Our great sponsors
-
SurveyJS
Open-Source JSON Form Builder to Create Dynamic Forms Right in Your App. With SurveyJS form UI libraries, you can build and style forms in a fully-integrated drag & drop form builder, render them in your JS app, and store form submission data in any backend, inc. PHP, ASP.NET Core, and Node.js.
-
-
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
I'd like clarification on something. I've spent an hour or two trying to figure this out to no avail, so I suspect many other people might be wondering the same thing I am.
Examining the Manifest V3 changes more closely (https://developer.chrome.com/docs/extensions/mv3/intro/mv3-o...), and comparing/contrasting to what uBlock Origin themselves say about it (https://support.ublock.org/hc/en-us/articles/11749958544275-...), I can understand the cause of one of uBO's problems with V3... but not the other.
The cause of "Allow List Limits" is clear: uBO Lite will be forced to use declarativeNetRequest; and declarativeNetRequest imposes limits on the size of the ruleset you can "declare".
But I'm confused about uBO's point on "Ad Blocking Quality". It seems that Manifest V3 only restricts 1. the use of eval(), and 2. the loading of remote-origin scripts into the DOM and/or as service-worker modules. It doesn't restrict the use of remote-origin-loaded data files generally; which I would presume means that uBO would still be able to use its service-worker to periodically fetch and update its lists.
Is there some part of the way uBO supports its lists, that requires arbitrary remote code execution? If so: why, exactly?
(It might seem at first blush that the literal answer is this feature: https://github.com/gorhill/uBlock/wiki/Static-filter-syntax#... ... but it actually isn't, as you don't write actual JS to be eval()ed in these rules, but rather just name a function that's already burned into the extension locally as part of its "scriptlet resource library".)
Is it instead, just the way that these rules get "baked down" into in-page logic? Does uBO compile the lists into a bunch of Javascript source-code, and then have the page evalScript() that code?
And if that is the blocking issue — and I'm still not clear that it is — then wouldn't there be other workarounds for this?
For example, sticking the generated JS code into a data: URL and then dropping it into the page as a tag. Or even, at worst, swapping out feeding the page "JS source code", for feeding the page a (static!) <i>interpreter</i>, and then having that <i>interpreter</i> receive instructions as regular ol' data from the uBO service-worker? (Maybe that'd violate uBO's performance goals, I suppose? But it wouldn't have to do it on every page; only on pages that it knows from the ruleset can't be blocked entirely declaratively.)
You should check https://github.com/filips123/PWAsForFirefox and Firefox Container Manager extension :)
AIUI it's because declarativeNetRequests requires the filters to be specified statically, see https://developer.chrome.com/docs/extensions/reference/decla...
Also note that the site you linked is for UBlock, which is a different extension from UBlock Origin. The UBlock Origin Lite (UBlock Origin for MV3) page has an explanation: https://github.com/uBlockOrigin/uBOL-home/wiki/Frequently-as...
As far as Microsoft is concerned, they're large enough to fork Chromium if they wanted to, just like how Google forked Webkit into Blink. Every other organization that ships a Chromium-based browser is fully at Google's mercy; Google holds the keys to the kingdom: https://chromium.googlesource.com/chromium/src/
Firefox sync uses end-to-end encryption: https://support.mozilla.org/en-US/kb/how-firefox-sync-keeps-..., https://github.com/mozilla/fxa-auth-server/wiki/onepw-protoc....
There's nothing mandatory about the initial shortcuts - just remove them. It's trivial to change your search engine to Duck Duck Go too.
Related posts
- Apr 24th is JavaScript Naked Day – Browse the web without JavaScript
- Some notes on Firefox's media autoplay settings in practice as of Firefox 124
- X.org Server Clears Out Remnants for Supporting Old Compilers
- Brave Leo now uses Mixtral 8x7B as default
- Mozilla thinks Apple, Google, Microsoft should play fair