Related issues:
- https://github.com/uBlockOrigin/uBlock-issues/issues/1116
- https://github.com/uBlockOrigin/uBlock-issues/issues/984
It has been found that the two malware lists uBO uses by
default appear to be essentially no longer maintained.
urlhaus list[1] has been identified by the community as
being well maintained and as being actually useful as a
default malware-related list in uBO, since it's being updated
every day from a database of top domains and specific URLs
identified as serving malicious content. Additionally, the
maintainer of urlhaus list has taken steps to increase
compatibility with uBO[2].
The decision has been to replace the current two malware-
related lists with urlhaus list, which will be enabled by
default in uBO -- and this means that list will be part of
uBO's package from now on.
For those who have the two removed malware lists enabled,
these will be moved to the custom lists section -- they
will still be enabled. It is suggested users remove them from
their selection of lists as their usefulness at this point
is questionable.
[1] https://gitlab.com/curben/urlhaus-filter
[2] 859dfd03c6
Add support for specially-named properties:
`[]`, to iterate through all elements in an array, in
order to deal more graciously with cases where the
property to remove is an element in an array. An
actual case:
+js(json-prune, playlist.movies.0.adserver playlist.movies.1.adserver ...)
Can be now converted to:
+js(json-prune, playlist.movies.[].adserver)
`*`, to iterate through all own properties of an object,
in order to deal with random-named properties. For
example (not an actual case):
+js(json-prune, playlist.*.adserver)
Where `adserver` would be a property member of an
object which is itself a property of `playlist`, but
which name is unknown or is variable.
Specifically:
- Log entries as received by client code
- Prettier and more readable console output
- Ability to only log entries matching a
specific needle
As per internal discussion at
<https://github.com/uBlockOrigin/uAssets>; limited
logging capabilities of json-prune originally raised
by <https://github.com/gwarser>.
Related issue:
- https://github.com/uBlockOrigin/uBlock-issues/issues/981
To be consistent with no-setTimeout-if.js.
requestAnimationFrame-if.js is deprecated and must no longer be
used, it will be removed in the near future when it's no longer
in use in default filter lists.
no-requestAnimationFrame-if.js is aliased to norafif.js.
The scriptlet will now still try to trap a specific
property if a segment of the chain is not undefined
while yet not an object either.
For example, this now allows to set a value on
`document.body.onselectstart` when `document.body` has
not been instantiated yet by the browser parser,
whereas this would previously fail because
`document.body` would be `null` while the scriptlet
was testing against `undefined`.
There is no point for such list since it's not possible
to get breakage measurements from using such list and
thus impossible to evaluate.
At the same time, "uBlock filters --- Annoyances" has
been moved to the "Annoyances" section.
As per feedback from filter list maintainers, the
whitelist approach has been deemed to confusing.
The scriptlet has been renamed `no-setTimeout-if`
alias `nostif` to reflect the blacklist approach.
`setInterval-if` has been Similarly changed to
`no-setInterval-if` alias `nosiif`.
The scriptlet will trap calls to JSON.parse, and
if the result of the parsing is an Object, it
will remove specified properties from the result
before returning to the caller.
Usage:
##+js(json-prune, arg1, [arg2])
Where:
- arg1: a list of space-separated properties to remove
- arg2: optional, a list of space-separated properties
which must be all present for the pruning to
occur
Example:
##+js(json-prune, enabled, adpath config)
A property in a list of properties can be a chain
of properties, example: adpath.url.first
This also apply to setInterval-if. Thus to defuse
calls to setTimeout(fn, 1000), the filter could be:
##+js(stif, , !1000)
Meaning "allow setTimeout if the delay is not 1000".
Usage is similar to that of raf-if introduced in
commit 6831967f5f.
The two new scriptlets are meant to replace:
- setTimeout-defuser
- setTimeout-logger
- setInterval-defuser
- setInterval-logger
setTimeout-logger and setInterval-logger have been
removed, since they are not to be used in production.
To log setTimeout and setInterval usage, respectively
(using aliases):
- ##+js(stif)
- ##+js(siif)
To defuse setTimeout unconditionally:
- ##+js(stif, !)
Usage of setTimeout-defuser and setInterval-defuser
is deprecated and will be removed in some future when
they are no longer in use.
Keep in mind that the new scriptlets function on a
whitelist basis, whereas the deprecated ones
function on a blacklist basis. Prefixing the needle
with `!` allow to use the new scriptlets on a
blacklist basis.
Scriptlet name: `raf-if.js`
Usage: `example.com##+js(raf-if, !/(\d+){4}/)`
Argument: one single argument, which is the "needle" to
find in the stringified argument passed to
requestAnimationFrame.
requestAnimationFrame will be defused when:
- The needle is not prefixed with `!` and the needle
does not match the stringified argument; OR
- The needle is prefixed with `!` and the needle
matches the stringified argument.
The `raf-if.js` scriptlet will log calls to
requestAnimationFrame to the console when no parameter
is provided, i.e.:
example.com##+js(raf-if)
Otherwise no logging occurs.
Since https://github.com/uBlockOrigin/uBlock-issues/issues/156
won't be fixed in next release, no need to ship
with code which will be unused, and anyways only once
the fix is worked on will it be clear exactly what needs
to be used by scriptlets to deal harmoniously with
property listener collisions.
Make sure the parser is safely compatible with old
resources format -- for those users still using
custom resources (via `userResourcesLocation`).
Prepare code for future fix to
<https://github.com/uBlockOrigin/uBlock-issues/issues/156>:
This commit introduces a new private Map() object,
`uBOSafe`, accessible by all injected scriptlets. This
private safe can be used to store data which can be shared
with different scriptlets. The idea is for scriptlets to
use that safe to graciously deal with the need to install
multiple listeners for the same property.
With hindsight, I revised decisions made earlier during
this development cycle:
Un-redirectable scriptlets have been removed from
/web_accessible_resources and instead put in the new
/assets/resources/scriptlets.js, which contains all
scriptlets used for web page injection purpose.
uBO will no longer fetch a remote version of built-in
resources.
Advanced setting `userResourcesLocation` will still be
honoured by uBO, and if set, will be fetched every
time at least one asset is updated.
We've introduced a new set of filters for uBlock because some uBlock
specific rules are breaking ABP and we will remove them from the
filters.txt file.