.be#%#//scriptlet('trusted-set-cookie', 'cookie-preferences',
'eyJmdW5jdGlvbmFsIjp0cnVlLCJhbmFseXRpY2FsIjp0cnVlLCJtYXJrZXRpbmciOmZhbHNlfQ==')

By this one (self-explanatory for readers):  #ᴛʀᴀɴꜱᴘᴀʀᴇɴᴛ

coolblue.be#%#//scriptlet('trusted-set-cookie', 'cookie-preferences',
'base64:{"functional":true,"analytical":true,"marketing":false}')

 

_:writinghand: Remarks

  1. Possibly use a dedicated parameter instead.

  2. ~~Consider in addition a variant that does not use encodeURIComponent for storing base64 value, for some websites reading the string directly in atob.~~ - That is, the stored value will therefore include == instead of %3D%3D at the end.

    ↪️ Variant not anymore required. All situations will be handled correctly if this commit is finally merged: get rid of encodeURIComponent for trusted-set-cookie-* scriptlets. As raw/pure base64 value generated by AdGuard will always be readable by the website: whether the latter uses for reading atob, atob+decodeURIComponent, etc.

  3. Should also apply to:

    • the similar one trusted-set-cookie-reload;
    • and, ideally, trusted-set-local-storage-item too.

 

Hi and thanks in advance! :v:

contribucious commented 1 year ago

1. Possibly use a dedicated parameter instead.

💡 Or … a new "comma-separated" advancedOptions final parameter (code and wiki), which can include in it as={plaintext|base64} or maybe encoding={none|base64} — the former in the sense of "to store value as …", of course.

↪️ Probably both more flexible (especially to add support for the described variant in addition) and more future-proof. ☺️

Alex-302 commented 1 year ago

But we can convert a scring to BASE64 using tools.

contribucious commented 1 year ago

Of course. Even web tools, easily. But the goal is to have self-explanatory rules for these cases (that is, no need to have an additional comment describing the cryptic content to readers).

↬ It's mainly for adding clarity and transparency to public filters (i.e. those read by people), more so than for local filters. 🙂

contribucious commented 1 year ago

Issue clarified just now (goal better explained). ✔️