From c3cb290266c4adc3644894643180884552525840 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 13 Jan 2020 00:43:47 +0000 Subject: [PATCH] Updated 4.2.1 User Scripts (markdown) --- 4.2.1-User-Scripts.md | 59 +++++++++++++++++++++++-------------------- 1 file changed, 32 insertions(+), 27 deletions(-) diff --git a/4.2.1-User-Scripts.md b/4.2.1-User-Scripts.md index 0050537..2735d1f 100644 --- a/4.2.1-User-Scripts.md +++ b/4.2.1-User-Scripts.md @@ -1,15 +1,11 @@ -We recommend [Violentmonkey](https://addons.mozilla.org/firefox/addon/violentmonkey/), [Greasemonkey](https://addons.mozilla.org/firefox/addon/greasemonkey/) or [FireMonkey](https://addons.mozilla.org/firefox/addon/firemonkey/) - -👀 To test if a userscript is fingerprintable in any way, use CanvasBlocker's [Detection Tests](https://canvasblocker.kkapsner.de/test/detectionTest.html) +some scripts... --- - ### :small_orange_diamond: window.opener be gone * Author: [earthlng](https://github.com/earthlng) * Description: See [this](https://www.ghacks.net/2017/01/24/web-security-add-relnoopener-to-external-links/) ghacks article about rel=noopener - * Works with: Greasemonkey | FireMonkey * Test: https://mathiasbynens.github.io/rel-noopener/ ```js @@ -41,38 +37,47 @@ if (window.opener !== null) { ### :small_orange_diamond: Conceal history.length -👼 Don't use this. If required (it's debatable if it really achieves anything), use [CanvasBlocker](https://addons.mozilla.org/en-US/firefox/addon/canvasblocker/), which supports `history.length` spoofing without leaking the custom function (see "History API") - -
'Conceal history.length' userscript

- - * Author: [Thorin-Oakenpants](https://github.com/Thorin-Oakenpants) + * Author: [earthlng](https://github.com/earthlng) * Description: This does not break history in any way. It just lies to any JS asking about it * Test: [BrowserSpy.dk](https://browserspy.dk/document.php) ```js // ==UserScript== -// @name Conceal history.length -// @description Intercepts read access to history.length property -// @namespace localhost -// @include * +// @name Conceal window.name +// @version 2.0 +// @match http://*/* +// @match https://*/* +// @exclude /^https://www\.google\.com/recaptcha/api2/(?:anchor|frame)\?.+$/ // @run-at document-start -// @version 1.0.1 -// @grant none +// @namespace ghacksuserjs +// @grant GM.notification // ==/UserScript== -let _history={length:history.length}; -Object.defineProperty(history,'length',{ - get: function() { - if (_history.length > 2) { - return 2; - } else { - return _history.length; - } - } -}); +const windowNames = new WeakMap(); +const unsafeWindow = window.wrappedJSObject; +const descriptor = Object.getOwnPropertyDescriptor(unsafeWindow, 'name'); +const originalget = descriptor.get; +const originalset = descriptor.set; +const fakeobj = { + get name() { + const originalName = originalget.apply(this); + const returnedName = windowNames.get(window) || ''; + if (originalName !== returnedName) + GM.notification('Intercepted read access to window.name "'+originalName+'" from '+window.location); + return returnedName; + }, + set name(newname) { + originalset.apply(this, window.Array.from(arguments)); + windowNames.set(window, newname); + } +}; + +descriptor.get = exportFunction(Object.getOwnPropertyDescriptor(fakeobj, 'name').get, window); +descriptor.set = exportFunction(Object.getOwnPropertyDescriptor(fakeobj, 'name').set, window); + +Reflect.defineProperty(unsafeWindow, 'name', descriptor); ``` -

---