Javascript whitelist

[nmeum]

Uzbl already supports a cookie white/blacklist. I would appreciate it if it would support a javascript white/blacklist too.

[mathstuf]

On Sun, Feb 02, 2014 at 04:02:28 -0800, nmeum wrote:

Uzbl already supports a cookie white/blacklist. I would appreciate it if it would support a javascript white/blacklist too.

Agreed. Unfortunately, WebKitGTK doesn't give us such control. The best solution that I've been able to come up with is something like RequestPolicy[1] which can be implemented[2]. This can be used to block external JS, but in-page JS will always (AFAICT) be executed unless WebKitGTK exposes signals for every JS invokation (which would be expensive and probably not worth it).

[1]https://www.requestpolicy.com/ [2]I've started, but performance is abysmal :( .

[nmeum]

The xombrero webbrowser is also built on top of webkit and it does have a javascript whitlelist (IRC it also blocks the execution of in-page JS). I don't know how they implemented it, but maybe you could get inspired by their implementation if you read the source code. Unfortunately, I don't have enough C skills to do so, otherwise I would help you with this issue.

[mathstuf]

Looking at the code, it's a per-site thing, not a per-script setting. Basically, it checks URIs against the lists and toggles enable_scripts based on that. The per-site-settings.py should do the same thing (it executes uzbl commands based on the URI, so you can disable scripts by default then turn it on later).

[mathstuf]

This can be solved with per-site-settings.py:

*
    *
        set enable_scripts 0
jsallowedsite.com
    /path/to/allowed/pages
        set enable_scripts 1

Just wild-card match everything to disable scripts up front then enable it based on the host and path.