JavaScript Restrictor
Browser extension that improves privacy and security
Loading...
Searching...
No Matches
wrappingS-AJAX.js File Reference

Wrappers for XMLHttpRequest standard. More...

Detailed Description

Wrappers for XMLHttpRequest standard.

See also
https://xhr.spec.whatwg.org/
Author
Copyright (C) 2019 Libor Polcak
Copyright (C) 2021 Giorgio Maone
License:
SPDX-License-Identifier: GPL-3.0-or-later

XHR may be misused to exfiltrate data from the browser to the server. We provide a wrapper that either blocks all XHR requests or lets the user decide.

Bug:
There are two flaws in the current implementation:
  • There are many ways (see e.g. https://github.com/cure53/HTTPLeaks) to replace XHR and consequently evade the wrapper. This can be mitigating by monitoring the requests using Web Request API.
  • The confirm method puts a lot of responsibility on the user who needs to have a good knowledge about the requests on each visited page.
Note
We expect to remove the wrapper once we release JShelter with Fingerprint Detector (FPD). FPD should solve both issues above.