Next: , Previous: , Up: Top   [Contents]


Appendix B LibreJS Internals

LibreJS intercepts http responses and rewrites their contents after analyzing JavaScript within them. It does not remove script nodes and attributes from the page, but instead “deactivate” them by modifying the type and src attributes on script elements and by moving the contents of inline JavaScript attributes such as onClick into harmless attributes.

LibreJS detects the most common cases using the http response method described above, but in extremely rare cases, or when running code locally, LibreJS cannot detect JavaScript during the response stage.

To remedy this issue and as a final safeguard, LibreJS takes a look at the scripts that are about to be executed while the browser engine is parsing the page. If the script is not found in a list of accepted scripts populated earlier, the execution will be prevented. This is to ensure content types that are not regular html (binhex with html in it, ...) and JavaScript do not fall through the cracks and get executed.