41
I wrote hacky tampermonkey script to fix Lemmy instance links. Any advice? (sh.itjust.works)
submitted 1 year ago by BeanCounter@sh.itjust.works to c/programming@programming.dev
17 comments fedilink hide all child comments

Read this post and wrote a simple Tampermonkey script as a solution.

// ==UserScript==
// @name         Fix community link
// @version      0.1
// @description  try to take over the world!
// @match        https://sh.itjust.works/post/*
// ==/UserScript==

(function() {
    'use strict';
    const postLinks = document.getElementById("postContent").querySelectorAll("a:not(.community-link)") // get every links that is NOT a community link

    const fixLink = (aTags) => {
        for (let aTag of aTags) {
            const isCommunityLink = aTag.pathname.startsWith("/c/");
            aTag.href = isCommunityLink?aTag.pathname + "@" + aTag.host:aTag.href
        };
    }

    fixLink(postLinks)

    const comments = document.getElementsByClassName("comment-content");

    for (let comment of comments) {
        let commentLinks = comment.querySelectorAll("a:not(.community-link)");
        fixLink(commentLinks)
    }
})();

Any advice? I especially hate the fact that the way to check if it's a link for lemmy community is through pathname but I thought there's can't be a real solution besides listing all the lemmy instances or actually making a request somehow.

Any inputs are welcome!

you are viewing a single comment's thread
view the rest of the comments
[-] ezchili@iusearchlinux.fyi 0 points 1 year ago* (last edited 1 year ago)

Lmao ah yes, one of those

If you're not convinced with this you never will

You can just wrap your var with "new URL()" and have something faster, correct and easier to read, but I'm guessing you'll change your ways silently in a few years when you've forgotten about this interaction and managed to convince yourself it was your own idea!

Until then i guess you can add /c/whatev at the end of my two examples and find something else to criticize and decide not to support

[-] Andy@programming.dev 1 points 1 year ago

I'm not trying to be combative, I'm trying to understand. I'd like to see the failure in action so I can appreciate and pursue the proposed solution.

But when I added the community bit to the first URL, the browser resolved it and stripped the credentials, so the resulting URL matched. But the example credentials weren't real so it's not a great test; if there's an real example I can test, please share it. Though I don't see why I'd auth to an instance just to view it from a different instance.

When I added the community bit to the second URL, it was not a match, as it shouldn't be. The pattern must match the entire URL.

[-] ezchili@iusearchlinux.fyi 0 points 1 year ago* (last edited 1 year ago)

You can find it in action on regex101 with the regex indeed matching the query string in the maliciouswebsite and not matching even just something with the port and no user/password

It is valid (just weird & not recommended) to give a user:pw combo to a website that doesn't ask for one in the headers. Browsers stripping it off is a different thing

The sheer number of things you have to take into account to properly parse a URL should convince you to not use regexes for it

The fact that it's less code, more correct, faster and more readable to use new URL() should also be enough to convince you to not use regexes

[-] Andy@programming.dev 1 points 1 year ago

I meant to communicate that the Redirector addon uses the given pattern to see if the entire URL string matches, not part of it. So the malicious URL does not match.

I'm wondering if there's a real URL for which the Redirector approach will not work.

this post was submitted on 21 Sep 2023
41 points (100.0% liked)

Programming

17117 readers
327 users here now

Welcome to the main community in programming.dev! Feel free to post anything relating to programming here!

Cross posting is strongly encouraged in the instance. If you feel your post or another person's post makes sense in another community cross post into it.

Hope you enjoy the instance!

Rules

Rules

  • Follow the programming.dev instance rules
  • Keep content related to programming in some way
  • If you're posting long videos try to add in some form of tldr for those who don't want to watch videos

Wormhole

Follow the wormhole through a path of communities !webdev@programming.dev

founded 1 year ago
MODERATORS
snowe@programming.dev
Ategon@programming.dev
MaungaHikoi@lemmy.nz