Protect from Link Tracking on Tumblr#2733
Conversation
ablanathtanalba
changed the title
|
Realized I never wrote a test to go along with this PR, so I just added one |
ablanathtanalba
force-pushed
the
tumblr_link_tracking
branch
from
fcc658a to
e79f655
Compare
ablanathtanalba
force-pushed
the
tumblr_link_tracking
branch
from
e79f655 to
9dc43d3
Compare
ghostwords
left a comment
ghostwords
left a comment
There was a problem hiding this comment.
Thank you! Please see inline feedback.
| } | ||
|
|
||
| for (let attr of a.attributes) { | ||
| if (!['target', 'class', 'style'].includes(attr.name)) { |
There was a problem hiding this comment.
Should we also keep ARIA attributes?
| @@ -0,0 +1,36 @@ | |||
| // only observed links with this format out in the wild | |||
| let tumblr_links = "a[href^='https://t.umblr.com/redirect?']"; | |||
There was a problem hiding this comment.
This file is almost identical to https://github.com/EFForg/privacybadger/blob/master/src/js/firstparties/google-static.js. What if we reuse google-static.js, conditionally setting the DOM selector variable (based on document.domain maybe)?
| fixture.appendChild(util_script); | ||
| }); | ||
|
|
||
| QUnit.test('tumblr link unwrapping', (assert) => { |
There was a problem hiding this comment.
We probably don't need a unit test for this PR, especially if we reuse google-static.js for Tumblr.
ghostwords
left a comment
ghostwords
left a comment
There was a problem hiding this comment.
Where should I be seeing these links, in the Tumblr dashboard, on individual Tumblr blogs, or both?
Has t.umblr.com been retired in favor of href.li? I see href.li in the dashboard and on individual blogs.
The dashboard comes with infinite scrolling, so a single pass of unwrapping isn't enough.
2 participants
Turns out tumblr has familiar redirects on every outgoing link. Whether or not it's for tracking or just analytics, this proposed change scrubs the links of all unwanted things and reassigns the href to what the user expects.
Before:
After: