Page 1 of 1

A toggle for svg

Posted: Fri Sep 10, 2021 9:41 pm
by informak98
Is there a way to allowing enable/disable svg with noscript. I ask because it would be very useful in Tor browser in safest setting instead of changing safety setting we could use noscript to enable svg graphics for trusted sites.

Re: A toggle for svg

Posted: Sat Sep 11, 2021 12:59 am
by barbaz
This is not currently a feature of NoScript. What security threat would this protect against?

Re: A toggle for svg

Posted: Sat Sep 11, 2021 5:40 am
by informak98
XSS attacks (which noscript already solves), HTML injection, Billion Laughs Attacks, DOS attacks, etc.

Re: A toggle for svg

Posted: Mon Oct 25, 2021 9:27 am
by Asphyx
I wrote a Userscript for a button to toggle SVG. Works fine but unfortunally, Torbrowser bundles this setting with NoScript-settings. When switch off SVG, all individual NoScript-settings are removed. :-(

Code: Select all

// buttonToggleSVG.uc.js

(function() {
   if (location != 'chrome://browser/content/browser.xhtml')
      return;
   try {
      CustomizableUI.createWidget({
         id: 'toolbar-button-svg',
         type: 'custom',
         defaultArea: CustomizableUI.AREA_NAVBAR,
         onBuild: function(aDocument) {
            var button = aDocument.createElementNS('http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul', 'toolbarbutton');
            var attributes = {
               id: 'toolbar-button-svg',
               class: 'toolbarbutton-1 chromeclass-toolbar-additional',
               removable: 'true',
               label: 'SVG ein-/ausschalten',             
               tooltiptext: Services.prefs.getBoolPref('svg.disabled') ?
                  'SVG ist ausgeschaltet' : 'SVG ist eingeschaltet',
               oncommand: '(' + onCommand.toString() + ')()'
            };
            for (var a in attributes) {
               button.setAttribute(a, attributes[a]);
            };
            function onCommand() {
               var isEnabled = !Services.prefs.getBoolPref('svg.disabled');
               Services.prefs.setBoolPref('svg.disabled', isEnabled);
               var windows = Services.wm.getEnumerator('navigator:browser');
               while (windows.hasMoreElements()) {
                  let button = windows.getNext().document.getElementById('toolbar-button-svg');
                  button.setAttribute('tooltiptext', isEnabled ? 'SVG ist ausgeschaltet' : 'SVG ist eingeschaltet')
               };
            };
            return button;
         }
      });
   } catch(e) { };

   var css =
      '#toolbar-button-svg[tooltiptext="SVG ist ausgeschaltet"] {list-style-image: url("data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQBAMAAADt3eJSAAAAMFBMVEX8Bgf8jY78UVD819j8Ly/8cXH8sbD8/fsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgFoczAAAACXBIWXMAAAsSAAALEgHS3X78AAAAm0lEQVQIHQGQAG//AHd3d3d3d3d3AHEENFcwM0AXADAAEidgdAAHABASFUcUMEUHAFR3YQdSEDdnAFA3dgclVHd3ABAFcwNBJHEXADAAZwYGIjADAHYAV0UDJDADAHcwJyQHVHMDABdyV1BHEDMDACIQFxAnMEUDACAAN2BXdAADADQBdzAXc0AXAHd3d3d3d3d3AHd3d3d3d3d3al0faWEjzO4AAAAASUVORK5CYII=");}' +
      '#toolbar-button-svg[tooltiptext="SVG ist eingeschaltet"] {list-style-image: url("data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQBAMAAADt3eJSAAAAMFBMVEUH/geO/o5Q/lDU/tQv/i+w/rBx/nH5/vkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA6l3BAAAACXBIWXMAAAsSAAALEgHS3X78AAAAm0lEQVQIHQGQAG//AHd3d3d3d3d3AHEENGcwM0QXADAAEidQdAAHABASFkcUMEYHAGR3UQdiEDdXAGA3dQcmZHd3ABAGcwNBJHEXADAAVwUFIjADAHUAZ0YDJDADAHc0JyQHZHMDABdyZ2BHEDMDACIQFxAnMEYDACAAN1BndAADADQBdzAXc0AXAHd3d3d3d3d3AHd3d3d3d3d3hDEfwz+POEwAAAAASUVORK5CYII=");}';	  
   var stylesheet = document.createProcessingInstruction('xml-stylesheet', 'type="text/css" href="data:text/css;utf-8,' + encodeURIComponent(css) + '"');
   document.insertBefore(stylesheet, document.documentElement);
})();

Re: A toggle for svg

Posted: Sun Nov 28, 2021 2:50 pm
by barbaz
Asphyx wrote: Mon Oct 25, 2021 9:27 am PS. Tried to insert the script here, but: "Ooops, something in your posting triggered my antispam filter...
Please use the "Back" button to modify your content and retry."
You could private message it to an active Support Team member and we can try to post it for you. PMs to forum staff are not spam-filtered, and the spam filter is more lenient on us.

Re: A toggle for svg

Posted: Mon Nov 29, 2021 9:08 pm
by Asphyx
As written in the other thread, I found a solution:
user_pref("extensions.torbutton.noscript_persist", true);

I'll send you the script for SVG