[HTTPS-Everywhere] Fwd: Safari
Chris Aljoudi
chris at chrismatic.io
Tue Nov 11 18:29:27 PST 2014
Hi!
As per Jacob’s request, here’s our exchange regarding building an HTTPS Everywhere Safari extension.
The threaded quotes are in reverse chronological order. I hope that’s bearable.
- Chris.
Chris Aljoudi
Design. UI/UX. Technology.
Web: https://chrismatic.io/ <https://chrismatic.io/>
Google Voice: +1 (719) 344-2483
> Begin forwarded message:
>
>> On Nov 11, 2014, at 6:54 PM, Jacob S Hoffman-Andrews <jsha at eff.org <mailto:jsha at eff.org>> wrote:
>>
>> This is great! Mind re-posting to the list for posterity, then I'll follow up there?
>> On 11/11/2014 05:47 PM, Chris Aljoudi wrote:
>>> Hi Jacob!
>>>
>>> /beforeNavigate/ doesn’t fire for subresources within the page, but Safari’s /befloreload/ does exactly that (it fires before loading subresources. To quote the Safari documentation:
>>>
>>> The |"beforeload"| event is generated before loading every script,
>>> iframe, image, or style sheet specified in the webpage, for example.
>>>
>>> AdBlock Plus for Safari uses the /beforeload/ event (see https://hg.adblockplus.org/adblockpluschrome/file/67e68cc8e32b/safari/ext/content.js#l58 <https://hg.adblockplus.org/adblockpluschrome/file/67e68cc8e32b/safari/ext/content.js#l58> for the general idea).
>>>
>>> I don’t already know of other Safari extensions that rewrite URLs in /beforeNavigate/, but here’s Apple’s documentation: https://developer.apple.com/library/safari/documentation/Tools/Conceptual/SafariExtensionGuide/WorkingwithWindowsandTabs/WorkingwithWindowsandTabs.html <https://developer.apple.com/library/safari/documentation/Tools/Conceptual/SafariExtensionGuide/WorkingwithWindowsandTabs/WorkingwithWindowsandTabs.html>
>>>
>>> Well, the link above includes a bunch of stuff, but does talk about /beforeNavigate/.
>>>
>>> Let me know and I can start writing the Safari extension (and will try to conform as much as possible to the source of the already-existent extensions).
>>>
>>> - Chris.
>>>
>>>> On Nov 11, 2014, at 6:36 PM, Jacob S Hoffman-Andrews <jsha at eff.org <mailto:jsha at eff.org> <mailto:jsha at eff.org <mailto:jsha at eff.org>>> wrote:
>>>>
>>>> That does indeed sound like it should work. Is it possible to also rewrite resources within the page that way, or is it only the top-level frame? Could you send a reference to the documentation of beforeNavigate? Are you aware of other Safari extensions that rewrite URLs in beforeNavigate?
>>>>
>>>> This sounds very promising, and assuming it all looks good, it would be awesome for you to write a proof-of-concept Safari version!
>>>>
>>>> On 11/11/2014 05:23 PM, Chris Aljoudi wrote:
>>>>> Hi!
>>>>>
>>>>> Chris here (JavaScript; UI/UX design). I note you mentioned that the reason HTTPS Everywhere isn’t available for Safari is the inability to do safe rewrites (indeed, window.location, etc. aren’t safe).
>>>>>
>>>>> I’ve written a few extensions for Safari (I’ve moved to Safari from Chrome), and I believe an extension can rewrite a URL safely by listening to the Safari's /beforeNavigate/ event and changing the URL if necessary (the event is fired before the request is sent).
>>>>>
>>>>> I think that seems like it'd work. I’d love to help in any way I can if you’re interested (including writing a preliminary version of the Safari extension using the already-existent ones as a guide).
>>>>>
>>>>> Thanks,
>>>>> - Chris.
>>>>>
>>>>> Chris Aljoudi
>>>>> Design. UI/UX. Technology.
>>>>> Web: https://chrismatic.io/ <https://chrismatic.io/>
>>>>> Google Voice: +1 (719) 344-2483
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> HTTPS-Everywhere mailing list
>>>>> HTTPS-Everywhere at lists.eff.org <mailto:HTTPS-Everywhere at lists.eff.org> <mailto:HTTPS-Everywhere at lists.eff.org <mailto:HTTPS-Everywhere at lists.eff.org>>
>>>>> https://lists.eff.org/mailman/listinfo/https-everywhere <https://lists.eff.org/mailman/listinfo/https-everywhere>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.eff.org/pipermail/https-everywhere/attachments/20141111/eb515dcd/attachment.html>
More information about the HTTPS-Everywhere
mailing list