mostm/antizapret-openwrt
Archived
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
This repository has been archived on 2025-04-04. You can view files and clone it. You cannot open issues or pull requests or push a commit.
Files
main
antizapret-openwrt/FOR-REVIEWERS.md
Levent Duivel 26631eab29 Initial commit
2022-07-12 09:21:47 +05:00

940 B
Raw Permalink Blame History

For Reviewers

Justifications of serving hard to read PAC-scripts

  1. It's not obfuscated but compressed to fit into the 1MB limit on PAC-script size in most browsers.
  2. In this repository you may find the open source codes of our pac-script generator -- we may translate it to English upon your request.
  3. I understand it's difficult to evaluate if PAC-script is malicious or not. However, take into account the worst case damage it can inflict:
    • It may leak addresses user visits via dnsResolve.
    • It may return a proxy which collects addresses user visits or even modifies responses (this is explicitly allowed when user agrees to proxy permission in our browser extension).
  4. PAC-scripts (remote or not) are executed in a kind of sandbox: they have access only to a restricted API (see https://github.com/anticensority/about-pac-scripts/blob/master/pac-script-api-chrome-55.md for details). So they are quite benign.
Reference in New Issue View Git Blame Copy Permalink