Add support for Chrome/Firefox

.gitignore

@@ -1 +1,4 @@
 .*.sw[pno]
+*.zip
+chrome_JSR/
+firefox_JSR/

Makefile

@@ -0,0 +1,26 @@
+all: firefox chrome
+
+firefox:
+	@cp firefox_manifest/manifest.json .
+	@zip -q -r firefox_JSR.zip img/ LICENSE manifest.json background.js document_start.js options.js options.css options.html popup.js popup.css popup.html
+	@rm -f manifest.json
+	@echo "Firefox zip extension exported -> firefox_JSR.zip"
+	@unzip -q firefox_JSR.zip -d firefox_JSR
+	@echo "Firefox dir extension exported -> Firefox_JSR/"
+
+chrome:
+	@cp chrome_manifest/manifest.json .
+	@zip -q -r chrome_JSR.zip img/ LICENSE manifest.json background.js document_start.js options.js options.css options.html popup.js popup.css popup.html
+	@rm -f manifest.json
+	@echo "Chrome zip extension exported  -> chrome_JSR.zip"
+	@unzip -q chrome_JSR.zip -d chrome_JSR 
+	@echo "Chrome dir extension exported  -> chrome_JSR/"
+
+
+clean:
+	rm -rf firefox_JSR.zip
+	rm -rf firefox_JSR
+	rm -rf chrome_JSR.zip
+	rm -rf chrome_JSR
+
+

background.js

@@ -1,3 +1,60 @@
+//
+//  JavaScript Restrictor is a browser extension which increases level
+//  of security, anonymity and privacy of the user while browsing the
+//  internet.
+//
+//  Copyright (C) 2019  Martin Timko
+//  Copyright (C) 2019  Libor Polcak
+//
+//  This program is free software: you can redistribute it and/or modify
+//  it under the terms of the GNU General Public License as published by
+//  the Free Software Foundation, either version 3 of the License, or
+//  (at your option) any later version.
+//
+//  This program is distributed in the hope that it will be useful,
+//  but WITHOUT ANY WARRANTY; without even the implied warranty of
+//  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+//  GNU General Public License for more details.
+//
+//  You should have received a copy of the GNU General Public License
+//  along with this program.  If not, see <https://www.gnu.org/licenses/>.
+//
+
+
+if ((typeof chrome) !== "undefined") {
+  var browser = chrome;
+}
+
+// set default level to 2 after install
+function installUpdate() {
+  browser.storage.sync.get(null, function (item) {
+    var setDef = true;
+    var setExtData = true;
+    for (var domain in item) {
+      if (item.hasOwnProperty(domain)) {
+        // if default was set from last update / install, do not set default to 2
+        if (domain == "__default__") {
+          setDef = false;
+        }
+        if (domain == "extension_settings_data") {
+          setExtData = false;
+        }
+      }
+    }
+    if (setDef) {
+      browser.storage.sync.set({
+        ["__default__"]: 2
+      });
+    }
+    if (setExtData) {
+      browser.storage.sync.set({
+        extension_settings_data       
+      });      
+    }
+  });
+}
+browser.runtime.onInstalled.addListener(installUpdate);
+
 // open options
 function handleClick() {
   browser.runtime.openOptionsPage();
@@ -7,27 +64,30 @@ browser.browserAction.onClicked.addListener(handleClick);
 // set badge color
 browser.browserAction.setBadgeBackgroundColor({color: "#4a4a4a"});
 
-var urlcko; // domain ako "fit.vutbr.com"
-var rootDomain; // domain ako "vutbr.com"
+var url; // domain "fit.vutbr.com"
+var rootDomain; // domain "vutbr.com"
 
 // on tab reload or tab change, update badge
-browser.tabs.onUpdated.addListener(tabEvent);	// reload tab
-browser.tabs.onActivated.addListener(tabEvent);	// change tab
+browser.tabs.onUpdated.addListener(tabEvent);  // reload tab
+browser.tabs.onActivated.addListener(tabEvent);  // change tab
 
 // get active tab and pass it 
-function tabEvent(tabinfo) {	
-	var querying = browser.tabs.query({active: true});
-	querying.then(getTab, onError);
-}
+var queryInfo = {
+  active: true,
+  currentWindow: true
+};
 
 // get url of active tab
-function getTab(tabs) {
-  for (let tab of tabs) {
-    urlcko = tab.url;
-  }
-  updateBadge();
+function tabEvent(tabinfo) {  
+  browser.tabs.query(queryInfo, function(tabs) {
+    for (let tab of tabs) {
+      url = tab.url;
+    }
+    updateBadge();
+  });
 }
 
+
 // change url text to url object
 var getLocation = function(href) {
     var l = document.createElement("a");
@@ -37,51 +97,47 @@ var getLocation = function(href) {
 
 // update badge text 
 function updateBadge() {
-  	
-	urlcko = getLocation(urlcko);
-  urlcko.hostname = urlcko.hostname.replace(/^www\./,'');
-  rootDomain = extractRootDomain(urlcko.hostname);
+    
+  url = getLocation(url);
+  url.hostname = url.hostname.replace(/^www\./,'');
+  rootDomain = extractRootDomain(url.hostname);
   var myAddon = new URL(browser.extension.getURL ('./'));
 
-	// get storage data
-	var data = browser.storage.sync.get();
-	data.then((res) => {
-		if (isJavaScriptObjectEmpty(res)) {
-			return Promise.reject();
-		}
-
-  		// find level for this site to use
-  		var activeLevel;
-  		for (var domain in res) {
-    		if (res.hasOwnProperty(domain)) {
-      			if (domain == "__default__") {
-        			activeLevel = res[domain];
-      			}
-      			if (domain != "extension_settings_data" && domain == urlcko.hostname) {
-        			activeLevel = res[domain];
-              break;
-      			}
-            if (domain != "extension_settings_data" && domain == rootDomain) {
-              activeLevel = res[domain];
-            }
-    		}
-  		}
-  		// set badge text or blank
-  		if (activeLevel == "4" && urlcko.hostname != "") {
-  			browser.browserAction.setBadgeText({text: "C"});
-  		} else if (urlcko.hostname != "" && urlcko.hostname != myAddon.hostname) {
-  			browser.browserAction.setBadgeText({text: "" + activeLevel});
-  		} else {
-  			browser.browserAction.setBadgeText({text: ""});
-  		}
-  	});
-}
+  // get storage data
+  browser.storage.sync.get(null, function(res) {
 
-// err
-function onError(timoerr) {
-  console.log(timoerr);
+    if (isJavaScriptObjectEmpty(res)) {
+      return Promise.reject();
+    }
+
+    // find level for this site to use
+    var activeLevel;
+    for (var domain in res) {
+      if (res.hasOwnProperty(domain)) {
+          if (domain == "__default__") {
+            activeLevel = res[domain];
+          }
+          if (domain != "extension_settings_data" && domain == url.hostname) {
+            activeLevel = res[domain];
+            break;
+          }
+          if (domain != "extension_settings_data" && domain == rootDomain) {
+            activeLevel = res[domain];
+          }
+      }
+    }
+    // set badge text or blank
+    if (activeLevel == "4" && url.hostname != "" ) {
+      browser.browserAction.setBadgeText({text: "C"});
+    } else if (url.hostname != "" && url.hostname != myAddon.hostname && url.hostname != "newtab") {
+      browser.browserAction.setBadgeText({text: "" + activeLevel});
+    } else {
+      browser.browserAction.setBadgeText({text: ""});
+    }
+  });
 }
 
+
 // check if object empty
 function isJavaScriptObjectEmpty(object) {
   for(var property in object) {
@@ -108,3 +164,45 @@ function extractRootDomain(thisDomain) {
     }
     return thisDomain;
 }
+
+
+// shared variables across background.js, popup.js, options.js
+var fadeOut = "0.3";
+var fadeIn = "1.0";
+var L0 = 0;
+var L1 = 1;
+var L2 = 2;
+var L3 = 3;
+var LC = 4; // custom
+var LD = 5; // default
+
+// default extension_settings_data setting  
+var extension_settings_data = {
+  "window_date": {
+      "main_checkbox": false,
+      "time_round_precision": "-3"
+  },
+  "window_performance_now": {
+      "main_checkbox": false,
+      "value_round_precision": "-3"
+  },
+  "window_html_canvas_element": {
+      "main_checkbox": false,
+      "type_of_restriction": "b"
+  },
+  "navigator_geolocation": {
+      "main_checkbox": false,
+      "type_of_restriction": "a",
+      "gps_a": "0",
+      "gps_b": "0",
+      "gps_c": "0",
+      "gps_d": "-1",
+      "gps_e": "-1",
+      "gps_f": "-1",
+      "gps_g": "-1"
+  },
+  "window_xmlhttprequest": {
+      "main_checkbox": false,
+      "type_of_restriction": "a"
+  }
+}

chrome_manifest/manifest.json

@@ -0,0 +1,46 @@
+{
+  "author": "Martin Timko, Libor Polcak",
+  "background": {
+      "scripts": ["background.js"],
+      "persistent": false
+  },
+  "browser_action": {
+    "default_icon": {
+      "16": "img/icon-16.png",
+      "32": "img/icon-32.png",
+      "48": "img/icon-48.png",
+      "64": "img/icon-64.png",
+      "96": "img/icon-96.png",
+      "128": "img/icon-128.png",
+      "256": "img/icon-256.png",
+      "512": "img/icon-512.png"
+    },
+    "default_title": "JavaScript Restrictor",
+    "default_popup": "popup.html"
+  },
+  "content_scripts": [
+    {
+      "matches": ["<all_urls>"],
+      "js": ["document_start.js"],
+      "run_at": "document_start"
+    }
+  ],
+  "description": "Extension for increasing security and privacy level of the user.",
+  "homepage_url": "https://polcak.github.io/jsrestrictor/",
+  "icons": {
+    "16": "img/icon-16.png",
+    "32": "img/icon-32.png",
+    "48": "img/icon-48.png",
+    "64": "img/icon-64.png",
+    "96": "img/icon-96.png",
+    "128": "img/icon-128.png",
+    "256": "img/icon-256.png",
+    "512": "img/icon-512.png"
+  },
+  "manifest_version": 2,
+  "name": "JavaScript Restrictor",
+  "options_page": "options.html",
+  "permissions": ["storage", "tabs"],
+  "short_name": "JSR",
+  "version": "0.1"
+}

docs/index.md

@@ -7,14 +7,14 @@ JavaScript Restrictor or JSR is a browser extension which increases level of sec
 * **window.performance.now() function**: this high-resolution timestamp can be used to idenfity the user or can be used for microarchitectural attacks,
 * **Canvas element**: this element is used to draw graphics in browser, however it can be also used to fingerprint the user’s device,
 * **Geolocation data**: this can be used to identify an electronic device’s physical location,
-* **XMLHttpRequest (XHR), experimental only**: XHR issues additional requests to the server even
-	after the page is displayed, such information might carry identification data.
+* **XMLHttpRequest (XHR), experimental only**: available only for "Custom level", XHR issues additional requests to the server even
 
 There are five levels of protection ready to use:
 
 * 0 - the functionality of the extension is turned off. No actions are taken. All web pages are displayed as intended without any interaction from JavaScritpt Restrictor.
-* 1 - first level of protection. This increases your level of protection. It means that websites collect a modified timestamp values. Canvas elements are not blocked.
-* 2 - second level of protection. On this level websites collect even more modified timestamp values, all canvas elements are blocked.
+
+* 1 - first level of protection. This increases your level of protection. It means that websites collect a modified timestamp values and geolocation data. Canvas elements are not blocked.
+* 2 - second level of protection. On this level websites collect even more modified timestamp values and geolocation data, all canvas elements are blocked.
 * 3 - maximum level of protection. Websites collect highly modified timestamp values, all canvas elements are blocked and geolocation data is nulled.
 * Custom - your level of protection. If you want, you can set your own level of protection and use it.