wrappingS-AJAX.js File Reference

Wrappers for XMLHttpRequest standard. More...

Detailed Description

Wrappers for XMLHttpRequest standard.

See also

https://xhr.spec.whatwg.org/

Author

Copyright (C) 2019 Libor Polcak

Copyright (C) 2021 Giorgio Maone

License:

SPDX-License-Identifier: GPL-3.0-or-later

XHR may be misused to exfiltrate data from the browser to the server. We provide a wrapper that either blocks all XHR requests or lets the user decide.

Bug:

There are two flaws in the current implementation:

• There are many ways (see e.g. https://github.com/cure53/HTTPLeaks) to replace XHR and consequently evade the wrapper. This can be mitigating by monitoring the requests using Web Request API.
• The confirm method puts a lot of responsibility on the user who needs to have a good knowledge about the requests on each visited page.

Note

We expect to remove the wrapper once we release JShelter with Fingerprint Detector (FPD). FPD should solve both issues above.