Bugs 8 and 28 - added first pass at a site blocking/whitelisting feature, still experimental.

Jono Xia · Jono Xia · commit 90ca13377e11 · 2012-03-02T15:09:30.000-08:00
diff --git a/data/index-content-script.js b/data/index-content-script.js
@@ -25,6 +25,14 @@ unsafeWindow.getSavedGraph = function getSavedGraph() {
   self.port.emit('getSavedGraph');
 };
 
+unsafeWindow.blockDomain = function blockDomain(domain) {
+  self.port.emit('blockDomain', {"domain": domain});
+};
+
+unsafeWindow.whitelistDomain = function whitelistDomain(domain) {
+  self.port.emit('whitelistDomain', {"domain": domain});
+};
+
 self.port.on("log", function(log) {
   log = JSON.parse(log);
   if (graphCallback) {
diff --git a/data/ui/collusion-addon.js b/data/ui/collusion-addon.js
@@ -7,8 +7,10 @@ var CollusionAddon = (function() {
     importGraph: window.importGraph,
     resetGraph: window.resetGraph,
     saveGraph: window.saveGraph,
-    getSavedGraph: window.getSavedGraph
+    getSavedGraph: window.getSavedGraph,
+    blockDomain: window.blockDomain,
+    whitelistDomain: window.whitelistDomain
   };
-  
+
   return self;
 })();
diff --git a/data/ui/graphrunner.js b/data/ui/graphrunner.js
@@ -78,8 +78,8 @@ var GraphRunner = (function(jQuery, d3) {
 
       $("#domain-infos .info").hide();
 
-      // TODO Why do we clone the div instead of just clearing the one and adding to it?
-      // Oh, I see, we create a clone for each domain and then re-use it if it's already
+      // Instead of just cleraing out the domain info div and puttig in the new info each time,
+      // create a clone of the template for each new domain, and re-use that create a clone for each domain and then re-use it if it's already
       // created. An optimization?
       if (!info.length) {
         info = $("#templates .info").clone();
@@ -91,13 +91,22 @@ var GraphRunner = (function(jQuery, d3) {
           var trackerId = d.trackerInfo.network_id;
           info.find("h2.domain").empty();
           img.attr("src", TRACKER_LOGO + trackerId + ".jpg").addClass("tracker");
-        } else
+        } else {
           img.attr("src", 'http://' + d.name + '/favicon.ico')
              .addClass("favicon");
+        }
         setDomainLink(info.find("a.domain"), d);
         info.find("h2.domain").prepend(img);
         img.error(function() { img.remove(); });
         $("#domain-infos").append(info);
+
+        // Set up callback functions for the block-this-site link and the whitelist link
+        info.find(".block-link").click(function() {
+          CollusionAddon.blockDomain(d.name);
+        });
+        info.find(".whitelist-link").click(function() {
+          CollusionAddon.whitelistDomain(d.name);
+        });
       }
 
       // List referrers, if any (sites that set cookies read by this site)
@@ -276,6 +285,10 @@ var GraphRunner = (function(jQuery, d3) {
           .attr("xlink:href", function(d) {return 'http://' + d.name + '/favicon.ico'; } );
       }
 
+      // Remove nodes if domain is removed from the data (e.g. user blocked it)
+      node.exit().remove();
+      // TODO: this doesn't seem to work at all. Debug more.
+
       return node;
     }
 
diff --git a/data/ui/index.html b/data/ui/index.html
@@ -41,7 +41,7 @@ <h1>Collusion</h1>
 <div id="templates">
   <div class="info" style="display: none;">
     <h2 class="domain"></h2>
-
+    <a class="block-link">Block 3rd Party Cookies For This Site</a> | <a class="whitelist-link">This Site is OK</a>
     <div class="referrees">
       <p>When you visit <a class="domain"></a>, it informs the following websites about you.</p>
       <ul></ul>
diff --git a/lib/main.js b/lib/main.js
@@ -30,11 +30,13 @@ var log = {};
 // Array to maintain connections to any pages running collusion UI:
 var workers = [];
 
+// Whitelist of sites that user has told us they don't care about tracking them:
+var whitelist = [];
+
 var startTime = new Date();
 var collusionPanel = null;
 
 
-
 function attachToCollusionPage(worker) {
   /* Set up channel of communcation between this add-on and the script (index-content-script.js)
    * that we attached to the web page running the Collusion UI. */
@@ -78,6 +80,12 @@ function attachToCollusionPage(worker) {
     startTime = new Date() - maxTime;
     log = graph;
   });
+  worker.port.on("blockDomain", function(data) {
+                   blockDomain(data.domain);
+                 });
+  worker.port.on("whitelistDomain", function(data) {
+                   whitelistDomain(data.domain);
+                 });
 }
 
 
@@ -138,6 +146,57 @@ function getDomain(host) {
   }
 }
 
+function blockDomain(domain) {
+  console.log("Blocking domain " + domain);
+  deleteNode(domain);
+  // Clear all current cookies to this domain, and block them so they don't come back
+  // TODO: are we blocking cookies TO this domain or blocking cookies FROM this domain?
+  var cookieEnumerator = cookieMgr.getCookiesFromHost();
+  while (cookieEnumerator.hasMoreElements()) {
+    var cookie = cookieEnumerator.getNext().QueryInterface(Ci.nsICookie2);
+    cookieMgr.remove(cookie.host, cookie.name, cookie.path, true);
+    // The final true argument means cookies from this host are permanently blocked
+    // TODO does this also block first-party cookies? we don't want that.
+    // Look into nsICookiePermission...
+  }
+
+  /* See https://developer.mozilla.org/en/XPCOM_Interface_Reference/nsICookieManager2#getCookiesFromHost%28%29
+   * and see https://developer.mozilla.org/en/XPCOM_Interface_Reference/nsICookieManager
+   */
+}
+
+function whitelistDomain(domain) {
+  console.log("Whitelisting domain " + domain);
+  deleteNode(domain);
+  whitelist.push(domain); // TODO TEST
+  storage.whitelist = whitelist;
+}
+
+function deleteNode(nodeDomain) {
+  for (var domain in log) {
+    if (log[domain].referrers[nodeDomain]) {
+      console.log("Removed link to " + domain + " from " + nodeDomain);
+      delete log[domain].referrers[nodeDomain];
+    }
+  }
+  if (log[nodeDomain]) {
+    delete log[nodeDomain];
+    console.log("Removed all links to " + nodeDomain);
+  }
+
+  /* TODO it doesn't look like sending the newly-reduced log back to graphrunner.js
+   * does anything - even though I call node.exit().remove(), I think the way the data is passed
+   * around over there (it was not expected for nodes to ever leave the graph, seems like) means
+   * that nothing is removed. However, reloading the page results in a graph without the removed
+   * node, so that much at least works.
+   */
+
+  workers.forEach(function(worker) {
+    worker.port.emit("log", JSON.stringify(log));
+  });
+}
+
+
 // Main entry point. Will be called when Firefox starts or when Collusion is installed:
 function initCollusion() {
 
@@ -178,7 +237,7 @@ function initCollusion() {
   });
 
   // Set up the status bar button to open the main UI page:
-  require("widget").Widget({
+  var widget = require("widget").Widget({
     id: "collusion",
     label: "Display Collusion Diagram",
     contentURL: data.url("favicon.ico"),
@@ -192,6 +251,12 @@ function initCollusion() {
     log = JSON.parse(storage.graph);
   }
 
+  // Load any whitelist we have stored from last time
+  if (storage.whitelist) {
+    whitelist = JSON.parse(storage.whitelist);
+  }
+
+
   // Set up an observer to record third-party cookies. This callback
   // right here is the crux of Collusion.
   obSvc.add("http-on-examine-response", function(subject, topic, data) {
@@ -207,6 +272,10 @@ function initCollusion() {
       if (channel.referrer.host in baseHosts)
         return;
 
+      // Ignore cookies from whitelisted sites. TODO: Or is that cookies TO whitelisted sites?
+      if (channel.referrer.host in whitelist)
+        return;
+
       if (domain != referrerDomain) {
         try {
           type = subject.getResponseHeader("Content-Type");
@@ -298,5 +367,7 @@ function initCollusion() {
   attachToExistingCollusionPages();
 }
 
+
 // Start!
-initCollusion();
+initCollusion();
+
