[HTTPS-Everywhere] Fwd: Safari

Tue Nov 11 18:37:04 PST 2014

It sounds like a Safari port is now viable. I'd recommend starting with a small proud - of - concept that rewrites just one URL, then integrating the rest of the HTTPS Everywhere code. It's worth noting that the chrome port and the original Firefox extension diverge significantly, so keep that in mind when adapting. I'd love to be able to port out the rewriting rules into a common location.

On Nov 11, 2014 6:29 PM, Chris Aljoudi <chris at chrismatic.io> wrote:
>
> Hi!
>
> As per Jacob’s request, here’s our exchange regarding building an HTTPS Everywhere Safari extension.
>
> The threaded quotes are in reverse chronological order. I hope that’s bearable.
>
> - Chris.
>
> Chris Aljoudi
> Design. UI/UX. Technology.
> Web: https://chrismatic.io/
> Google Voice: +1 (719) 344-2483
>
>> Begin forwarded message:
>>>
>>>
>
>>>> On Nov 11, 2014, at 6:54 PM, Jacob S Hoffman-Andrews <jsha at eff.org> wrote:
>>>>
>>>> This is great! Mind re-posting to the list for posterity, then I'll follow up there?
>>>> On 11/11/2014 05:47 PM, Chris Aljoudi wrote:
>>>>>
>>>>> Hi Jacob!
>>>>>
>>>>> /beforeNavigate/ doesn’t fire for subresources within the page, but Safari’s /befloreload/ does exactly that (it fires before loading subresources. To quote the Safari documentation:
>>>>>
>>>>>    The |"beforeload"| event is generated before loading every script,
>>>>>    iframe, image, or style sheet specified in the webpage, for example.
>>>>>
>>>>> AdBlock Plus for Safari uses the /beforeload/ event (see https://hg.adblockplus.org/adblockpluschrome/file/67e68cc8e32b/safari/ext/content.js#l58 for the general idea).
>>>>>
>>>>> I don’t already know of other Safari extensions that rewrite URLs in /beforeNavigate/, but here’s Apple’s documentation: https://developer.apple.com/library/safari/documentation/Tools/Conceptual/SafariExtensionGuide/WorkingwithWindowsandTabs/WorkingwithWindowsandTabs.html
>>>>>
>>>>> Well, the link above includes a bunch of stuff, but does talk about /beforeNavigate/.
>>>>>
>>>>> Let me know and I can start writing the Safari extension (and will try to conform as much as possible to the source of the already-existent extensions).
>>>>>
>>>>> - Chris.
>>>>>
>>>>>> On Nov 11, 2014, at 6:36 PM, Jacob S Hoffman-Andrews <jsha at eff.org <mailto:jsha at eff.org>> wrote:
>>>>>>
>>>>>> That does indeed sound like it should work. Is it possible to also rewrite resources within the page that way, or is it only the top-level frame? Could you send a reference to the documentation of beforeNavigate? Are you aware of other Safari extensions that rewrite URLs in beforeNavigate?
>>>>>>
>>>>>> This sounds very promising, and assuming it all looks good, it would be awesome for you to write a proof-of-concept Safari version!
>>>>>>
>>>>>> On 11/11/2014 05:23 PM, Chris Aljoudi wrote:
>>>>>>>
>>>>>>> Hi!
>>>>>>>
>>>>>>> Chris here (JavaScript; UI/UX design). I note you mentioned that the reason HTTPS Everywhere isn’t available for Safari is the inability to do safe rewrites (indeed, window.location, etc. aren’t safe).
>>>>>>>
>>>>>>> I’ve written a few extensions for Safari (I’ve moved to Safari from Chrome), and I believe an extension can rewrite a URL safely by listening to the Safari's /beforeNavigate/ event and changing the URL if necessary (the event is fired before the request is sent).
>>>>>>>
>>>>>>> I think that seems like it'd work. I’d love to help in any way I can if you’re interested (including writing a preliminary version of the Safari extension using the already-existent ones as a guide).
>>>>>>>
>>>>>>> Thanks,
>>>>>>> - Chris.
>>>>>>>
>>>>>>> Chris Aljoudi
>>>>>>> Design. UI/UX. Technology.
>>>>>>> Web: https://chrismatic.io/
>>>>>>> Google Voice: +1 (719) 344-2483
>>>>>>>
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> HTTPS-Everywhere mailing list
>>>>>>> HTTPS-Everywhere at lists.eff.org <mailto:HTTPS-Everywhere at lists.eff.org>
>>>>>>> https://lists.eff.org/mailman/listinfo/https-everywhere
>>>
>>>
>