Hi @mumpitz,
Sorry to reply you just now and not earlier, I’ve been quite busy
for me doesnt work after the last update, tested chrome and firefox.
If I can help with providing error massages please tell me where to find or what should i do.
This is quite sad to read… I’ll add a new section in the project README to explain how to check if running the latest version. I’m suspecting few things that might explain why it does not work on your side:
- The update process failed and somehow did not installed the latest version
- Something unexpected / unhanded happened during the update process and it created an SRI mismatch which then avoid loading the patch in the browser context (it should be reported in the web console as an error)
- One of your extension is avoiding / blocking the patch to be loaded
- Your browser version is too old and does not support SRI
I’d be happy to debug your issues but it’d be probably better to send me details in private and not here.
If you want to help me in the debugging process, I’d just need the following:
- screenshots from the web console reported errors
- version number of the JS file (it is in the comments at the top of the file)
- version number of the SH file that install the patch (same location, in comments at the top of the file)
- tested browser versions (as I’m always using the latest versions, sometimes my code does not work on older versions)
But if you prefer to debug things by yourself, no problem with that, just check the following:
-
The SRI hash is stored in the SH file that install the JS file
-
You must have the same SRI hash in the SH file and the line injected in functions.pl
- You can see the injected line from your browser, on any WUI pages, check the source code and you’ll find it just before
</body>
-
If both SRI does not match, the JS file will not be loaded in the browser.
-
You can also check the project on GitHub and see if you have the latest files
If everything match and still have issue with the patch then feel free to send me more details in private and I’ll try my best to debug it.
I had a look in the develop console was is going on there, i did not understand one thing, but it looks quiet normal and harmless
If you check the JS source code, you should find a constant called debugMode
set to false
. When I turn it to true
locally, it will print much more details but it’s totally useless for the users, that’s why the JS file is released with this constant set to false
and not true
by default.
You can’t neither turn it to true
on your side as it would then make the SRI hash invalid and so force your browser to not load the modified file.
These recommendations on security and privacy I follow, the mechanics or reasonableness of the measures I can still follow, but am neither able to check that nor to validate the real effectiveness. Pure trust. The situation is similar here with this project. I make myself available as a tester and try to deliver results as good as I can. If this is enough to become part of the project, please write my nick in addition no problem.
Quite funny to see that the website you’ve mentioned is not protected against JS code injections (I just did a quick test with my “Dark Mode” bookmarklet)
They could have just implemented a basic CSP and it would have protected the website against JS code injections… So I find that funny to see many websites talking about security and privacy measures to follow but fails to follow them on their side…
As a side note, it’s how many browser extensions works, by injecting some JS code inside the page you’ve loaded but I haven’t checked if these extensions still works on websites that has a CSP defined. I’ll try to do some tests and let you know about it here.
If this is enough to become part of the project, please write my nick in addition no problem.
Yes it is, I’m valuing every contributions to the project and you did contributed to the project the way I’m seeing things, by testing and reporting issues and also by sharing your ideas.
Anyway, as now I should have more spare time to work on the project, all the previously reported issues should be fixed in the next releases. I’ll just ask you to be patient as tracking and patching all the tables is sometimes very tricky and takes quite some time
I’ll post here when it’s released