diff --git a/CHANGELOG.md b/CHANGELOG.md index 5f48b2420..e497265ea 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,9 @@ Sometimes the changelog has notes (not comprehensive) acknowledging people's wor ### v1.11.34 +**v1.11.34.8** *(2016-06-03)* - [[Firefox](https://raw.githubusercontent.com/ccd0/4chan-x/1.11.34.8/builds/4chan-X-noupdate.user.js "Firefox version")] [[Chromium](https://raw.githubusercontent.com/ccd0/4chan-x/1.11.34.8/builds/4chan-X-noupdate.crx "Chromium version")] +- Replace malicious ad blacklist with a Javascript whitelist, which can be configured on the `Advanced` settings tab. + **v1.11.34.7** *(2016-05-21)* - [[Firefox](https://raw.githubusercontent.com/ccd0/4chan-x/1.11.34.7/builds/4chan-X-noupdate.user.js "Firefox version")] [[Chromium](https://raw.githubusercontent.com/ccd0/4chan-x/1.11.34.7/builds/4chan-X-noupdate.crx "Chromium version")] - Merge v1.11.33.7: Fix blinking in older browsers. - Merge v1.11.33.7: Allow 4chan's blinking animations to work. diff --git a/builds/4chan-X-beta.crx b/builds/4chan-X-beta.crx index ded5d0d6a..c4a5b41de 100644 Binary files a/builds/4chan-X-beta.crx and b/builds/4chan-X-beta.crx differ diff --git a/builds/4chan-X-beta.meta.js b/builds/4chan-X-beta.meta.js index b5580cc4d..ecf547742 100644 --- a/builds/4chan-X-beta.meta.js +++ b/builds/4chan-X-beta.meta.js @@ -1,6 +1,6 @@ // ==UserScript== // @name 4chan X beta -// @version 1.11.34.7 +// @version 1.11.34.8 // @minGMVer 1.14 // @minFFVer 26 // @namespace 4chan-X diff --git a/builds/4chan-X-beta.user.js b/builds/4chan-X-beta.user.js index 7ac659807..c1b7b47ed 100644 --- a/builds/4chan-X-beta.user.js +++ b/builds/4chan-X-beta.user.js @@ -1,6 +1,6 @@ // ==UserScript== // @name 4chan X beta -// @version 1.11.34.7 +// @version 1.11.34.8 // @minGMVer 1.14 // @minFFVer 26 // @namespace 4chan-X @@ -134,7 +134,7 @@ docSet = function() { }; g = { - VERSION: '1.11.34.7', + VERSION: '1.11.34.8', NAMESPACE: '4chan X.', boards: {} }; @@ -397,6 +397,7 @@ Config = (function() { 'QR.personas': "#options:\"sage\";boards:jp;always", sjisPreview: false }, + jsWhitelist: 'http://s.4cdn.org\nhttps://s.4cdn.org\nhttp://www.google.com\nhttps://www.google.com\nhttps://www.gstatic.com\n\'unsafe-inline\'\n\'unsafe-eval\'', captchaLanguage: '', time: '%m/%d/%y(%a)%H:%M:%S', backlink: '>>%id', @@ -4122,6 +4123,22 @@ $ = (function() { return style; }; + $.addCSP = function(policy) { + var head, meta; + meta = $.el('meta', { + httpEquiv: 'Content-Security-Policy', + content: policy + }); + if (d.head) { + $.add(d.head, meta); + return $.rm(meta); + } else { + head = $.add(doc || d, $.el('head')); + $.add(head, meta); + return $.rm(head); + } + }; + $.x = function(path, root) { root || (root = d.body); return d.evaluate(path, root, null, 8, null).singleNodeValue; @@ -4349,18 +4366,21 @@ $ = (function() { } })(); - $.globalEval = function(code) { + $.globalEval = function(code, data) { var script; script = $.el('script', { textContent: code }); + if (data) { + $.extend(script.dataset, data); + } $.add(d.head || doc, script); return $.rm(script); }; - $.global = function(fn) { + $.global = function(fn, data) { if (doc) { - return $.globalEval("(" + fn + ")();"); + return $.globalEval("(" + fn + ")();", data); } else { return fn(); } @@ -10342,7 +10362,7 @@ Settings = (function() { advanced: function(section) { var applyCSS, boardSelect, customCSS, event, input, inputs, interval, items, itemsArchive, j, k, l, len, len1, len2, len3, m, name, ref, ref1, ref2, ref3, table, updateArchives, warning; $.extend(section, { - innerHTML: "
Archives
404 Redirect is disabled.
Thread redirectionPost fetchingFile redirection

Archive Lists: Each line below should be an archive list in this format or a URL to load an archive list from.
Archive properties can be overriden by another item with the same uid (or if absent, its name).
Last updated:
Captcha Language
Choose from list of language codes. Leave blank to autoselect.
Custom Board Navigation
New lines will be converted into spaces.

In the following examples for /g/, g can be changed to a different board ID (a, b, etc...), the current board (current), or the Twitter link (@).
Board link: g
Archive link: g-archive
Internal archive link: g-expired
Title link: g-title
Board link (Replace with title when on that board): g-replace
Full text link: g-full
Custom text link: g-text:"Install Gentoo"
Index-only link: g-index
Catalog-only link: g-catalog
Index mode: g-mode:"infinite scrolling"
Index sort: g-sort:"creation date"
External link: external-text:"Google","http://www.google.com"
Combinations are possible: g-index-text:"Technology Index"
Full board list toggle: toggle-all

[ toggle-all ] [current-title] [g-title / a-title / jp-title] [x / wsg / h] [t-text:"Piracy"]
will give you
[ + ] [Technology] [Technology / Anime & Manga / Otaku Culture] [x / wsg / h] [Piracy]
if you are on /g/.
Time Formatting is disabled.
:
Supported format specifiers:
Day: %a, %A, %d, %e
Month: %m, %b, %B
Year: %y, %Y
Hour: %k, %H, %l, %I, %p, %P
Minute: %M
Second: %S
Literal %: %%
Quote Backlinks formatting is disabled.
:
File Info Formatting is disabled.
:
Link: %l (truncated), %L (untruncated), %T (4chan filename)
Filename: %n (truncated), %N (untruncated), %t (4chan filename)
Download button: %d
Spoiler indicator: %p
Size: %B (Bytes), %K (KB), %M (MB), %s (4chan default)
Resolution: %r (Displays 'PDF' for PDF files)
Tag: %g
Literal %: %%
Quick Reply Personas

One item per line.
Items will be added in the relevant input's auto-completion list.
Password items will always be used, since there is no password input.
Lines starting with a # will be ignored.

Unread Favicon is disabled.
Thread Updater is disabled.
Interval: seconds
Custom Cooldown Time
Seconds:
" + innerHTML: "
Archives
404 Redirect is disabled.
Thread redirectionPost fetchingFile redirection

Archive Lists: Each line below should be an archive list in this format or a URL to load an archive list from.
Archive properties can be overriden by another item with the same uid (or if absent, its name).
Last updated:
Captcha Language
Choose from list of language codes. Leave blank to autoselect.
Custom Board Navigation
New lines will be converted into spaces.

In the following examples for /g/, g can be changed to a different board ID (a, b, etc...), the current board (current), or the Twitter link (@).
Board link: g
Archive link: g-archive
Internal archive link: g-expired
Title link: g-title
Board link (Replace with title when on that board): g-replace
Full text link: g-full
Custom text link: g-text:"Install Gentoo"
Index-only link: g-index
Catalog-only link: g-catalog
Index mode: g-mode:"infinite scrolling"
Index sort: g-sort:"creation date"
External link: external-text:"Google","http://www.google.com"
Combinations are possible: g-index-text:"Technology Index"
Full board list toggle: toggle-all

[ toggle-all ] [current-title] [g-title / a-title / jp-title] [x / wsg / h] [t-text:"Piracy"]
will give you
[ + ] [Technology] [Technology / Anime & Manga / Otaku Culture] [x / wsg / h] [Piracy]
if you are on /g/.
Time Formatting is disabled.
:
Supported format specifiers:
Day: %a, %A, %d, %e
Month: %m, %b, %B
Year: %y, %Y
Hour: %k, %H, %l, %I, %p, %P
Minute: %M
Second: %S
Literal %: %%
Quote Backlinks formatting is disabled.
:
File Info Formatting is disabled.
:
Link: %l (truncated), %L (untruncated), %T (4chan filename)
Filename: %n (truncated), %N (untruncated), %t (4chan filename)
Download button: %d
Spoiler indicator: %p
Size: %B (Bytes), %K (KB), %M (MB), %s (4chan default)
Resolution: %r (Displays 'PDF' for PDF files)
Tag: %g
Literal %: %%
Quick Reply Personas

One item per line.
Items will be added in the relevant input's auto-completion list.
Password items will always be used, since there is no password input.
Lines starting with a # will be ignored.

Unread Favicon is disabled.
Thread Updater is disabled.
Interval: seconds
Custom Cooldown Time
Seconds:
Javascript Whitelist
Sources from which Javascript is allowed to be loaded by Content Security Policy.
" }); ref = $$('.warning', section); for (j = 0, len = ref.length; j < len; j++) { @@ -10361,7 +10381,7 @@ Settings = (function() { return $.id('lastarchivecheck').textContent = 'never'; }); items = {}; - ref2 = ['archiveLists', 'archiveAutoUpdate', 'captchaLanguage', 'boardnav', 'time', 'backlink', 'fileInfo', 'QR.personas', 'favicon', 'usercss', 'customCooldown']; + ref2 = ['archiveLists', 'archiveAutoUpdate', 'captchaLanguage', 'boardnav', 'time', 'backlink', 'fileInfo', 'QR.personas', 'favicon', 'usercss', 'customCooldown', 'jsWhitelist']; for (l = 0, len2 = ref2.length; l < len2; l++) { name = ref2[l]; items[name] = Conf[name]; @@ -22440,9 +22460,9 @@ Main = (function() { } window['4chan X antidup'] = true; if (location.hostname === 'www.google.com') { - $.get('Captcha Fixes', true, function(arg) { + $.get('Captcha Fixes', true, function(arg1) { var enabled; - enabled = arg['Captcha Fixes']; + enabled = arg1['Captcha Fixes']; if (enabled) { return $.ready(function() { return Captcha.fixes.init(); @@ -22451,34 +22471,6 @@ Main = (function() { }); return; } - $.global(function() { - var j, len, nuke, prop, ref; - nuke = function(obj, prop) { - try { - return Object.defineProperty(obj, prop, { - configurable: false, - get: function() { - throw new Error(); - }, - set: function() { - throw new Error(); - } - }); - } catch (_error) {} - }; - ref = ['atOptions', 'adsterra_key', 'EpmadsConfig', 'epmads_key', 'EpomConfig', 'epom_key', 'exoDocumentProtocol', 'supp_key']; - for (j = 0, len = ref.length; j < len; j++) { - prop = ref[j]; - nuke(window, prop); - } - }); - $.on(window, 'beforescriptexecute', function(e) { - var host, ref, ref1; - host = (ref = e.target.src.split('/')[2]) != null ? (ref1 = ref.match(/[^.]+\.[^.]+$/)) != null ? ref1[0] : void 0 : void 0; - if (host === 'bnhtml.com' || host === 'ecpmrocks.com' || host === 'advertisation.com' || host === 'exoclick.com' || host === 'n298adserv.com') { - return e.preventDefault(); - } - }); $.on(d, '4chanXInitFinished', function() { if (Main.expectInitFinished) { return delete Main.expectInitFinished; @@ -22515,14 +22507,51 @@ Main = (function() { Conf['Except Archives from Encryption'] = false; Conf['JSON Navigation'] = true; Conf['Oekaki Links'] = true; + $.global(function() { + var k, key, len1, oldFun, ref1, whitelist; + whitelist = document.currentScript.dataset.whitelist; + whitelist = whitelist.split('\n').filter(function(x) { + return x[0] !== "'"; + }); + oldFun = {}; + ref1 = ['createElement', 'write']; + for (k = 0, len1 = ref1.length; k < len1; k++) { + key = ref1[k]; + oldFun[key] = document[key]; + document[key] = (function(key) { + return function(arg) { + var s; + s = document.currentScript; + if (s && s.src && whitelist.indexOf(s.src.split('/').slice(0, 3).join('/')) < 0) { + throw Error(); + } + return oldFun[key].call(document, arg); + }; + })(key); + } + return document.addEventListener('csp-ready', function() { + var results; + results = []; + for (key in oldFun) { + results.push(document[key] = oldFun[key]); + } + return results; + }, false); + }, { + whitelist: Conf['jsWhitelist'] + }); items = {}; for (key in Conf) { items[key] = void 0; } items['previousversion'] = void 0; return $.get(items, function(items) { + var jsWhitelist, ref1; + jsWhitelist = (ref1 = items['jsWhitelist']) != null ? ref1 : Conf['jsWhitelist']; + $.addCSP("script-src " + (jsWhitelist.replace(/[\s;]+/g, ' '))); + $.event('csp-ready'); return $.asap(docSet, function() { - var ref1, val; + var ref2, val; if ($.cantSet) { } else if (items.previousversion == null) { @@ -22535,7 +22564,7 @@ Main = (function() { } for (key in Conf) { val = Conf[key]; - Conf[key] = (ref1 = items[key]) != null ? ref1 : val; + Conf[key] = (ref2 = items[key]) != null ? ref2 : val; } return Main.initFeatures(); }); diff --git a/builds/4chan-X-noupdate.crx b/builds/4chan-X-noupdate.crx index 2cb3c3525..a2706a1db 100644 Binary files a/builds/4chan-X-noupdate.crx and b/builds/4chan-X-noupdate.crx differ diff --git a/builds/4chan-X-noupdate.user.js b/builds/4chan-X-noupdate.user.js index c76f684aa..9a253cd5b 100644 --- a/builds/4chan-X-noupdate.user.js +++ b/builds/4chan-X-noupdate.user.js @@ -1,6 +1,6 @@ // ==UserScript== // @name 4chan X -// @version 1.11.34.7 +// @version 1.11.34.8 // @minGMVer 1.14 // @minFFVer 26 // @namespace 4chan-X @@ -134,7 +134,7 @@ docSet = function() { }; g = { - VERSION: '1.11.34.7', + VERSION: '1.11.34.8', NAMESPACE: '4chan X.', boards: {} }; @@ -397,6 +397,7 @@ Config = (function() { 'QR.personas': "#options:\"sage\";boards:jp;always", sjisPreview: false }, + jsWhitelist: 'http://s.4cdn.org\nhttps://s.4cdn.org\nhttp://www.google.com\nhttps://www.google.com\nhttps://www.gstatic.com\n\'unsafe-inline\'\n\'unsafe-eval\'', captchaLanguage: '', time: '%m/%d/%y(%a)%H:%M:%S', backlink: '>>%id', @@ -4122,6 +4123,22 @@ $ = (function() { return style; }; + $.addCSP = function(policy) { + var head, meta; + meta = $.el('meta', { + httpEquiv: 'Content-Security-Policy', + content: policy + }); + if (d.head) { + $.add(d.head, meta); + return $.rm(meta); + } else { + head = $.add(doc || d, $.el('head')); + $.add(head, meta); + return $.rm(head); + } + }; + $.x = function(path, root) { root || (root = d.body); return d.evaluate(path, root, null, 8, null).singleNodeValue; @@ -4349,18 +4366,21 @@ $ = (function() { } })(); - $.globalEval = function(code) { + $.globalEval = function(code, data) { var script; script = $.el('script', { textContent: code }); + if (data) { + $.extend(script.dataset, data); + } $.add(d.head || doc, script); return $.rm(script); }; - $.global = function(fn) { + $.global = function(fn, data) { if (doc) { - return $.globalEval("(" + fn + ")();"); + return $.globalEval("(" + fn + ")();", data); } else { return fn(); } @@ -10342,7 +10362,7 @@ Settings = (function() { advanced: function(section) { var applyCSS, boardSelect, customCSS, event, input, inputs, interval, items, itemsArchive, j, k, l, len, len1, len2, len3, m, name, ref, ref1, ref2, ref3, table, updateArchives, warning; $.extend(section, { - innerHTML: "
Archives
404 Redirect is disabled.
Thread redirectionPost fetchingFile redirection

Archive Lists: Each line below should be an archive list in this format or a URL to load an archive list from.
Archive properties can be overriden by another item with the same uid (or if absent, its name).
Last updated:
Captcha Language
Choose from list of language codes. Leave blank to autoselect.
Custom Board Navigation
New lines will be converted into spaces.

In the following examples for /g/, g can be changed to a different board ID (a, b, etc...), the current board (current), or the Twitter link (@).
Board link: g
Archive link: g-archive
Internal archive link: g-expired
Title link: g-title
Board link (Replace with title when on that board): g-replace
Full text link: g-full
Custom text link: g-text:"Install Gentoo"
Index-only link: g-index
Catalog-only link: g-catalog
Index mode: g-mode:"infinite scrolling"
Index sort: g-sort:"creation date"
External link: external-text:"Google","http://www.google.com"
Combinations are possible: g-index-text:"Technology Index"
Full board list toggle: toggle-all

[ toggle-all ] [current-title] [g-title / a-title / jp-title] [x / wsg / h] [t-text:"Piracy"]
will give you
[ + ] [Technology] [Technology / Anime & Manga / Otaku Culture] [x / wsg / h] [Piracy]
if you are on /g/.
Time Formatting is disabled.
:
Supported format specifiers:
Day: %a, %A, %d, %e
Month: %m, %b, %B
Year: %y, %Y
Hour: %k, %H, %l, %I, %p, %P
Minute: %M
Second: %S
Literal %: %%
Quote Backlinks formatting is disabled.
:
File Info Formatting is disabled.
:
Link: %l (truncated), %L (untruncated), %T (4chan filename)
Filename: %n (truncated), %N (untruncated), %t (4chan filename)
Download button: %d
Spoiler indicator: %p
Size: %B (Bytes), %K (KB), %M (MB), %s (4chan default)
Resolution: %r (Displays 'PDF' for PDF files)
Tag: %g
Literal %: %%
Quick Reply Personas

One item per line.
Items will be added in the relevant input's auto-completion list.
Password items will always be used, since there is no password input.
Lines starting with a # will be ignored.

Unread Favicon is disabled.
Thread Updater is disabled.
Interval: seconds
Custom Cooldown Time
Seconds:
" + innerHTML: "
Archives
404 Redirect is disabled.
Thread redirectionPost fetchingFile redirection

Archive Lists: Each line below should be an archive list in this format or a URL to load an archive list from.
Archive properties can be overriden by another item with the same uid (or if absent, its name).
Last updated:
Captcha Language
Choose from list of language codes. Leave blank to autoselect.
Custom Board Navigation
New lines will be converted into spaces.

In the following examples for /g/, g can be changed to a different board ID (a, b, etc...), the current board (current), or the Twitter link (@).
Board link: g
Archive link: g-archive
Internal archive link: g-expired
Title link: g-title
Board link (Replace with title when on that board): g-replace
Full text link: g-full
Custom text link: g-text:"Install Gentoo"
Index-only link: g-index
Catalog-only link: g-catalog
Index mode: g-mode:"infinite scrolling"
Index sort: g-sort:"creation date"
External link: external-text:"Google","http://www.google.com"
Combinations are possible: g-index-text:"Technology Index"
Full board list toggle: toggle-all

[ toggle-all ] [current-title] [g-title / a-title / jp-title] [x / wsg / h] [t-text:"Piracy"]
will give you
[ + ] [Technology] [Technology / Anime & Manga / Otaku Culture] [x / wsg / h] [Piracy]
if you are on /g/.
Time Formatting is disabled.
:
Supported format specifiers:
Day: %a, %A, %d, %e
Month: %m, %b, %B
Year: %y, %Y
Hour: %k, %H, %l, %I, %p, %P
Minute: %M
Second: %S
Literal %: %%
Quote Backlinks formatting is disabled.
:
File Info Formatting is disabled.
:
Link: %l (truncated), %L (untruncated), %T (4chan filename)
Filename: %n (truncated), %N (untruncated), %t (4chan filename)
Download button: %d
Spoiler indicator: %p
Size: %B (Bytes), %K (KB), %M (MB), %s (4chan default)
Resolution: %r (Displays 'PDF' for PDF files)
Tag: %g
Literal %: %%
Quick Reply Personas

One item per line.
Items will be added in the relevant input's auto-completion list.
Password items will always be used, since there is no password input.
Lines starting with a # will be ignored.

Unread Favicon is disabled.
Thread Updater is disabled.
Interval: seconds
Custom Cooldown Time
Seconds:
Javascript Whitelist
Sources from which Javascript is allowed to be loaded by Content Security Policy.
" }); ref = $$('.warning', section); for (j = 0, len = ref.length; j < len; j++) { @@ -10361,7 +10381,7 @@ Settings = (function() { return $.id('lastarchivecheck').textContent = 'never'; }); items = {}; - ref2 = ['archiveLists', 'archiveAutoUpdate', 'captchaLanguage', 'boardnav', 'time', 'backlink', 'fileInfo', 'QR.personas', 'favicon', 'usercss', 'customCooldown']; + ref2 = ['archiveLists', 'archiveAutoUpdate', 'captchaLanguage', 'boardnav', 'time', 'backlink', 'fileInfo', 'QR.personas', 'favicon', 'usercss', 'customCooldown', 'jsWhitelist']; for (l = 0, len2 = ref2.length; l < len2; l++) { name = ref2[l]; items[name] = Conf[name]; @@ -22440,9 +22460,9 @@ Main = (function() { } window['4chan X antidup'] = true; if (location.hostname === 'www.google.com') { - $.get('Captcha Fixes', true, function(arg) { + $.get('Captcha Fixes', true, function(arg1) { var enabled; - enabled = arg['Captcha Fixes']; + enabled = arg1['Captcha Fixes']; if (enabled) { return $.ready(function() { return Captcha.fixes.init(); @@ -22451,34 +22471,6 @@ Main = (function() { }); return; } - $.global(function() { - var j, len, nuke, prop, ref; - nuke = function(obj, prop) { - try { - return Object.defineProperty(obj, prop, { - configurable: false, - get: function() { - throw new Error(); - }, - set: function() { - throw new Error(); - } - }); - } catch (_error) {} - }; - ref = ['atOptions', 'adsterra_key', 'EpmadsConfig', 'epmads_key', 'EpomConfig', 'epom_key', 'exoDocumentProtocol', 'supp_key']; - for (j = 0, len = ref.length; j < len; j++) { - prop = ref[j]; - nuke(window, prop); - } - }); - $.on(window, 'beforescriptexecute', function(e) { - var host, ref, ref1; - host = (ref = e.target.src.split('/')[2]) != null ? (ref1 = ref.match(/[^.]+\.[^.]+$/)) != null ? ref1[0] : void 0 : void 0; - if (host === 'bnhtml.com' || host === 'ecpmrocks.com' || host === 'advertisation.com' || host === 'exoclick.com' || host === 'n298adserv.com') { - return e.preventDefault(); - } - }); $.on(d, '4chanXInitFinished', function() { if (Main.expectInitFinished) { return delete Main.expectInitFinished; @@ -22515,14 +22507,51 @@ Main = (function() { Conf['Except Archives from Encryption'] = false; Conf['JSON Navigation'] = true; Conf['Oekaki Links'] = true; + $.global(function() { + var k, key, len1, oldFun, ref1, whitelist; + whitelist = document.currentScript.dataset.whitelist; + whitelist = whitelist.split('\n').filter(function(x) { + return x[0] !== "'"; + }); + oldFun = {}; + ref1 = ['createElement', 'write']; + for (k = 0, len1 = ref1.length; k < len1; k++) { + key = ref1[k]; + oldFun[key] = document[key]; + document[key] = (function(key) { + return function(arg) { + var s; + s = document.currentScript; + if (s && s.src && whitelist.indexOf(s.src.split('/').slice(0, 3).join('/')) < 0) { + throw Error(); + } + return oldFun[key].call(document, arg); + }; + })(key); + } + return document.addEventListener('csp-ready', function() { + var results; + results = []; + for (key in oldFun) { + results.push(document[key] = oldFun[key]); + } + return results; + }, false); + }, { + whitelist: Conf['jsWhitelist'] + }); items = {}; for (key in Conf) { items[key] = void 0; } items['previousversion'] = void 0; return $.get(items, function(items) { + var jsWhitelist, ref1; + jsWhitelist = (ref1 = items['jsWhitelist']) != null ? ref1 : Conf['jsWhitelist']; + $.addCSP("script-src " + (jsWhitelist.replace(/[\s;]+/g, ' '))); + $.event('csp-ready'); return $.asap(docSet, function() { - var ref1, val; + var ref2, val; if ($.cantSet) { } else if (items.previousversion == null) { @@ -22535,7 +22564,7 @@ Main = (function() { } for (key in Conf) { val = Conf[key]; - Conf[key] = (ref1 = items[key]) != null ? ref1 : val; + Conf[key] = (ref2 = items[key]) != null ? ref2 : val; } return Main.initFeatures(); }); diff --git a/builds/4chan-X.crx b/builds/4chan-X.crx index 1b9e04a7d..5380e2967 100644 Binary files a/builds/4chan-X.crx and b/builds/4chan-X.crx differ diff --git a/builds/4chan-X.meta.js b/builds/4chan-X.meta.js index 865a9e9ca..a799995c3 100644 --- a/builds/4chan-X.meta.js +++ b/builds/4chan-X.meta.js @@ -1,6 +1,6 @@ // ==UserScript== // @name 4chan X -// @version 1.11.34.7 +// @version 1.11.34.8 // @minGMVer 1.14 // @minFFVer 26 // @namespace 4chan-X diff --git a/builds/4chan-X.user.js b/builds/4chan-X.user.js index 2ba9889d6..9d10843f3 100644 --- a/builds/4chan-X.user.js +++ b/builds/4chan-X.user.js @@ -1,6 +1,6 @@ // ==UserScript== // @name 4chan X -// @version 1.11.34.7 +// @version 1.11.34.8 // @minGMVer 1.14 // @minFFVer 26 // @namespace 4chan-X @@ -134,7 +134,7 @@ docSet = function() { }; g = { - VERSION: '1.11.34.7', + VERSION: '1.11.34.8', NAMESPACE: '4chan X.', boards: {} }; @@ -397,6 +397,7 @@ Config = (function() { 'QR.personas': "#options:\"sage\";boards:jp;always", sjisPreview: false }, + jsWhitelist: 'http://s.4cdn.org\nhttps://s.4cdn.org\nhttp://www.google.com\nhttps://www.google.com\nhttps://www.gstatic.com\n\'unsafe-inline\'\n\'unsafe-eval\'', captchaLanguage: '', time: '%m/%d/%y(%a)%H:%M:%S', backlink: '>>%id', @@ -4122,6 +4123,22 @@ $ = (function() { return style; }; + $.addCSP = function(policy) { + var head, meta; + meta = $.el('meta', { + httpEquiv: 'Content-Security-Policy', + content: policy + }); + if (d.head) { + $.add(d.head, meta); + return $.rm(meta); + } else { + head = $.add(doc || d, $.el('head')); + $.add(head, meta); + return $.rm(head); + } + }; + $.x = function(path, root) { root || (root = d.body); return d.evaluate(path, root, null, 8, null).singleNodeValue; @@ -4349,18 +4366,21 @@ $ = (function() { } })(); - $.globalEval = function(code) { + $.globalEval = function(code, data) { var script; script = $.el('script', { textContent: code }); + if (data) { + $.extend(script.dataset, data); + } $.add(d.head || doc, script); return $.rm(script); }; - $.global = function(fn) { + $.global = function(fn, data) { if (doc) { - return $.globalEval("(" + fn + ")();"); + return $.globalEval("(" + fn + ")();", data); } else { return fn(); } @@ -10342,7 +10362,7 @@ Settings = (function() { advanced: function(section) { var applyCSS, boardSelect, customCSS, event, input, inputs, interval, items, itemsArchive, j, k, l, len, len1, len2, len3, m, name, ref, ref1, ref2, ref3, table, updateArchives, warning; $.extend(section, { - innerHTML: "
Archives
404 Redirect is disabled.
Thread redirectionPost fetchingFile redirection

Archive Lists: Each line below should be an archive list in this format or a URL to load an archive list from.
Archive properties can be overriden by another item with the same uid (or if absent, its name).
Last updated:
Captcha Language
Choose from list of language codes. Leave blank to autoselect.
Custom Board Navigation
New lines will be converted into spaces.

In the following examples for /g/, g can be changed to a different board ID (a, b, etc...), the current board (current), or the Twitter link (@).
Board link: g
Archive link: g-archive
Internal archive link: g-expired
Title link: g-title
Board link (Replace with title when on that board): g-replace
Full text link: g-full
Custom text link: g-text:"Install Gentoo"
Index-only link: g-index
Catalog-only link: g-catalog
Index mode: g-mode:"infinite scrolling"
Index sort: g-sort:"creation date"
External link: external-text:"Google","http://www.google.com"
Combinations are possible: g-index-text:"Technology Index"
Full board list toggle: toggle-all

[ toggle-all ] [current-title] [g-title / a-title / jp-title] [x / wsg / h] [t-text:"Piracy"]
will give you
[ + ] [Technology] [Technology / Anime & Manga / Otaku Culture] [x / wsg / h] [Piracy]
if you are on /g/.
Time Formatting is disabled.
:
Supported format specifiers:
Day: %a, %A, %d, %e
Month: %m, %b, %B
Year: %y, %Y
Hour: %k, %H, %l, %I, %p, %P
Minute: %M
Second: %S
Literal %: %%
Quote Backlinks formatting is disabled.
:
File Info Formatting is disabled.
:
Link: %l (truncated), %L (untruncated), %T (4chan filename)
Filename: %n (truncated), %N (untruncated), %t (4chan filename)
Download button: %d
Spoiler indicator: %p
Size: %B (Bytes), %K (KB), %M (MB), %s (4chan default)
Resolution: %r (Displays 'PDF' for PDF files)
Tag: %g
Literal %: %%
Quick Reply Personas

One item per line.
Items will be added in the relevant input's auto-completion list.
Password items will always be used, since there is no password input.
Lines starting with a # will be ignored.

Unread Favicon is disabled.
Thread Updater is disabled.
Interval: seconds
Custom Cooldown Time
Seconds:
" + innerHTML: "
Archives
404 Redirect is disabled.
Thread redirectionPost fetchingFile redirection

Archive Lists: Each line below should be an archive list in this format or a URL to load an archive list from.
Archive properties can be overriden by another item with the same uid (or if absent, its name).
Last updated:
Captcha Language
Choose from list of language codes. Leave blank to autoselect.
Custom Board Navigation
New lines will be converted into spaces.

In the following examples for /g/, g can be changed to a different board ID (a, b, etc...), the current board (current), or the Twitter link (@).
Board link: g
Archive link: g-archive
Internal archive link: g-expired
Title link: g-title
Board link (Replace with title when on that board): g-replace
Full text link: g-full
Custom text link: g-text:"Install Gentoo"
Index-only link: g-index
Catalog-only link: g-catalog
Index mode: g-mode:"infinite scrolling"
Index sort: g-sort:"creation date"
External link: external-text:"Google","http://www.google.com"
Combinations are possible: g-index-text:"Technology Index"
Full board list toggle: toggle-all

[ toggle-all ] [current-title] [g-title / a-title / jp-title] [x / wsg / h] [t-text:"Piracy"]
will give you
[ + ] [Technology] [Technology / Anime & Manga / Otaku Culture] [x / wsg / h] [Piracy]
if you are on /g/.
Time Formatting is disabled.
:
Supported format specifiers:
Day: %a, %A, %d, %e
Month: %m, %b, %B
Year: %y, %Y
Hour: %k, %H, %l, %I, %p, %P
Minute: %M
Second: %S
Literal %: %%
Quote Backlinks formatting is disabled.
:
File Info Formatting is disabled.
:
Link: %l (truncated), %L (untruncated), %T (4chan filename)
Filename: %n (truncated), %N (untruncated), %t (4chan filename)
Download button: %d
Spoiler indicator: %p
Size: %B (Bytes), %K (KB), %M (MB), %s (4chan default)
Resolution: %r (Displays 'PDF' for PDF files)
Tag: %g
Literal %: %%
Quick Reply Personas

One item per line.
Items will be added in the relevant input's auto-completion list.
Password items will always be used, since there is no password input.
Lines starting with a # will be ignored.

Unread Favicon is disabled.
Thread Updater is disabled.
Interval: seconds
Custom Cooldown Time
Seconds:
Javascript Whitelist
Sources from which Javascript is allowed to be loaded by Content Security Policy.
" }); ref = $$('.warning', section); for (j = 0, len = ref.length; j < len; j++) { @@ -10361,7 +10381,7 @@ Settings = (function() { return $.id('lastarchivecheck').textContent = 'never'; }); items = {}; - ref2 = ['archiveLists', 'archiveAutoUpdate', 'captchaLanguage', 'boardnav', 'time', 'backlink', 'fileInfo', 'QR.personas', 'favicon', 'usercss', 'customCooldown']; + ref2 = ['archiveLists', 'archiveAutoUpdate', 'captchaLanguage', 'boardnav', 'time', 'backlink', 'fileInfo', 'QR.personas', 'favicon', 'usercss', 'customCooldown', 'jsWhitelist']; for (l = 0, len2 = ref2.length; l < len2; l++) { name = ref2[l]; items[name] = Conf[name]; @@ -22440,9 +22460,9 @@ Main = (function() { } window['4chan X antidup'] = true; if (location.hostname === 'www.google.com') { - $.get('Captcha Fixes', true, function(arg) { + $.get('Captcha Fixes', true, function(arg1) { var enabled; - enabled = arg['Captcha Fixes']; + enabled = arg1['Captcha Fixes']; if (enabled) { return $.ready(function() { return Captcha.fixes.init(); @@ -22451,34 +22471,6 @@ Main = (function() { }); return; } - $.global(function() { - var j, len, nuke, prop, ref; - nuke = function(obj, prop) { - try { - return Object.defineProperty(obj, prop, { - configurable: false, - get: function() { - throw new Error(); - }, - set: function() { - throw new Error(); - } - }); - } catch (_error) {} - }; - ref = ['atOptions', 'adsterra_key', 'EpmadsConfig', 'epmads_key', 'EpomConfig', 'epom_key', 'exoDocumentProtocol', 'supp_key']; - for (j = 0, len = ref.length; j < len; j++) { - prop = ref[j]; - nuke(window, prop); - } - }); - $.on(window, 'beforescriptexecute', function(e) { - var host, ref, ref1; - host = (ref = e.target.src.split('/')[2]) != null ? (ref1 = ref.match(/[^.]+\.[^.]+$/)) != null ? ref1[0] : void 0 : void 0; - if (host === 'bnhtml.com' || host === 'ecpmrocks.com' || host === 'advertisation.com' || host === 'exoclick.com' || host === 'n298adserv.com') { - return e.preventDefault(); - } - }); $.on(d, '4chanXInitFinished', function() { if (Main.expectInitFinished) { return delete Main.expectInitFinished; @@ -22515,14 +22507,51 @@ Main = (function() { Conf['Except Archives from Encryption'] = false; Conf['JSON Navigation'] = true; Conf['Oekaki Links'] = true; + $.global(function() { + var k, key, len1, oldFun, ref1, whitelist; + whitelist = document.currentScript.dataset.whitelist; + whitelist = whitelist.split('\n').filter(function(x) { + return x[0] !== "'"; + }); + oldFun = {}; + ref1 = ['createElement', 'write']; + for (k = 0, len1 = ref1.length; k < len1; k++) { + key = ref1[k]; + oldFun[key] = document[key]; + document[key] = (function(key) { + return function(arg) { + var s; + s = document.currentScript; + if (s && s.src && whitelist.indexOf(s.src.split('/').slice(0, 3).join('/')) < 0) { + throw Error(); + } + return oldFun[key].call(document, arg); + }; + })(key); + } + return document.addEventListener('csp-ready', function() { + var results; + results = []; + for (key in oldFun) { + results.push(document[key] = oldFun[key]); + } + return results; + }, false); + }, { + whitelist: Conf['jsWhitelist'] + }); items = {}; for (key in Conf) { items[key] = void 0; } items['previousversion'] = void 0; return $.get(items, function(items) { + var jsWhitelist, ref1; + jsWhitelist = (ref1 = items['jsWhitelist']) != null ? ref1 : Conf['jsWhitelist']; + $.addCSP("script-src " + (jsWhitelist.replace(/[\s;]+/g, ' '))); + $.event('csp-ready'); return $.asap(docSet, function() { - var ref1, val; + var ref2, val; if ($.cantSet) { } else if (items.previousversion == null) { @@ -22535,7 +22564,7 @@ Main = (function() { } for (key in Conf) { val = Conf[key]; - Conf[key] = (ref1 = items[key]) != null ? ref1 : val; + Conf[key] = (ref2 = items[key]) != null ? ref2 : val; } return Main.initFeatures(); }); diff --git a/builds/4chan-X.zip b/builds/4chan-X.zip index 3892731fa..668900db2 100644 Binary files a/builds/4chan-X.zip and b/builds/4chan-X.zip differ diff --git a/builds/updates-beta.xml b/builds/updates-beta.xml index 62e86f95f..a99502cad 100644 --- a/builds/updates-beta.xml +++ b/builds/updates-beta.xml @@ -1,7 +1,7 @@ - + diff --git a/builds/updates.xml b/builds/updates.xml index d467f8cd8..9ec65a050 100644 --- a/builds/updates.xml +++ b/builds/updates.xml @@ -1,7 +1,7 @@ - + diff --git a/version.json b/version.json index 04f6cd062..917b881a2 100644 --- a/version.json +++ b/version.json @@ -1,4 +1,4 @@ { - "version": "1.11.34.7", - "date": "2016-05-21T23:22:22.437Z" + "version": "1.11.34.8", + "date": "2016-06-03T03:25:30.866Z" } \ No newline at end of file