diff --git a/4.2.1-User-Scripts.md b/4.2.1-User-Scripts.md index fe24fa7..bcc49e7 100644 --- a/4.2.1-User-Scripts.md +++ b/4.2.1-User-Scripts.md @@ -1,7 +1,40 @@ -We recommend [Violentmonkey](https://addons.mozilla.org/firefox/addon/violentmonkey/) or similar to run these +We recommend [Violentmonkey](https://addons.mozilla.org/firefox/addon/violentmonkey/), [Greasemonkey](https://addons.mozilla.org/firefox/addon/greasemonkey/) or [FireMonkey](https://addons.mozilla.org/firefox/addon/firemonkey/) -- ⚠️ These require `@run-at document-start` and may not work due to limitations in the web extensions API -- ⚠️ userscripts can easily be detected - see CanvasBlocker's [Detection Tests](https://canvasblocker.kkapsner.de/test/detectionTest.html) +👀 To test if a userscript is detected in any way, use CanvasBlocker's [Detection Tests](https://canvasblocker.kkapsner.de/test/detectionTest.html) + +--- + + +### :small_orange_diamond: window.opener be gone + + * Author: [earthlng](https://github.com/earthlng) + * Description: See [this](https://www.ghacks.net/2017/01/24/web-security-add-relnoopener-to-external-links/) ghacks article about rel=noopener + * Works with: Greasemonkey and FireMonkey + * Test: https://mathiasbynens.github.io/rel-noopener/ + +```js +// ==UserScript== +// @name window.opener be gone +// @description Prevents tampering with window.opener. +// @version 2.0 +// @match http://*/* +// @match https://*/* +// @exclude https://www.catalog.update.microsoft.com/DownloadDialog.aspx +// @run-at document-start +// Keys for GM: +// @namespace ghacksuserjs +// @grant GM.notification +// Keys for FM: +// @matchAboutBlank true +// ==/UserScript== + +if (window.opener !== null) { + window.opener = null; + + GM.notification('Cleared window.opener!'); + console.warn('Cleared window.opener @ ' + document.location.toString()); +} +``` --- @@ -88,36 +121,3 @@ Object.defineProperty(window,'name',{ ```
---- - -### :small_orange_diamond: Clear window.opener - -👼 Don't use this. Instead use earthlng 's strict [windows.opener be gone](https://github.com/earthlng/testpages/) or [CanvasBlocker](https://addons.mozilla.org/firefox/addon/canvasblocker/), which supports `window.opener` protection with whitelisting (see CB's "Window API") - -- - * Author: [earthlng](https://github.com/earthlng) - * Description: See [this](https://www.ghacks.net/2017/01/24/web-security-add-relnoopener-to-external-links/) ghacks article about rel=noopener - * Test: https://mathiasbynens.github.io/rel-noopener/ - * :exclamation: This does NOT (currently) work with Web Extensions - - -```js -// ==UserScript== -// @name Clear window.opener -// @description Prevents tampering with window.opener. -// @namespace localhost -// @include * -// @run-at document-start -// @version 1.0 -// @grant none -// ==/UserScript== - -if (window.opener != null) -{ -window.opener = null; -console.warn('Cleared window.opener!'); -} -``` -