Get "Nano Defender for Firefox" add-on to AMO

Hello,

Recently I started to look for some adblock detector killer add-on - something that would block “adblock detectors” scripts which are often used to block content unless you disable your adblock. Since this kind of behavior is now on the rise, I think we need such add-on.

I found only two on AMO (Anti-X and AAAA: The Anti-Atob-Anti-Adblocker) - both are fairly primitive (containing only one function!).
I found one good looking Anti-Adblock Killer but not available as add-on and also it wasn’t updated in 2 years.

The only one that seems good enough and is regularly updated is Nano Defender for Firefox which is not in AMO, due to usage of innerHTML and custom DOM library libdom. See this Github issue thread.
There is also a link for the reviewer e-mail.

I would like to know whether there is a room for a discussion regarding the rules here - as we are talking about open-source add-on designed to help people.

If there is no room for an exception here, could we please move this to Development topic and maybe someone skilled finds a way (and time) how to refactor this into a proper DOM manipulation? (warning: somebody mentioned there “you need to rewrite all 5k+ lines of content rules”)

PS: you may be interested in:

Hmm, in the current release, there do not seem to be a lot of assignments to innerHTML. Use in expressions within if() comparisons should be considered harmless. This is what I saw:

/content/core.js

line 443

elem.innerHTML = "<br>";

This should not be objectionable because it is a known, safe string. But if it needs replaced: I think this should cover that in two steps, first emptying the element and then appending a line break element:

elem.textContent = '';
elem.appendChild(document.createElement('br'));

lines 490, 494, 504, 913, 940, 953, 1206, 1207, and 1249: expressions, not assignments

/libdom.js

line 349: returns existing innerHTML

line 352

s.innerHTML = html;

Okay, this one requires some heavy code. I haven’t tested this out in detail but it seems like it should work (EDITED after posting):

var parser = new DOMParser(); 
try {
  var htdoc = parser.parseFromString(html, 'text/html'); 
  s.textContent = '';
  j = htdoc.body.childNodes.length; 
  while (j>0){
    s.appendChild(htdoc.body.childNodes[0]); 
    j--;
  }
} catch(err) {
  console.log('function html() died setting s: ') + err;
}

Note: The foregoing assumes that html does not contain its own body tag. I assume that’s true in the context of this extension.

/content/rules-specific.js

line 971

divContentVideo.innerHTML = "";

This should not be objectionable because it is a known, safe string. However, if it needs replaced, this should do it:

divContentVideo.textContent = '';

lines 1698, 1854, 2271: expressions, not assignments

line 2281

a.antiCollapse("innerHTML", (elem) => elem === window.document.body);

This is passing the string “innerHTML” to a function which does not assign it.

line 2514

blocks[i].innerHTML = window.linkify(links.replace(nbsp, " "));

Requires further study – I don’t know what the global linkify() function does. ??

line 2609

blocks[i].innerHTML = window.atob(blocks[i].textContent);

Requires further study – I don’t know what is happening here.

Maybe that will be helpful to someone.

That’s on a third party website where an anti‑adblock script would call that function after it determined that no adblock is in use to fix links in the page.

Since NanoDefender prevents the script from running, it has to call the linkify(…) function itself.

Same as above.