[HTTPS-Everywhere] Fwd: Safari

Chris Aljoudi chris at chrismatic.io
Tue Nov 11 18:29:27 PST 2014 

Hi!

As per Jacob’s request, here’s our exchange regarding building an HTTPS Everywhere Safari extension.

The threaded quotes are in reverse chronological order. I hope that’s bearable.

- Chris.

Chris Aljoudi
Design. UI/UX. Technology.
Web: https://chrismatic.io/ <https://chrismatic.io/>
Google Voice: +1 (719) 344-2483

> Begin forwarded message:
> 

>> On Nov 11, 2014, at 6:54 PM, Jacob S Hoffman-Andrews <jsha at eff.org <mailto:jsha at eff.org>> wrote:
>> 
>> This is great! Mind re-posting to the list for posterity, then I'll follow up there?
>> On 11/11/2014 05:47 PM, Chris Aljoudi wrote:
>>> Hi Jacob!
>>> 
>>> /beforeNavigate/ doesn’t fire for subresources within the page, but Safari’s /befloreload/ does exactly that (it fires before loading subresources. To quote the Safari documentation:
>>> 
>>>    The |"beforeload"| event is generated before loading every script,
>>>    iframe, image, or style sheet specified in the webpage, for example.
>>> 
>>> AdBlock Plus for Safari uses the /beforeload/ event (see https://hg.adblockplus.org/adblockpluschrome/file/67e68cc8e32b/safari/ext/content.js#l58 <https://hg.adblockplus.org/adblockpluschrome/file/67e68cc8e32b/safari/ext/content.js#l58> for the general idea).
>>> 
>>> I don’t already know of other Safari extensions that rewrite URLs in /beforeNavigate/, but here’s Apple’s documentation: https://developer.apple.com/library/safari/documentation/Tools/Conceptual/SafariExtensionGuide/WorkingwithWindowsandTabs/WorkingwithWindowsandTabs.html <https://developer.apple.com/library/safari/documentation/Tools/Conceptual/SafariExtensionGuide/WorkingwithWindowsandTabs/WorkingwithWindowsandTabs.html>
>>> 
>>> Well, the link above includes a bunch of stuff, but does talk about /beforeNavigate/.
>>> 
>>> Let me know and I can start writing the Safari extension (and will try to conform as much as possible to the source of the already-existent extensions).
>>> 
>>> - Chris.
>>> 
>>>> On Nov 11, 2014, at 6:36 PM, Jacob S Hoffman-Andrews <jsha at eff.org <mailto:jsha at eff.org> <mailto:jsha at eff.org <mailto:jsha at eff.org>>> wrote:
>>>> 
>>>> That does indeed sound like it should work. Is it possible to also rewrite resources within the page that way, or is it only the top-level frame? Could you send a reference to the documentation of beforeNavigate? Are you aware of other Safari extensions that rewrite URLs in beforeNavigate?
>>>> 
>>>> This sounds very promising, and assuming it all looks good, it would be awesome for you to write a proof-of-concept Safari version!
>>>> 
>>>> On 11/11/2014 05:23 PM, Chris Aljoudi wrote:
>>>>> Hi!
>>>>> 
>>>>> Chris here (JavaScript; UI/UX design). I note you mentioned that the reason HTTPS Everywhere isn’t available for Safari is the inability to do safe rewrites (indeed, window.location, etc. aren’t safe).
>>>>> 
>>>>> I’ve written a few extensions for Safari (I’ve moved to Safari from Chrome), and I believe an extension can rewrite a URL safely by listening to the Safari's /beforeNavigate/ event and changing the URL if necessary (the event is fired before the request is sent).
>>>>> 
>>>>> I think that seems like it'd work. I’d love to help in any way I can if you’re interested (including writing a preliminary version of the Safari extension using the already-existent ones as a guide).
>>>>> 
>>>>> Thanks,
>>>>> - Chris.
>>>>> 
>>>>> Chris Aljoudi
>>>>> Design. UI/UX. Technology.
>>>>> Web: https://chrismatic.io/ <https://chrismatic.io/>
>>>>> Google Voice: +1 (719) 344-2483
>>>>> 
>>>>> 
>>>>> _______________________________________________
>>>>> HTTPS-Everywhere mailing list
>>>>> HTTPS-Everywhere at lists.eff.org <mailto:HTTPS-Everywhere at lists.eff.org> <mailto:HTTPS-Everywhere at lists.eff.org <mailto:HTTPS-Everywhere at lists.eff.org>>
>>>>> https://lists.eff.org/mailman/listinfo/https-everywhere <https://lists.eff.org/mailman/listinfo/https-everywhere>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.eff.org/pipermail/https-everywhere/attachments/20141111/eb515dcd/attachment.html>

More information about the HTTPS-Everywhere mailing list