Closed Bug 732032 Opened 12 years ago Closed 10 years ago

Making script text available to beforescriptexecute hook for external scripts

Categories

(Firefox :: Untriaged, defect)

Product:
Firefox
Component:
Untriaged
Version:
10 Branch
Platform:
x86
Windows 7
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED INVALID

People

(Reporter: lduros, Unassigned)

Details

User Agent: Mozilla/5.0 (Windows NT 6.1; rv:10.0.2) Gecko/20100101 Firefox/10.0.2
Build ID: 20120215223356

Steps to reproduce:

I am trying to intercept/analyze JavaScript code before it is executed by the browser.

So far I have used tracing listeners to intercept certain mimetypes (text/html, */javascript, ...) and after analyzing them, remove/block them in the DOM before giving the serialized DOM back to the original listener. This is not sufficient, however, for scripts that might have a different mime-type. Getting access to the script text for external scripts would allow the add-on to analyze the code at "beforescriptexecute" and use preventDefault(); if it needs to be blocked.

More info on the add-on: http://lduros.net/librejs/
We can only do this for <script> elements marked with the crossorigin attribute since otherwise you could read arbitrary content cross site.

But exposing it in <script crossorigin> sounds like a good idea to me. We could even allow event handlers to modify the code before it executes.
Hello,

I just found your old Bug about JS analyze.
I think that all the things you want are already included in FF 31 Version?
can you confirm this? or if not, please give us detailed information, what you are missing...
Flags: needinfo?(lduros)
Closed -> no response from reporter on NEEDINFO

please feel free to reopen, if you have new information or new steps to reproduce.
thank you for opening this bug report
Status: UNCONFIRMED → RESOLVED
Closed: 10 years ago
Flags: needinfo?(lduros)
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.