<div dir="ltr"><div><div><blockquote style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex" class="gmail_quote">I looped in Arthur (aka. MontzA, the EasyList author). I hope he can provide some more concrete examples. Also he might be aware of some use cases I didn't point out yet. <br></blockquote><br></div>Sorry for my late response! Here are some examples currently in EasyList: <br><br>@@||<a href="http://www.networkadvertising.org/choices/|$document">www.networkadvertising.org/choices/|$document</a>: this exception rule fixes the opt out page for "interest-Based Advertising" (<a href="http://www.networkadvertising.org/choices/">http://www.networkadvertising.org/choices/</a>). Without the $document option tons of specific exception rules would be necessary to fix this page to work properly. Also, there is no need to regularily check if new ad networks have been added since due to the $document option the /choices page will always be whitelisted completely (including iframes). <br><br></div>On <a href="http://www.jabong.com/">http://www.jabong.com/</a> there is an iframe from <a href="http://ad.doubleclick.net">ad.doubleclick.net</a> which doesn't serve ads but rather self-promotion for the site itself. Without a $document option you would need to allow a banner from <a href="http://2mdn.net">2mdn.net</a> (DoubleClick) and a JS file from <a href="http://pagead2.googlesyndication.com">pagead2.googlesyndication.com</a> (Google AdSense & DoubleClick) in that very <a href="http://ad.doubleclick.net">ad.doubleclick.net</a> iframe. In that case you cannot restrict it to the <a href="http://jabong.com">jabong.com</a> domain anymore. So allowing that banner and script is basically allowed for any website using iframes from <a href="http://ad.doubleclick.net">ad.doubleclick.net</a> then which is pretty bad. The $document allows you to specifically allow that iframe (including all requests in it) and only for a specific domain (<a href="http://jabong.com">jabong.com</a>) in this case. <br></div><div class="gmail_extra"><br><div class="gmail_quote">2015-06-18 15:57 GMT+02:00 Sebastian Noack <span dir="ltr"><<a href="mailto:sebastian@adblockplus.org" target="_blank">sebastian@adblockplus.org</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div class="gmail_extra"><div class="gmail_quote"><span class="">On Wed, Jun 17, 2015 at 10:31 AM, Sebastian Noack <span dir="ltr"><<a href="mailto:sebastian@adblockplus.org" target="_blank">sebastian@adblockplus.org</a>></span> wrote:<br></span><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div class="gmail_extra"><div class="gmail_quote"><span class=""><span>On Mon, Jun 15, 2015 at 5:42 AM, Benjamin Poulain <span dir="ltr"><<a href="mailto:benjamin@webkit.org" target="_blank">benjamin@webkit.org</a>></span> wrote:<br></span></span><span class=""><span><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div bgcolor="#FFFFFF" text="#000000"><span><blockquote type="cite"><div dir="ltr">
</div>
</blockquote></span>
Targeting XHR specifically seems very easy to counter to me.
Couldn't one just use the Fetch API or Sockets to work around the
rule?<br></div></blockquote><div><br></div></span><div>I don't think so. Note that with the new content blocking API you cannot run code on request anymore. And even then you probably don't want to repeat requests just to retrieve additional metadata. And even then the response won't tell you in which context the request originally occurred.</div></span></div></div></div></blockquote><div><br></div><div>Sorry, I just realized what you meant here. (I mistakenly thought you suggested to repeat requests to obtain additional metadata). But yeah, if a page uses the Fetch API, rules checking for XMLHttpRequest wouldn't match, however filters checking for "other" request types should match then. The distinction between XMLHttpRequest and Fetch API doesn't seem to be important. We might merge them into a common type in the future. However, the distinction between these, JavaScript initiated, requests and object (Flash) initiated requests is kinda important for us, as explained in my previous email.</div><span class="HOEnZb"><font color="#888888"><div><br></div><div>Sebastian</div></font></span></div></div></div>
</blockquote></div><br><br clear="all"><br>-- <br><div class="gmail_signature"><div dir="ltr"><font size="1">Arthur Kawa</font><p dir="ltr" style="line-height:1.15;margin-top:0pt;margin-bottom:0pt"><font size="1"><span style="font-family:Arial;color:rgb(0,0,0);background-color:transparent;font-weight:normal;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline">IT Officer Trainee<br></span></font></p><font size="1"><br></font><p dir="ltr" style="line-height:1.15;margin-top:0pt;margin-bottom:0pt"><font size="1"><span style="font-family:Arial;color:rgb(0,0,0);background-color:transparent;font-weight:normal;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline">Eyeo GmbH</span></font></p><p dir="ltr" style="line-height:1.15;margin-top:0pt;margin-bottom:0pt"><font size="1"><span style="font-family:Arial;color:rgb(0,0,0);background-color:transparent;font-weight:normal;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline">Im Klapperhof 7-23</span></font></p><p dir="ltr" style="line-height:1.15;margin-top:0pt;margin-bottom:0pt"><font size="1"><span style="font-family:Arial;color:rgb(0,0,0);background-color:transparent;font-weight:normal;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline">50670 Cologne, Germany</span></font></p><font size="1"><br></font><p dir="ltr" style="line-height:1.15;margin-top:0pt;margin-bottom:0pt"><font size="1"><span style="font-family:Arial;color:rgb(153,153,153);background-color:transparent;font-weight:normal;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline">VAT-ID: DE279292414</span></font></p><p dir="ltr" style="line-height:1.15;margin-top:0pt;margin-bottom:0pt"><font size="1"><span style="font-family:Arial;color:rgb(153,153,153);background-color:transparent;font-weight:normal;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline">District Court Cologne: HRB 73508</span></font></p><p dir="ltr" style="line-height:1.15;margin-top:0pt;margin-bottom:0pt"><font size="1"><span style="font-family:Arial;color:rgb(153,153,153);background-color:transparent;font-weight:normal;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline">Managing Directors: Wladimir Palant & Till Faida</span></font></p></div></div>
</div>