From f252d43ba649e553cdc01bf02d5ce1722fcdfc91 Mon Sep 17 00:00:00 2001 From: earthlng Date: Wed, 29 Aug 2018 16:16:24 +0000 Subject: [PATCH] Updated 4.2.1 User Scripts (markdown) --- 4.2.1-User-Scripts.md | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/4.2.1-User-Scripts.md b/4.2.1-User-Scripts.md index 469673d..96db661 100644 --- a/4.2.1-User-Scripts.md +++ b/4.2.1-User-Scripts.md @@ -10,6 +10,10 @@ If you would like to submit any scripts to be added to this list, please post a * Author: [Thorin-Oakenpants](https://github.com/Thorin-Oakenpants) * Description: This does not break history in any way. It just lies to any JS asking about it. Your actual (max) history is controlled by `browser.sessionhistory.max_entries` which is a per tab setting. * Test: [BrowserSpy.dk](http://browserspy.dk/document.php) + * :exclamation: **This userscript is easily detectable !** + * [CanvasBlocker](https://addons.mozilla.org/en-US/firefox/addon/canvasblocker/) (v0.5.3-RC1 and newer) supports `history.length` spoofing without leaking the custom function. (see "History API") + +
'Conceal history.length' userscript

```js // ==UserScript== @@ -34,13 +38,18 @@ Object.defineProperty(history,'length',{ }); ``` +

### :small_orange_diamond: Conceal window.name * Author: Chris Rider * Description: See [bugzilla 444222](https://bugzilla.mozilla.org/show_bug.cgi?id=444222) * Test: [JonDonym](http://ip-check.info/?lang=en) - * Note: :exclamation: you need to add `http://ip-check.info/?lang=en` as an exception. This is the landing page with the "Test" link on it. Without this exception, you cannot do the test. To add an exception go to your User Script and click Options and add it under "Excluded Pages" + * Note: you need to add `http://ip-check.info/?lang=en` as an exception. This is the landing page with the "Test" link on it. Without this exception you cannot do the test. To add an exception go to your User Script and click Options and add it under "Excluded Pages" * reported breakage (3rd party): paypal, disqus (just add exceptions) + * :exclamation: **This userscript is easily detectable !** + * [CanvasBlocker](https://addons.mozilla.org/en-US/firefox/addon/canvasblocker/) (v0.5.3-RC1 and newer) supports `window.name` protection without leaking the custom function. (see CB's "Window API" and [how to unbreak reCaptcha](https://github.com/kkapsner/CanvasBlocker/issues/231#issuecomment-416919273)) + +
'Conceal window.name' userscript

```js // ==UserScript== @@ -73,12 +82,16 @@ Object.defineProperty(window,'name',{ } }); ``` +

### :small_orange_diamond: Clear window.opener * Author: [earthlng](https://github.com/earthlng) * Description: See [this](https://www.ghacks.net/2017/01/24/web-security-add-relnoopener-to-external-links/) ghacks article about rel=noopener * Test: https://mathiasbynens.github.io/rel-noopener/ * :exclamation: This does NOT (currently) work with Web Extensions, instead you can use the `windows.opener be gone` extension listed on the wiki [extensions](https://github.com/ghacksuserjs/ghacks-user.js/wiki/4.1-Extensions) page + * [CanvasBlocker](https://addons.mozilla.org/en-US/firefox/addon/canvasblocker/) also supports `window.opener` protection since v0.5.3-RC1. (see CB's "Window API") + +
'Clear window.opener' userscript

```js // ==UserScript== @@ -97,6 +110,7 @@ window.opener = null; console.warn('Cleared window.opener!'); } ``` +

### :small_orange_diamond: Other Scripts