Closed ghost closed 7 years ago
Can you sum up what this is, and what Shaarli should do?
AFAIK it requires that all javascript loaded by pages
@fturco can you confirm? Can you send a sample output of LIbreJS when loading a Shaarli page?
The goal of the LibreJS project is to ensure that all JavaScript run in one's browser is freely licensed.
GNU LibreJS aims to address the JavaScript problem described in Richard Stallman's article The JavaScript Trap. LibreJS is a free add-on for GNU IceCat and other Mozilla-based browsers. It blocks nonfree nontrivial JavaScript while allowing JavaScript that is free and/or trivial.
If a user has the LibreJS add-on installed, then their browser will only load and run JS if the JS is specified in a certain way. This involves adding a little bit of HTML to each page that, when read by LibreJS later, indicates the JavaScript code is freely licensed.
List of blocked JavaScript in http://localhost.lan/shaarli/
Whitelist
This script is detected as inline, nonfree, defining functions or methods, and the rest of the page as loading external scripts
[{"attribute":"onclick","value":"document.location='?';"}]
Whitelist
This script is detected as inline, nonfree, defining functions or methods, and the rest of the page as loading external scripts
[{"attribute":"onclick","value":"showQrCode(this); return false;"}]
WhitelistNONTRIVIAL: innerHTML identifier
http://localhost.lan/shaarli/plugins/qrcode/shaarli-qrcode.js
WhitelistNONTRIVIAL: an open method similar to xhr.open is used
http://localhost.lan/shaarli/inc/awesomplete.min.js
List of accepted JavaScript in http://localhost.lan/shaarli/
LibreJS did not allow the execution of any scripts on this page: '
There may be no scripts on this page (check source, C-u)
The inline and on-page JavaScript code may not be free and/or may not have proper license information and external scripts (if present) may have been removed by default.
External scripts may not be free and/or may not have proper licensing and are not part of the whitelist of free JavaScript libraries.
Thanks @fturco & @dper for the suggestion and explanations ;-)
Shaarli currently uses:
That being said, providing JavaScript License Web Labels is quite straightforward and could be part of the next release (0.7.0).
More likely 0.8 with templates.
On our side, Shaarli's compatible with LibreJS. However, there are two issues on LibreJS for this to work:
I've contacted them through their mailing list.
I'm closing this issue. Feel free to reopen if new elements comes up.
It would be good if Shaarli supported LibreJS, a Firefox extension for blocking non-free non-trivial javascript code.