aboutsummaryrefslogtreecommitdiff
path: root/docs/man.texi
diff options
context:
space:
mode:
Diffstat (limited to 'docs/man.texi')
-rw-r--r--docs/man.texi474
1 files changed, 474 insertions, 0 deletions
diff --git a/docs/man.texi b/docs/man.texi
new file mode 100644
index 0000000..43575ee
--- /dev/null
+++ b/docs/man.texi
@@ -0,0 +1,474 @@
+\input texinfo @c -*-texinfo-*-
+@c %**start of header
+@setfilename librejs.info
+@include version.texi
+@settitle GNU LibreJS @value{VERSION}
+
+@copying
+This manual is for GNU LibreJS (version @value{VERSION}, @value{UPDATED}),
+a GNU IceCat extension to detect and block nonfree nontrivial
+JavaScript on webpages.
+
+Copyright @copyright{} 2011 2012 2014 2015 Loic J. Duros
+
+@quotation
+Permission is granted to copy, distribute and/or modify this document
+under the terms of the GNU Free Documentation License, Version 1.3 or
+any later version published by the Free Software Foundation; with no
+Invariant Sections, with no Front-Cover Texts, and with no Back-Cover
+Texts. A copy of the license is included in the section entitled
+``GNU Free Documentation License''.
+@end quotation
+@end copying
+
+@dircategory GNUzilla
+@direntry
+* LibreJS: (librejs). Detect nonfree nontrivial in GNU Icecat
+@end direntry
+
+@titlepage
+@title GNU LibreJS
+@subtitle for version @value{VERSION}, @value{UPDATED}
+@author Loic J. Duros (@email{librejs@@lduros.net})
+@page
+@vskip 0pt plus 1filll
+@insertcopying
+@end titlepage
+
+
+@contents
+
+
+@node Top
+@top LibreJS
+This manual is for GNU LibreJS (version @value{VERSION}, @value{UPDATED}).
+
+@menu
+* Overview:: General purpose and information.
+* Disclaimer:: Emphasize what LibreJS does and does not.
+* Installation:: Installing LibreJS from source.
+* How to Use:: How to use LibreJS in IceCat.
+* JavaScript Detection:: How LibreJS detects nontrivial Javascript.
+* Free Licenses Detection:: List of licenses detected by LibreJS.
+* Setting Your JavaScript Free:: Information for website owners/maintainers.
+* LibreJS Development Notes:: Documentation about the development of
+ LibreJS itself.
+* Installation Requirements:: Requirements to build and install LibreJS.
+* LibreJS Internals:: How LibreJS works under the hood.
+* GNU Free Documentation License:: Copying and sharing this documentation.
+
+
+
+
+
+
+
+
+@end menu
+
+@node Overview
+@chapter Overview
+
+@cindex overview
+GNU LibreJS ---an add-on for GNU IceCat and Mozilla Firefox--- detects
+and blocks nonfree nontrivial JavaScript while allowing its execution on
+pages containing code that is either trivial and/or free.
+
+Many websites run nontrivial JavaScript on your computer. Some use it
+for complex tasks; many use it gratuitously for minor jobs that could be
+done easily with plain HTML. Sometimes this JavaScript code is
+malicious. Either way, the JavaScript code is often nonfree. For
+explanation of the issue, see "The JavaScript
+Trap"(@url{http://www.gnu.org/philosophy/javascript-trap.html}).
+
+If you care about freedom in your computing, and don't wish to let all
+and sundry make you run nonfree programs, now you can prevent it by
+using LibreJS.
+
+
+@node Disclaimer
+@chapter Disclaimer
+
+@cindex disclaimer
+
+@itemize @bullet
+@item
+LibreJS is not a security tool. Its goal is to detect nonfree nontrivial
+JavaScript, and it currently does not detect whether free or trivial
+code is malicious or not. Other free Mozilla extensions and add-ons may
+be available for this purpose.
+
+@item
+LibreJS is always a work in progress. If you find a bug, please report
+it to @email{bug-librejs@@gnu.org}.
+
+@end itemize
+
+@node Installation
+@chapter Installation
+@cindex Installation
+
+You can install LibreJS directly using a generated @file{librejs.xpi}
+file, or by building it from source.
+
+You can also download it from Mozilla, but due to Mozilla's review
+process the download isn't always up to date.
+
+@node How to Use
+@chapter How to Use
+
+@section LibreJS in action
+
+After installing the add-on, you will see the LibreJS widget in the
+add-on bar at the top right of the browser window. After loading a
+page, left-click on the widget to view the deactivated JavaScript code
+from the page (both on page and external) and, if applicable, the
+scripts that were accepted.
+
+@section Script Blacklist/whitelist
+
+Scripts may be blacklisted or whitelisted through the pop-up menu box.
+
+Whitelisted scripts will always be accepted and blacklisted scripts
+will always get rejected.
+
+It is important to note that this feature recognizes which scripts are
+blacklisted and whitelisted based on hash. This means that even a slight
+difference in a script's code will cause it to be recognized as a
+seperate script.
+
+Sometimes, JavaScript will be dynamically generated so that it is
+different every time a website is loaded. These types of scripts cannot
+be whitelisted or blacklisted since they cannot be recognized.
+
+LibreJS has a default whitelist of scripts that are known to be free but
+may not use the format for declaring a license that it can understand.
+
+@section Complaint Feature
+
+It is very important to complain when a site has nonfree JavaScript
+code, especially if it won't work without that code. LibreJS makes it
+easy to complain by heuristically finding where to send the complaint.
+
+When nonfree/nontrivial code is detected in a page, LibreJS attempts to
+find a relevant contact link or email for the website you are
+visiting. In order to do so, it will attempt to visit a few links from
+the current page (for instance, a link labeled ``contact'' on the same
+domain as the current page, @dots{})
+
+LibreJS detects contact pages, email addresses that are likely to be
+owned by the maintainer of the site, Twitter and identi.ca links, and
+phone numbers.
+
+When you complain to the website for their nonfree nontrivial
+JavaScript, provide them with the link to the JavaScript Trap essay so
+that they can get more information on what the issue is and how they can
+solve it on their own site.
+
+LibreJS includes a default subject line and body for the complaint email,
+with a link to the JavaScript Trap essay. This can be configured in the
+LibreJS add-on preferences in your web browser.
+
+@section Options
+
+@table @dfn
+@item Whitelist
+
+LibreJS lets you whitelist domain names and subdomains to bypass the
+regular JavaScript check. This might be useful, for example, if you are
+running your own code in a local web server. In order to add a whitelisted
+domain or url, go to Tools >> Add-ons. Inside the add-on window, click on
+@dfn{Extensions}, and in the list, where you see LibreJS, click on the
+@dfn{Preferences} button. You will see an input field labeled @dfn{Whitelist}.
+
+In the field, enter comma-separated domain names. Do not enter the protocol.
+For instance to whitelist all the pages of @url{http://www.gnu.org} and
+@url{https://gnu.org}, enter @samp{gnu.org}. To allow all subdomains from
+gnu.org, enter: @samp{*.gnu.org}. This will match such sites as
+@url{http://savannah.gnu.org} and @url{http://audio-video.gnu.org}.
+
+@item Complaint email subject
+Configure the default subject used in complaint emails.
+
+@item Complaint email body
+Configure the default body used in complaint emails.
+@end table
+
+@node JavaScript Detection
+@chapter JavaScript Detection
+@cindex javascript
+
+LibreJS considers a very strict subset of JavaScript to be acceptable for use
+in non-free scripts. This is meant to maximimize compatibility with websites
+that haven't tried to be LibreJS compatible.
+
+We consider modification of the document non-trivial. There isn't
+much that javascript could do that we would consider trivial, for
+anything else a free software license would be required.
+
+The criterion is as follows:
+
+ For each function definition:
+@itemize @bullet
+ @item
+ It must call only primitives.
+ @item
+ The number of conditionals and loops must be at most 3.
+ @item
+ It does not declare an array more than 50 elements long.
+ @item
+ It must not call itself
+@end itemize
+
+For the rest of the script, outside of function definitions:
+@itemize @bullet
+ @item
+ It must call only primitives and functions defined above in the page.
+ @item
+ The number of conditionals and loops must be at most 3.
+@end itemize
+
+"function" means anything executable that gets a name, including methods.
+
+Allowed primitives exclude:
+ @itemize @bullet
+ @item
+ eval()
+ @item
+ ajax
+ @item
+ calling methods with the square bracket notation
+ @item
+ altering the dom
+ @item
+ most other items found as methods of the `.window` object.
+ @end itemize
+
+
+@node Free Licenses Detection
+@chapter Free Licenses Detection
+@cindex freelicenses
+
+The machine readable format for license declarations that LibreJS uses has changed
+in the most recent version. This was necessary in order to not break the asynchronous
+JS loading model that browsers use. Scripts are now evaluated independent of eachother
+and strictly as they arrive.
+
+@node Setting Your JavaScript Free
+@chapter Setting Your JavaScript Free
+
+The first step is releasing your JavaScript under a free license. If
+you are already using a free library, or you're not using any
+third-party libraries, it might only take a few minutes.
+
+On your website, take a look at your HTML source. You can identify
+distinct pieces of JavaScript that might be free and some other that are
+nonfree.
+
+This might be the case with an analytics tracker, social media
+widgets, and code that runs ads. Removing these pieces of code from your
+site is required to have the rest accepted as free. There are
+often alternatives to nonfree libraries or to third-party services:
+
+@itemize @bullet
+
+@item
+If you have used nonfree third-party code as the base to write your own
+code, try to find a free alternative.
+
+@item
+If you're using a third-party service such as an analytics service,
+replace it with a free alternative like Piwik.
+
+@item
+If you can't find free JavaScript that has already been developed,
+write it yourself! Who knows, your own solution might be the start of
+a brilliant project!
+@end itemize
+
+
+@section License tags
+
+LibreJS will allow non-trivial scripts to run as long as they use a
+free license.
+
+In order for the license of a script to be recognized by LibreJS, it
+must be declared using a machine-readable license format.
+
+This format is the same for both remote in-line scripts.
+
+"// @@license [magnet link] [identifier]"
+[Script here]
+"// @@license-end"
+
+"Identifier" is a name of a license from the following list and "magnet link" is that
+license's exact corresponding magnet link.
+
+@verbatim
+{
+ 'Apache-2.0':{
+ 'URL': 'http://www.apache.org/licenses/LICENSE-2.0',
+ 'Magnet link': 'magnet:?xt=urn:btih:8e4f440f4c65981c5bf93c76d35135ba5064d8b7&dn=apache-2.0.txt'
+ },
+ 'Artistic-2.0':{
+ 'URL': 'http://www.perlfoundation.org/artistic_license_2_0',
+ 'Magnet link': 'magnet:?xt=urn:btih:54fd2283f9dbdf29466d2df1a98bf8f65cafe314&dn=artistic-2.0.txt'
+ },
+ 'Boost':{
+ 'URL': 'http://www.boost.org/LICENSE_1_0.txt',
+ 'Magnet link': 'magnet:?xt=urn:btih:89a97c535628232f2f3888c2b7b8ffd4c078cec0&dn=Boost-1.0.txt'
+ },
+ 'BSD-3-Clause':{
+ 'URL': 'http://opensource.org/licenses/BSD-3-Clause',
+ 'Magnet link': 'magnet:?xt=urn:btih:c80d50af7d3db9be66a4d0a86db0286e4fd33292&dn=bsd-3-clause.txt',
+ },
+ 'CPAL-1.0':{
+ 'URL': 'http://opensource.org/licenses/cpal_1.0',
+ 'Magnet link': 'magnet:?xt=urn:btih:84143bc45939fc8fa42921d619a95462c2031c5c&dn=cpal-1.0.txt'
+ },
+ 'CC0-1.0':{
+ 'URL': 'http://creativecommons.org/publicdomain/zero/1.0/legalcode',
+ 'Magnet link': 'magnet:?xt=urn:btih:90dc5c0be029de84e523b9b3922520e79e0e6f08&dn=cc0.txt'
+ },
+ 'EPL-1.0':{
+ 'URL': 'http://www.eclipse.org/legal/epl-v10.html',
+ 'Magnet link': 'magnet:?xt=urn:btih:4c6a2ad0018cd461e9b0fc44e1b340d2c1828b22&dn=epl-1.0.txt'
+ },
+ 'Expat':{
+ 'URL': 'http://www.jclark.com/xml/copying.txt',
+ 'Magnet link': 'magnet:?xt=urn:btih:d3d9a9a6595521f9666a5e94cc830dab83b65699&dn=expat.txt'
+ },
+ 'FreeBSD':{
+ 'URL': 'http://www.freebsd.org/copyright/freebsd-license.html',
+ 'Magnet link': 'magnet:?xt=urn:btih:87f119ba0b429ba17a44b4bffcab33165ebdacc0&dn=freebsd.txt'
+ },
+ 'GPL-2.0':{
+ 'URL': 'http://www.gnu.org/licenses/gpl-2.0.html',
+ 'Magnet link': 'magnet:?xt=urn:btih:cf05388f2679ee054f2beb29a391d25f4e673ac3&dn=gpl-2.0.txt'
+ },
+ 'GPL-3.0':{
+ 'URL': 'http://www.gnu.org/licenses/gpl-3.0.html',
+ 'Magnet link': 'magnet:?xt=urn:btih:1f739d935676111cfff4b4693e3816e664797050&dn=gpl-3.0.txt'
+ },
+ 'LGPL-2.1':{
+ 'URL': 'http://www.gnu.org/licenses/lgpl-2.1.html',
+ 'Magnet link': 'magnet:?xt=urn:btih:5de60da917303dbfad4f93fb1b985ced5a89eac2&dn=lgpl-2.1.txt'
+ },
+ 'LGPL-3.0':{
+ 'URL': 'http://www.gnu.org/licenses/lgpl-3.0.html',
+ 'Magnet link': 'magnet:?xt=urn:btih:0ef1b8170b3b615170ff270def6427c317705f85&dn=lgpl-3.0.txt'
+ },
+ 'AGPL-3.0':{
+ 'URL': 'http://www.gnu.org/licenses/agpl-3.0.html',
+ 'Magnet link': 'magnet:?xt=urn:btih:0b31508aeb0634b347b8270c7bee4d411b5d4109&dn=agpl-3.0.txt'
+ },
+ 'ISC':{
+ 'URL': 'https://www.isc.org/downloads/software-support-policy/isc-license/',
+ 'Magnet link': 'magnet:?xt=urn:btih:b8999bbaf509c08d127678643c515b9ab0836bae&dn=ISC.txt'
+ },
+ 'MPL-2.0':{
+ 'URL': 'http://www.mozilla.org/MPL/2.0',
+ 'Magnet link': 'magnet:?xt=urn:btih:3877d6d54b3accd4bc32f8a48bf32ebc0901502a&dn=mpl-2.0.txt'
+ },
+ 'UPL-1.0': {
+ 'URL': 'https://oss.oracle.com/licenses/upl/',
+ 'Magnet link': 'magnet:?xt=urn:btih:478974f4d41c3fa84c4befba25f283527fad107d&dn=upl-1.0.txt'
+ },
+ 'WTFPL': {
+ 'URL': 'http://www.wtfpl.net/txt/copying/',
+ 'Magnet link': 'magnet:?xt=urn:btih:723febf9f6185544f57f0660a41489c7d6b4931b&dn=wtfpl.txt'
+ },
+ 'Unlicense':{
+ 'URL': 'http://unlicense.org/UNLICENSE',
+ 'Magnet link': 'magnet:?xt=urn:btih:5ac446d35272cc2e4e85e4325b146d0b7ca8f50c&dn=unlicense.txt'
+ },
+ 'X11':{
+ 'URL': 'http://www.xfree86.org/3.3.6/COPYRIGHT2.html#3',
+ 'Magnet link': 'magnet:?xt=urn:btih:5305d91886084f776adcf57509a648432709a7c7&dn=x11.txt'
+ },
+ 'Modified-BSD':{
+ 'URL': 'http://www.xfree86.org/current/LICENSE4.html',
+ 'Magnet link': 'magnet:?xt=urn:btih:12f2ec9e8de2a3b0002a33d518d6010cc8ab2ae9&dn=xfree86.txt'
+ }
+}
+@end verbatim
+
+@section Undetected Free Licenses
+
+If you are using a free license that isn't detected by LibreJS and isn't
+listed in the previous section, please send a message to
+@email{bug-librejs@@gnu.org} regarding this license, where code released under
+this license can be found, and where to find the license text and
+information.
+
+Many free licenses are listed in this page:
+@url{http://www.gnu.org/licenses/license-list.html}
+
+@node LibreJS Development Notes
+@chapter LibreJS Development Notes
+
+@section Debugging
+
+To debug LibreJS, visit the special URL @code{about:debugging}. Click
+on `Enable add-on debugging` then `Load Temporary Add-on`. Navigate
+to LibreJS's unpacked source directory and select @file{manifest.json}.
+
+Lines 34 and 35 in @file{main_background.js} control the printing of
+@code{dbg_print()} statements. Make sure these are set to false in
+releases.
+
+@section Adding new whitelisted libraries
+
+The script index.js in @file{./hash_script} generates the default
+whitelist. Run it with the following command:
+
+@command{node index.js > output}
+
+Then, just copy the contents of the file "output" to the appropriate
+place in main_background.js.
+
+@section Releasing a new version
+
+Update the version number in manifest.json.
+
+Make sure debug statements are set to felse on lines 34/35 in
+@file{main_background.js}.
+
+Then, run the build script @file{build.sh}.
+
+@node Installation Requirements
+@appendix Installation Requirements
+
+
+@appendixsec Mozilla Browser
+
+You will need one of the many flavors of the Mozilla browser to use
+LibreJS. It can be installed on the following:
+
+GNU IceCat, Mozilla Firefox, Trisquel Abrowser, Debian Iceweasel.
+
+LibreJS works on these browsers starting from version 57. We recommend
+that you use the latest version of your Mozilla browser. LibreJS has
+been tested on a GNU/Linux distribution, but it is compatible any
+operating system as long as you're using a compatible Mozilla browser.
+
+@node LibreJS Internals
+@appendix LibreJS Internals
+
+LibreJS intercepts HTTP responses and rewrites their contents after
+analyzing JavaScript within them. It does not remove script nodes and
+attributes from the page, but instead ``deactivates'' them by replacing
+their content with a commented notice.
+
+LibreJS detects the most common cases using the HTTP response method
+described above, but in less common edge cases, or when running code
+locally, LibreJS cannot detect JavaScript during the response stage.
+
+
+@node GNU Free Documentation License
+@appendix GNU Free Documentation License
+
+@include fdl.texi
+
+
+@bye