Next: Tests, Previous: Installation Requirements, Up: Top [Contents]
LibreJS intercepts HTTP responses and rewrites their contents after
analyzing JavaScript within them. It does not remove script nodes and
attributes from the page, but instead “deactivates” them by modifying
the type
and src
attributes on script elements and by
moving the contents of inline JavaScript attributes such as onClick
into harmless attributes.
LibreJS detects the most common cases using the HTTP response method described above, but in extremely rare cases, or when running code locally, LibreJS cannot detect JavaScript during the response stage.
To remedy this issue, and as a final safeguard, LibreJS takes a look at the scripts that are about to be executed while the browser engine is parsing the page. If the script is not found in a list of accepted scripts populated earlier, the execution will be prevented. This is to ensure content types that are not regular HTML (binhex with HTML in it, …) and JavaScript do not fall through the cracks and get executed.