Discourse is not usable with LibreJS active - Can you add license headers please?

pr-welcome

(Poster) #1

As Discourse is used also by people that care about free licenses - and as far as I understood Discourse is free GPL2.0
software and only uses free Ruby/JS code it would be nice to not see everything blocked.

The following is the report from GNU LibreJS.

List of blocked JavaScript in https://meta.discourse.org/

Whitelist

This script is detected as inline, nonfree, defining functions or methods, and the rest of the page as loading external scripts

      window.EmberENV = window.EmberENV || {};
      window.EmberENV['FORCE_JQUERY'] = true;
    

Whitelist

This script is detected as inline, nonfree, defining functions or methods, and the rest of the page as loading external scripts
Discourse._registerPluginCode('0.8', function (api) {

    var h = require('virtual-dom').h;
    var ajax = require('discourse/lib/ajax').ajax;

    var themeSelector = require('discourse/lib/theme-selector');

    api.createWidget("theme-selector", {

        click: function (event) {
            var $target = $(event.target);
            var key = $target.data('key');
            var user = undefined;
            if (user = Discourse.__container__.lookup('current-user:main')) {
                ajax('/u/' + user.username + ".json").then(function (r) {
                    themeSelector.setLocalTheme(key, r.user.user_option.theme_key_seq);
                    window.location.reload();
                });

                return false;
            } else {
                themeSelector.setLocalTheme(key, 0);
            }

            window.location.reload();
            return false;
        },

        themeHtml: function () {
            var themes = themeSelector.listThemes(this.sit…

Whitelist

This script is detected as inline, nonfree, defining functions or methods, and the rest of the page as loading external scripts

      (function() {
        var ps = require('preload-store').default;
          ps.store("site", {"default_archetype":"regular","notification_types":{"mentioned":1,"replied":2,"quoted":3,"edited":4,"liked":5,"private_message":6,"invited_to_private_message":7,"invitee_accepted":8,"posted":9,"moved_post":10,"linked":11,"granted_badge":12,"invited_to_topic":13,"custom":14,"group_mentioned":15,"group_message_summary":16,"watching_first_post":17,"topic_reminder":18},"post_types":{"regular":1,"moderator_action":2,"small_action":3,"whisper":4},"groups":[{"id":71,"name":"Discoursehosting"},{"id":1,"name":"admins"},{"id":62,"name":"codecademy"},{"id":58,"name":"coinbase"},{"id":55,"name":"envato"},{"id":0,"name":"everyone"},{"id":59,"name":"gaspedal"},{"id":69,"name":"laruchequiditoui"},{"id":49,"name":"mcneel"},{"id":75,"name":"migrators"},{"id":2,"name":"moderators"},{"id":46,"name":"newrelic"},{"id":72,"name":"ninjas"},{"id":76,"name":"pivotal"},{"id":48,"name":"plugin_authors"},{"id":63,"…

Whitelist

This script is detected as inline, nonfree, defining functions or methods, and the rest of the page as loading external scripts

  Ember.RSVP.configure('onerror', function(e) {
    // Ignore TransitionAborted exceptions that bubble up
    if (e && e.message === "TransitionAborted") { return; }

    window.onerror(e && e.message, null,null,null,e);
  });

Whitelist

This script is detected as inline, nonfree, defining functions or methods, and the rest of the page as loading external scripts


  (function() {
    var ps = require('preload-store').default;

    Discourse.CDN = 'https://cdn-enterprise.discourse.org/meta';
    Discourse.BaseUrl = 'meta.discourse.org'.replace(/:[\d]*$/,"");
    Discourse.BaseUri = '';
    Discourse.Environment = 'production';
    Discourse.SiteSettings = ps.get('siteSettings');
    Discourse.LetterAvatarVersion = '5_8cef00e6737b3b8d9d169fd97ec1c294';
    Discourse.MarkdownItURL = 'https://d11a6trkgmumsb.cloudfront.net/assets/markdown-it-bundle-95eab67cdea904c1edf468e5ed93ba3d0ed27da63e4428828e8a566506f74391.js';
    I18n.defaultLocale = 'en';
    Discourse.start();
    Discourse.set('assetVersion','630410e1f94c7298dedd7b1fc7bc33c1');
    Discourse.Session.currentProp("disableCustomCSS", false);
    Discourse.HighlightJSPath = "/highlight-js/meta.discourse.org/9062f6624f188fcca0d8d61479af537c8a70abb5.js";
    Discourse.S3CDN = 'https://meta-s3-cdn.freetls.fastly.net';
    Discourse.S3BaseUrl = '//discourse-meta.s3-us-west-1.amazonaws.com…

Whitelist

NONTRIVIAL: an open method similar to xhr.open is used


  var _gaq = _gaq || [];
  _gaq.push(['_setAccount', 'UA-33736483-2']);


  _gaq.push(['_setCustomVar', 1, 'Anonymous', true, 2]);

  (function() {
    var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true;
    ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js';
    var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);
  })();

WhitelistThis script is detected as nonfree, external, and as defining functions or methods
https://d11a6trkgmumsb.cloudfront.net/brotli_asset/preload-store-ec90ffab9d7a6d9e507dda7cf7343e9d50b8bce624f7f44486ac8fd6b9814309.js
Whitelisterror parsing: cd2896c3d74934ba453c45c163312fdaca1a7e54
https://d11a6trkgmumsb.cloudfront.net/brotli_asset/vendor-057c8aaf728aa3bc264d5ff93a70e003efe4f4ecdc16ba0a02d452e6e3ef4402.js
WhitelistNONTRIVIAL: eval has been found in code
https://d11a6trkgmumsb.cloudfront.net/brotli_asset/locales/en-a08b6c43f4c6b0e5eb013af8e6fc990088a3d7d7c617bb2a4be6c40f3b148397.js
WhitelistNONTRIVIAL: eval has been found in code
https://d11a6trkgmumsb.cloudfront.net/brotli_asset/pretty-text-bundle-af6df9d7f414a6a33522de2bd6d2d517cd14e5b955c062d9f1b92f470977b17b.js
WhitelistNONTRIVIAL: innerHTML identifier
https://d11a6trkgmumsb.cloudfront.net/brotli_asset/browser-update-f57286e74ddbc53aa899689b01ef467078911e4138050c561939955849af35dd.js
WhitelistNONTRIVIAL: innerHTML identifier
https://d11a6trkgmumsb.cloudfront.net/brotli_asset/plugin-7f6112666e33fe786a149151c4d4f117aed46e983d564232c6eec5ce50f72cfd.js
WhitelistThis script is detected as nonfree, external, and as defining functions or methods
https://d11a6trkgmumsb.cloudfront.net/brotli_asset/plugin-third-party-bb2f0e23762c106247d01585881c8d39ccbbd7e0258bbf20cef6d4ac03012384.js
WhitelistNONTRIVIAL: an open method similar to xhr.open is used
https://d11a6trkgmumsb.cloudfront.net/brotli_asset/ember_jquery-a8dcbd325e04410f036f2a791d66d8316c48c5387acdd914de99a5dd6afb3cd3.js
WhitelistNONTRIVIAL: an open method similar to xhr.open is used
https://d11a6trkgmumsb.cloudfront.net/brotli_asset/application-60c231b7cea804312ae84d75984fd127c3f0c2aad8948fba67e40dd25ce89209.js

List of accepted JavaScript in httpx://meta.discourse.org/

LibreJS did not allow the execution of any scripts on this page: '
    The inline and on-page JavaScript code may not be free and/or may not have proper license information and external scripts (if present) may have been removed by default.
    External scripts may not be free and/or may not have proper licensing and are not part of the whitelist of free JavaScript libraries.

Is it possible that the JS shipped with Discourse gets the necessary license headers? This would be the first big part in allowing users of LibreJS to better view pages that use Discourse and take part in the discussions.

Thank you very much!


(Sam Saffron) #2

Totally happy to work with libreJS out of the box, not a huge priority cause the reach is so tiny, if anyone feels like working on this #pr-welcome


(Albert Pool) #3

A forum on which this is important is the Fairphone forum (https://forum.fairphone.com/) as it has a significant share of users who use Android without Google services, probably about 10% of the mobile users, and many of them use the Icecat browser. While the forum used to work with Icecat 47, this is no longer the case with the recent Icecat 53 update.