search

martok / palefill

Inject Polyfills for various web technologies into pages requiring them
https://martok.github.io/palefill/
Mozilla Public License 2.0
79 stars 9 forks source link

DeepL Translator support? #13

Closed RamonUnch closed 2 years ago

RamonUnch commented 2 years ago

I would like first to thanks you about this amazing plugins that helps me to still use Basilisk instead of Chrome/Firefox. A couple of months ago DeepL translator stopped working for me using Pale Moon and Basilisk. I saw as the first error in the F12 errors log:

ReferenceError: customElements is not defined[Learn More]

I thus added those lines to the main.js file, (thinking to be clever):

    {
      selector: ["www.deepl.com"],
      fix: ["std-customElements"]
    }

So the custom element error is gone, however I now got more errors in the log;

The page was reloaded, because the character encoding declaration of the HTML document was not found when prescanning the first 1024 bytes of the file. The encoding declaration needs to be moved to be within the first 1024 bytes of the file.  
translator:47
Content Security Policy: The page’s settings blocked the loading of a resource at self (“script-src https://unpkg.com 'sha256-OwZ01+Rm14aWus1qtEB+J9IFIvCkuxScfJMBbQFlDUs=' https://unpkg.com 'sha256-OwZ01+Rm14aWus1qtEB+J9IFIvCkuxScfJMBbQFlDUs='”). Source: 
            if (typeof window.__REACT_D....  
translator:88
Content Security Policy: The page’s settings blocked the loading of a resource at self (“script-src https://unpkg.com 'sha256-OwZ01+Rm14aWus1qtEB+J9IFIvCkuxScfJMBbQFlDUs=' https://unpkg.com 'sha256-OwZ01+Rm14aWus1qtEB+J9IFIvCkuxScfJMBbQFlDUs='”). Source: 
            function initializeDapCooki....  
translator:93
Content Security Policy: The page’s settings blocked the loading of a resource at self (“script-src https://unpkg.com 'sha256-OwZ01+Rm14aWus1qtEB+J9IFIvCkuxScfJMBbQFlDUs=' https://unpkg.com 'sha256-OwZ01+Rm14aWus1qtEB+J9IFIvCkuxScfJMBbQFlDUs='”). Source: 

        (function() {
            var ....  
translator:172
Content Security Policy: The page’s settings blocked the loading of a resource at self (“script-src https://unpkg.com 'sha256-OwZ01+Rm14aWus1qtEB+J9IFIvCkuxScfJMBbQFlDUs=' https://unpkg.com 'sha256-OwZ01+Rm14aWus1qtEB+J9IFIvCkuxScfJMBbQFlDUs='”). Source: 
    (function(){
        const loc = ((....  
translator:319
Content Security Policy: The page’s settings blocked the loading of a resource at self (“script-src https://unpkg.com 'sha256-OwZ01+Rm14aWus1qtEB+J9IFIvCkuxScfJMBbQFlDUs=' https://unpkg.com 'sha256-OwZ01+Rm14aWus1qtEB+J9IFIvCkuxScfJMBbQFlDUs='”). Source: 
        (function(){
            const ....  
translator:395
Content Security Policy: The page’s settings blocked the loading of a resource at https://static.deepl.com/js/translator_early.min.$f76974.js (“script-src https://unpkg.com 'sha256-OwZ01+Rm14aWus1qtEB+J9IFIvCkuxScfJMBbQFlDUs=' https://unpkg.com 'sha256-OwZ01+Rm14aWus1qtEB+J9IFIvCkuxScfJMBbQFlDUs='”).  
(unknown)
Content Security Policy: The page’s settings blocked the loading of a resource at self (“script-src https://unpkg.com 'sha256-OwZ01+Rm14aWus1qtEB+J9IFIvCkuxScfJMBbQFlDUs=' https://unpkg.com 'sha256-OwZ01+Rm14aWus1qtEB+J9IFIvCkuxScfJMBbQFlDUs='”). Source: 
    (function(){
        var isActive =....  
translator:411
Content Security Policy: The page’s settings blocked the loading of a resource at self (“script-src https://unpkg.com 'sha256-OwZ01+Rm14aWus1qtEB+J9IFIvCkuxScfJMBbQFlDUs=' https://unpkg.com 'sha256-OwZ01+Rm14aWus1qtEB+J9IFIvCkuxScfJMBbQFlDUs='”). Source: 
    (function(){
        var isActive =....  
translator:422
Content Security Policy: The page’s settings blocked the loading of a resource at self (“script-src https://unpkg.com 'sha256-OwZ01+Rm14aWus1qtEB+J9IFIvCkuxScfJMBbQFlDUs=' https://unpkg.com 'sha256-OwZ01+Rm14aWus1qtEB+J9IFIvCkuxScfJMBbQFlDUs='”). Source: onclick attribute on BUTTON element.  
translator
Content Security Policy: The page’s settings blocked the loading of a resource at self (“script-src https://unpkg.com 'sha256-OwZ01+Rm14aWus1qtEB+J9IFIvCkuxScfJMBbQFlDUs=' https://unpkg.com 'sha256-OwZ01+Rm14aWus1qtEB+J9IFIvCkuxScfJMBbQFlDUs='”). Source: 
        if (!(!!window.MSInputMethodCon....  
translator:459
Content Security Policy: The page’s settings blocked the loading of a resource at self (“script-src https://unpkg.com 'sha256-OwZ01+Rm14aWus1qtEB+J9IFIvCkuxScfJMBbQFlDUs=' https://unpkg.com 'sha256-OwZ01+Rm14aWus1qtEB+J9IFIvCkuxScfJMBbQFlDUs='”). Source: 
        var dl_dropdown = {
           ....  
translator:596
Content Security Policy: The page’s settings blocked the loading of a resource at self (“script-src https://unpkg.com 'sha256-OwZ01+Rm14aWus1qtEB+J9IFIvCkuxScfJMBbQFlDUs=' https://unpkg.com 'sha256-OwZ01+Rm14aWus1qtEB+J9IFIvCkuxScfJMBbQFlDUs='”). Source: 
        window.dl_texts || (window.dl_t....  
translator:611
Content Security Policy: The page’s settings blocked the loading of a resource at self (“script-src https://unpkg.com 'sha256-OwZ01+Rm14aWus1qtEB+J9IFIvCkuxScfJMBbQFlDUs=' https://unpkg.com 'sha256-OwZ01+Rm14aWus1qtEB+J9IFIvCkuxScfJMBbQFlDUs='”). Source: if(window._initialTranslatorState && win....  
translator:625
Content Security Policy: The page’s settings blocked the loading of a resource at self (“script-src https://unpkg.com 'sha256-OwZ01+Rm14aWus1qtEB+J9IFIvCkuxScfJMBbQFlDUs=' https://unpkg.com 'sha256-OwZ01+Rm14aWus1qtEB+J9IFIvCkuxScfJMBbQFlDUs='”). Source: 
        if(window._initialTranslatorSta....  
translator:781
Content Security Policy: The page’s settings blocked the loading of a resource at self (“script-src https://unpkg.com 'sha256-OwZ01+Rm14aWus1qtEB+J9IFIvCkuxScfJMBbQFlDUs=' https://unpkg.com 'sha256-OwZ01+Rm14aWus1qtEB+J9IFIvCkuxScfJMBbQFlDUs='”). Source: 
        (function() {
            if (!....  
translator:853
Content Security Policy: The page’s settings blocked the loading of a resource at self (“script-src https://unpkg.com 'sha256-OwZ01+Rm14aWus1qtEB+J9IFIvCkuxScfJMBbQFlDUs=' https://unpkg.com 'sha256-OwZ01+Rm14aWus1qtEB+J9IFIvCkuxScfJMBbQFlDUs='”). Source: 
    dl_documentReady(function() {
     ....  
translator:865
Content Security Policy: The page’s settings blocked the loading of a resource at self (“script-src https://unpkg.com 'sha256-OwZ01+Rm14aWus1qtEB+J9IFIvCkuxScfJMBbQFlDUs=' https://unpkg.com 'sha256-OwZ01+Rm14aWus1qtEB+J9IFIvCkuxScfJMBbQFlDUs='”). Source: 
        window.LMT_WebTranslator_Instan....  
translator:902
Content Security Policy: The page’s settings blocked the loading of a resource at https://static.deepl.com/js/sentry.min.$52b0f5.js (“script-src https://unpkg.com 'sha256-OwZ01+Rm14aWus1qtEB+J9IFIvCkuxScfJMBbQFlDUs=' https://unpkg.com 'sha256-OwZ01+Rm14aWus1qtEB+J9IFIvCkuxScfJMBbQFlDUs='”).  
(unknown)
Content Security Policy: The page’s settings blocked the loading of a resource at https://static.deepl.com/js/ext/all3.min.$16b60e.js (“script-src https://unpkg.com 'sha256-OwZ01+Rm14aWus1qtEB+J9IFIvCkuxScfJMBbQFlDUs=' https://unpkg.com 'sha256-OwZ01+Rm14aWus1qtEB+J9IFIvCkuxScfJMBbQFlDUs='”).  
(unknown)
Content Security Policy: The page’s settings blocked the loading of a resource at https://static.deepl.com/js/utils.chunk.$ed0c4a.js (“script-src https://unpkg.com 'sha256-OwZ01+Rm14aWus1qtEB+J9IFIvCkuxScfJMBbQFlDUs=' https://unpkg.com 'sha256-OwZ01+Rm14aWus1qtEB+J9IFIvCkuxScfJMBbQFlDUs='”).  
(unknown)
Content Security Policy: The page’s settings blocked the loading of a resource at https://static.deepl.com/js/vendor.chunk.$c44191.js (“script-src https://unpkg.com 'sha256-OwZ01+Rm14aWus1qtEB+J9IFIvCkuxScfJMBbQFlDUs=' https://unpkg.com 'sha256-OwZ01+Rm14aWus1qtEB+J9IFIvCkuxScfJMBbQFlDUs='”).  
(unknown)
Content Security Policy: The page’s settings blocked the loading of a resource at https://static.deepl.com/js/common.chunk.$2d1c41.js (“script-src https://unpkg.com 'sha256-OwZ01+Rm14aWus1qtEB+J9IFIvCkuxScfJMBbQFlDUs=' https://unpkg.com 'sha256-OwZ01+Rm14aWus1qtEB+J9IFIvCkuxScfJMBbQFlDUs='”).  
(unknown)
Content Security Policy: The page’s settings blocked the loading of a resource at https://static.deepl.com/js/translator_late.min.$12f916.js (“script-src https://unpkg.com 'sha256-OwZ01+Rm14aWus1qtEB+J9IFIvCkuxScfJMBbQFlDUs=' https://unpkg.com 'sha256-OwZ01+Rm14aWus1qtEB+J9IFIvCkuxScfJMBbQFlDUs='”).  
(unknown)
Content Security Policy: The page’s settings blocked the loading of a resource at https://static.deepl.com/js/webVitals.min.$2cc2fa.js (“script-src https://unpkg.com 'sha256-OwZ01+Rm14aWus1qtEB+J9IFIvCkuxScfJMBbQFlDUs=' https://unpkg.com 'sha256-OwZ01+Rm14aWus1qtEB+J9IFIvCkuxScfJMBbQFlDUs='”).  
(unknown)
Content Security Policy: The page’s settings blocked the loading of a resource at https://static.deepl.com/js/cookieBanner.min.$33b880.js (“script-src https://unpkg.com 'sha256-OwZ01+Rm14aWus1qtEB+J9IFIvCkuxScfJMBbQFlDUs=' https://unpkg.com 'sha256-OwZ01+Rm14aWus1qtEB+J9IFIvCkuxScfJMBbQFlDUs='”).  
(unknown)
Content Security Policy: The page’s settings blocked the loading of a resource at https://static.deepl.com/js/footer.min.$5f82eb.js (“script-src https://unpkg.com 'sha256-OwZ01+Rm14aWus1qtEB+J9IFIvCkuxScfJMBbQFlDUs=' https://unpkg.com 'sha256-OwZ01+Rm14aWus1qtEB+J9IFIvCkuxScfJMBbQFlDUs='”).  
(unknown)
Content Security Policy: The page’s settings blocked the loading of a resource at self (“script-src https://unpkg.com 'sha256-OwZ01+Rm14aWus1qtEB+J9IFIvCkuxScfJMBbQFlDUs=' https://unpkg.com 'sha256-OwZ01+Rm14aWus1qtEB+J9IFIvCkuxScfJMBbQFlDUs='”). Source: 
        M.define('LMT_InitializedWebTra....  
translator:949
Content Security Policy: The page’s settings blocked the loading of a resource at self (“script-src https://unpkg.com 'sha256-OwZ01+Rm14aWus1qtEB+J9IFIvCkuxScfJMBbQFlDUs=' https://unpkg.com 'sha256-OwZ01+Rm14aWus1qtEB+J9IFIvCkuxScfJMBbQFlDUs='”). Source: 
M.requireAsync(['H2', 'dlPageState'], f....  
translator:971
Content Security Policy: The page’s settings blocked the loading of a resource at self (“script-src https://unpkg.com 'sha256-OwZ01+Rm14aWus1qtEB+J9IFIvCkuxScfJMBbQFlDUs=' https://unpkg.com 'sha256-OwZ01+Rm14aWus1qtEB+J9IFIvCkuxScfJMBbQFlDUs='”). Source: 
M.requireAsync(['H2', 'dlPageState'], f....  
translator:978
Content Security Policy: The page’s settings blocked the loading of a resource at https://static.deepl.com/js/busyIndicator.min.$ba9bdd.js (“script-src https://unpkg.com 'sha256-OwZ01+Rm14aWus1qtEB+J9IFIvCkuxScfJMBbQFlDUs=' https://unpkg.com 'sha256-OwZ01+Rm14aWus1qtEB+J9IFIvCkuxScfJMBbQFlDUs='”).  
(unknown)
Content Security Policy: The page’s settings blocked the loading of a resource at self (“script-src https://unpkg.com 'sha256-OwZ01+Rm14aWus1qtEB+J9IFIvCkuxScfJMBbQFlDUs=' https://unpkg.com 'sha256-OwZ01+Rm14aWus1qtEB+J9IFIvCkuxScfJMBbQFlDUs='”). Source: 
if (window.dl_texts) { Object.assign(wi....  
translator:1019
Content Security Policy: The page’s settings blocked the loading of a resource at https://static.deepl.com/js/translatorFeatures.min.$4bb2ce.js (“script-src https://unpkg.com 'sha256-OwZ01+Rm14aWus1qtEB+J9IFIvCkuxScfJMBbQFlDUs=' https://unpkg.com 'sha256-OwZ01+Rm14aWus1qtEB+J9IFIvCkuxScfJMBbQFlDUs='”).  
(unknown)
Content Security Policy: The page’s settings blocked the loading of a resource at https://static.deepl.com/js/ext/shariff.min.$adfca3.js (“script-src https://unpkg.com 'sha256-OwZ01+Rm14aWus1qtEB+J9IFIvCkuxScfJMBbQFlDUs=' https://unpkg.com 'sha256-OwZ01+Rm14aWus1qtEB+J9IFIvCkuxScfJMBbQFlDUs='”).  
(unknown)
Content Security Policy: The page’s settings blocked the loading of a resource at self (“script-src https://unpkg.com 'sha256-OwZ01+Rm14aWus1qtEB+J9IFIvCkuxScfJMBbQFlDUs=' https://unpkg.com 'sha256-OwZ01+Rm14aWus1qtEB+J9IFIvCkuxScfJMBbQFlDUs='”). Source: 
        M.define('Shariff', [], functio....  
translator:1034
Content Security Policy: The page’s settings blocked the loading of a resource at self (“script-src https://unpkg.com 'sha256-OwZ01+Rm14aWus1qtEB+J9IFIvCkuxScfJMBbQFlDUs=' https://unpkg.com 'sha256-OwZ01+Rm14aWus1qtEB+J9IFIvCkuxScfJMBbQFlDUs='”). Source: 
      M.requireAsync([
        'LMT_Ini....  
translator:1039

So I still cannot use deepl translator, it is a bit sad because I do prefer it over google translate, I thus have to use a separate Firefox windows Just for this page...

I have No knowledge in term of JS programming, so sorry If I am asking something stupid. My question is: Would it be possible to fix the problem? It seems there is an integrity check on the script, maybe there is a way to bypass it? I am doing something wrong? I am even supposed to add more websites to the main.js file?

martok commented 2 years ago

Hi! Thank you for this report, I have an idea what's going on here, but need to find a bit of time to test it.

I have long suspected that something in Palemoon's handling of CSP is more strict than anyone else, it often rejects scripts that should be allowed by the CSP it prints in the same error message. Not in this case though, the double entries in the list seem like something is buggy. Also, clearly self should be added as a source or the new override blocks all existing scripts.

martok commented 2 years ago

Alright, this may be a bit overengineered now, but we should now correctly merge policies even for sites that don't use script integrity by themselves. Release 1.8 should be rolling out via the updater (if I didn't make a mistake in the update.xml as in the past releases...), let me know if it works!

Technical details:

I am doing something wrong? I am even supposed to add more websites to the main.js file?

You were doing the correct thing (at least for now: not the most friendly design, but so far most fixes have required dedicated code anyway...), but then a bug in the very simple content-security-policy handling in the addon occured. DeepL sets a frame-ancestors policy to prevent embedding, which the previous version had interpreted as "CSPs are used, so we must extend them". Adding a script-src policy that just allows the injected customElements polyfill then essentially blocked all scripts on the site, which is obviously bad :wink: The policies are now fully parsed and merged, but only if the site used them before.

RamonUnch commented 2 years ago

Amazing work! Thanks so much, DeepL works perfectly now!