diff --git a/4.2.1-User-Scripts.md b/4.2.1-User-Scripts.md index 959acfd..b041580 100644 --- a/4.2.1-User-Scripts.md +++ b/4.2.1-User-Scripts.md @@ -1,17 +1,15 @@ We recommend [Violentmonkey](https://addons.mozilla.org/firefox/addon/violentmonkey/) or similar to run these -:exclamation: These require `@run-at document-start` and may not work due to limitations in the web extensions API: as of 20-Apr-2018; - * Violentmonkey: all but conceal window.opener work, which we've made into an [extension](https://github.com/ghacksuserjs/ghacks-user.js/wiki/4.1-Extensions), see `window.opener be gone` - * Greasemonkey : all three work with the `legacy extension` but not the 4.x+ `web extension` branch +- ⚠️ These require `@run-at document-start` and may not work due to limitations in the web extensions API +- ⚠️ userscripts can easily be detected - see CanvasBlocker's [Detection Tests](https://canvasblocker.kkapsner.de/test/detectionTest.html) -If you would like to submit any scripts to be added to this list, please post a [new issue](https://github.com/ghacksuserjs/ghacks-user.js/issues/new) for consideration, thanks. Please stick to scripts that deal with increasing security/privacy, and reducing tracking/fingerprinting. +--- ### :small_orange_diamond: Conceal history.length * Author: [Thorin-Oakenpants](https://github.com/Thorin-Oakenpants) - * Description: This does not break history in any way. It just lies to any JS asking about it. Your actual (max) history is controlled by `browser.sessionhistory.max_entries` which is a per tab setting. + * Description: This does not break history in any way. It just lies to any JS asking about it * Test: [BrowserSpy.dk](https://browserspy.dk/document.php) - * :exclamation: **This userscript is easily detectable !** - * [CanvasBlocker](https://addons.mozilla.org/en-US/firefox/addon/canvasblocker/) (v0.5.3-RC1 and newer) supports `history.length` spoofing without leaking the custom function. (see "History API") + * [CanvasBlocker](https://addons.mozilla.org/en-US/firefox/addon/canvasblocker/) supports `history.length` spoofing without leaking the custom function (see "History API")
'Conceal history.length' userscript

@@ -40,6 +38,8 @@ Object.defineProperty(history,'length',{ ```

+--- + ### :small_orange_diamond: Conceal window.name * Author: Chris Rider * Description: See [bugzilla 444222](https://bugzilla.mozilla.org/show_bug.cgi?id=444222) @@ -47,8 +47,7 @@ Object.defineProperty(history,'length',{ * Note: you need to add `http://ip-check.info/?lang=en` as an exception. This is the landing page with the "Test" link on it. Without this exception you cannot do the test. To add an exception go to your User Script and click Options and add it under "Excluded Pages" * reported breakage: *may* interfere with Google's reCAPTCHA (the script is now 3 years old) * reported breakage (3rd party): paypal, disqus (just add exceptions) - * :exclamation: **This userscript is easily detectable !** - * [CanvasBlocker](https://addons.mozilla.org/firefox/addon/canvasblocker/) (v0.5.3-RC1 and newer) supports `window.name` protection without leaking the custom function. (see CB's "Window API" and [how to unbreak reCaptcha](https://github.com/kkapsner/CanvasBlocker/issues/231#issuecomment-416919273)) + * [CanvasBlocker](https://addons.mozilla.org/firefox/addon/canvasblocker/) supports `window.name` protection without leaking the custom function (see CB's "Window API" and [how to unbreak reCaptcha](https://github.com/kkapsner/CanvasBlocker/issues/231#issuecomment-416919273))
'Conceal window.name' userscript

@@ -85,12 +84,14 @@ Object.defineProperty(window,'name',{ ```

+--- + ### :small_orange_diamond: Clear window.opener * Author: [earthlng](https://github.com/earthlng) * Description: See [this](https://www.ghacks.net/2017/01/24/web-security-add-relnoopener-to-external-links/) ghacks article about rel=noopener * Test: https://mathiasbynens.github.io/rel-noopener/ * :exclamation: This does NOT (currently) work with Web Extensions, instead you can use the `windows.opener be gone` extension listed on the wiki [extensions](https://github.com/ghacksuserjs/ghacks-user.js/wiki/4.1-Extensions) page - * [CanvasBlocker](https://addons.mozilla.org/firefox/addon/canvasblocker/) also supports `window.opener` protection since v0.5.3-RC1. (see CB's "Window API") + * [CanvasBlocker](https://addons.mozilla.org/firefox/addon/canvasblocker/) also supports `window.opener` protection (see CB's "Window API")
'Clear window.opener' userscript

@@ -113,12 +114,3 @@ console.warn('Cleared window.opener!'); ```

-### :small_orange_diamond: Other Scripts - -These scripts are not written, maintained, or tested by us. It is your responsibility to make sure they keep working. - -* [Disable AutofillPhishing](https://github.com/AdguardTeam/Userscripts/blob/master/disableAutofillPhishing/disable-autofill-phishing.user.js) - * Disables autofill of input fields *which are not on the screen* - * Note: The `ghacks user.js` disables all autofill -* [remove_t.co](https://github.com/kkren/remove_t.co/blob/master/removetco.user.js) - * Bypass t.co redirection from Twitter external links