You mean nosy code like:
<noscript>
<img height="1" width="1" alt="" style="display:none"
src="https://www.facebook.com/tr?id=redacted&ev=PageView&noscript=1">
</noscript>
??
I don't know of way to turn off evaluation of <noscript>
, but in the above example, you could write a short browser extension to cancel any request with a url containing the substring facebook.com/tr?
.
See chrome.webRequest for a description of the Chrome browser's API for watching, modifying, or blocking requests in flight.
Here is a working example:
manifest.json:
{
"name": "Website Blocker",
"description": "Keeps the browser from fetching tracking URLs",
"version": "1.0",
"manifest_version": 2,
"permissions": [
"webRequest",
"webRequestBlocking",
"*://*.facebook.com/tr?*"
],
"background": {
"scripts": [
"script.js"
],
"persistent": true
},
"icons": {
"256": "world-blocker.png"
},
"converted_from_user_script": true
}
script.js:
"use strict"
console.log("Website Blocker is running!");
var re = new RegExp('https?://.*?\.?facebook.com/tr\?', 'i');
function checkUrl(details) {
var cancel = !!details.url.match(re);
if (!cancel)
console.log(`Passing ${details.url}`);
return {cancel: cancel};
}
chrome.webRequest.onBeforeRequest.addListener(
checkUrl,
{urls: ['*://*.facebook.com/tr?*']},
['blocking']
);
Use whatever you want for the icon. Or delete it and let the browser supply a dummy one. Its only role is to highlight the extension's entry on the chrome://extensions
page.
The extension worked fine on the page in question. The page's console log has an error message net::ERR_BLOCKED_BY_CLIENT
for the image fetch. Likewise, a red failure line in the Network tab.
Also, the URL pre-filtering is working well. The JavaScript is only getting called for the specific tracking URL. Checking the extension's console, I see no "Passing ..." messages, even when I visit Facebook.
1Short of that you won't have an option. You could of course try to use actual NoScript or AdBlockers which usually also block those things. If you do want to change the behavior of a browser on such a fundamental level you will probably have to roll your own. – Seth – 2017-01-20T13:04:39.670
@Seth browsers are too permissive (promiscuous?). They do (lots of) things behind your back that you'd rather not have allowed if you knew what it was. But Stallman had warned us several times already.
– Mindwin – 2017-01-20T13:16:16.493@Seth ABP works but I have to blacklist stuff one by one. NoScript does not much for
<noscript>
content unless it contains another threat. RequestPolicy (firefox) can block cross-site requests. One can hedge the problem to a minimum, but it is still there. – Mindwin – 2017-01-20T13:20:42.607