Stop Nefarious Redirects UserScript v4.0

Overview

The latest version of the Stop Nefarious Redirects UserScript, v4.0, brings together the powerful features from previous versions (v3.85 and v3.89) and introduces new enhancements to provide even better protection against unwanted redirects. This script is designed for users who use Tampermonkey to block unauthorized redirects and prevent history manipulation while browsing the web.

New Features and Enhancements

Integration of v3.85 and v3.89 Features

1. Manual and Automated Blacklists:

   • Manual Blacklist: Users can manually add URLs to a blacklist to block unwanted sites.
   • Automated Blacklist: The script automatically adds unauthorized URLs to the blacklist, providing dynamic protection.

2. Allowed Popups Domains:

   • The script includes a comprehensive list of allowed domains for popups, ensuring that necessary popups are not blocked.

3. Navigation Control:

   • Enhanced control over navigation events, ensuring unauthorized redirects are blocked and safe URLs are maintained.

New Enhancements in v4.0

1. Enhanced Navigation Control for Back/Forward Buttons:

   • The script now includes improved handling of the browser's back and forward buttons to prevent redirects through history manipulation.

2. Proxy for Location Changes:

   • A proxy is used to intercept and handle location changes, providing more granular control over URL navigation.

3. Monitoring and Blocking of Window Open Events:

   • The script overrides the window.open method to block popups from unwanted domains, while allowing those from trusted sources.

4. Form Submission Blocking:

   • Added event listener to block form submissions to unauthorized URLs, preventing potential security risks.

5. Improved User Feedback:

   • The script provides detailed console logs and alerts to inform users about blocked URLs and actions taken, enhancing transparency.

Why Upgrade to v4.0?

Superior Protection

The integration of features from both v3.85 and v3.89, along with new enhancements, provides comprehensive protection against unauthorized redirects. The improved handling of the browser's navigation controls ensures that users are not redirected to unwanted sites, even when using the back and forward buttons.

Dynamic and Manual Control

With both manual and automated blacklists, users have the flexibility to control which sites are blocked, while the script dynamically adds potentially harmful URLs to the blacklist.

Improved User Experience

By allowing popups from trusted domains and providing clear feedback through console logs and alerts, users can enjoy a safer and more transparent browsing experience.

Easy to Use

The script is designed to be easy to install and use with Tampermonkey, running automatically at document start to provide seamless protection.

Installation

To install or upgrade to the latest version of the Stop Nefarious Redirects UserScript, follow these steps:

1. Open Tampermonkey in your browser.
2. Click on the "Add a new script" button.
3. Copy and paste the script code into the Tampermonkey editor.
4. Save the script and ensure it is enabled.

Upgrade to v4.0 today to experience enhanced protection and improved control over unwanted redirects!

Stop Nefarious Redirects - Version Comparison

This document highlights the changes made to the Stop Nefarious Redirects Tampermonkey script, comparing the original version provided by the user with the updated version implemented based on the suggested improvements.

Original Version

The original version of the Stop Nefarious Redirects script provided by the user had the following key features and characteristics:

• Used an array to store the blacklist of unauthorized URLs.
• Monitored changes to the window.location object to intercept navigation events.
• Handled navigation events by checking if the new URL was allowed based on the blacklist.
• Provided a keyboard shortcut (Ctrl+Shift+L) to display the current blacklist using an alert.
• Utilized broad @match patterns (http://*/* and https://*/*) to support all websites.

Updated Version

The updated version of the Stop Nefarious Redirects script incorporates several improvements and enhancements based on the suggestions provided. The key changes include:

1. Blacklist Storage:

   • The script now uses a Set instead of an array to store the blacklist.
   • The getBlacklist function now returns a Set constructed from the stored blacklist array.
   • The addToBlacklist function uses the Set.add() method to add URLs to the blacklist.
   • The GM_setValue function is used to store the blacklist as an array, converted from the Set.

2. Debounced Navigation Handling:

   • A debounce mechanism has been implemented to optimize navigation handling.
   • The handleNavigation function is now wrapped with a debounce function, which delays the execution of the function by a specified delay (100ms in this case).
   • This ensures that only the last navigation event within the delay period is processed, reducing unnecessary checks and improving performance.

3. Error Handling:

   • Try-catch blocks have been added around critical sections of code, such as the handleNavigation function.
   • If an error occurs during the execution of these sections, the error is caught and logged to the console using console.error.
   • This prevents the script from breaking and ensures a smoother user experience.

4. Performance Optimization:

   • The displayBlacklist function now uses console.log instead of alert to display the current blacklist.
   • This change eliminates the use of synchronous operations like alert, which can block script execution.
   • The blacklist is now displayed in the console, allowing users to access it through the browser's developer tools.

5. Code Structure and Readability:

   • The code has been reformatted and indented consistently to improve readability.
   • Comments have been added to explain the purpose and functionality of each section of the code.
   • The version number in the @version directive has been updated to reflect the changes made.

Conclusion

The updated version of the Stop Nefarious Redirects script builds upon the original version by incorporating several improvements and optimizations. The use of a Set for blacklist storage, debounced navigation handling, enhanced error handling, and performance optimizations contribute to a more efficient and reliable script.

While the core functionality of blocking unauthorized redirects remains the same, these enhancements ensure a smoother user experience and better performance. The script continues to support all websites through the broad @match patterns, providing comprehensive protection against malicious redirects.

It's important to thoroughly test the updated script to ensure that the changes do not introduce any new issues and that the script functions as expected. With these improvements in place, the Stop Nefarious Redirects script is well-equipped to provide robust protection against unauthorized redirects while optimizing performance and user experience.

fix a minor code prference

What's Changed in This Version

Key Enhancements:

• Reduced Intrusiveness: The script now uses a less intrusive method for monitoring URL changes. Instead of reacting to every popstate or DOMContentLoaded event, which was potentially interfering with user input handling, the script now periodically checks the URL every 100 milliseconds. This change aims to minimize the potential for the script to consume or block initial user actions such as keyboard shortcuts or mouse clicks.

• Improved Focus Management: Added an event listener for the DOMContentLoaded event to set focus to the document body once the page has loaded. This enhancement is intended to improve the responsiveness of the page to user inputs immediately after load, addressing issues where the first user interaction was not being recognized properly.

• Simplified and More Accurate Redirect Handling: The script's logic for handling redirects has been streamlined to reduce complexity and improve reliability. By periodically checking the URL state and comparing it to a list of trusted websites, the script can more accurately determine when to intervene and restore the original URL if a non-trusted redirect occurs.

Technical Improvements:

• Usage of window.location.replace(): To avoid disrupting the browser's normal forward and back navigation behavior, window.location.replace() is used judiciously to restore the original URL without adding extra entries in the browser's history. This method ensures that users can still use browser navigation buttons as expected without losing their forward history.

Overall Impact:

These changes are designed to enhance the script's functionality while ensuring it operates more seamlessly within the user's browsing environment. The adjustments should reduce any unintended side effects previously experienced by users, such as issues with keyboard shortcuts not working on the first attempt or disruptions in using browser navigation buttons.

This version should provide a more user-friendly and reliable experience, effectively preventing nefarious redirects without interfering with normal web browsing operations.

What's Changed in This Version

Key Enhancements:

• Debounce Mechanism: Introduced a time-based condition to manage the frequency of redirection handling and prevent endless loops. This improvement ensures the script does not interfere excessively, particularly when using the back button, thus maintaining better navigation experience without repeated blocks or reloads.

• Advanced URL Tracking: Refined the approach to URL tracking by implementing more rigorous checks and handling changes in browser history more effectively. This change helps in distinguishing between user-initiated and script-driven URL changes, especially when navigating with browser controls like the back and forward buttons.

• Enhanced User Feedback: Increased the logging detail for actions taken by the script, providing users with clearer insights into what the script is doing at any time, including blocking redirects, allowing trusted navigations, and restoring URLs.

• Improved Back Button Handling: Addressed issues related to using the back button to return to the original page after a redirect was blocked. The script now better handles history manipulation to ensure users can return to their intended URL without unintended reloads or blocks.

These updates are designed to enhance the effectiveness of the script in providing a secure browsing experience by more reliably managing redirects and improving usability.

### Explanation of Changes:
1. **Debounce Mechanism**: This is crucial to avoid the script acting too frequently which could lead to undesirable effects like loops or excessive interference with user navigation.
2. **Advanced URL Tracking**: Improvements in how the script tracks and handles URL changes ensure that it remains effective even as users navigate through various links or use browser history controls.
3. **Enhanced User Feedback**: More detailed logging helps in debugging and provides transparency to users about the script's operations.
4. **Improved Back Button Handling**: This focuses on ensuring that when a user navigates back after an intervention by the script, they can return to their original URL smoothly without the script re-triggering blocks unnecessarily.

Changes Overview

1. Script Version Update

• Old Script: Version 2.74
• New Script: Version 2.75

2. Trusted Websites List Expansion

• The list of trusted websites has been significantly expanded in the new script, adding a large number of domains to the array.

3. Functionality Enhancements

• Both scripts aim to prevent redirects to untrusted sites and handle redirections similarly by disabling inputs and logging actions. However, the new script has an enhanced handling mechanism.

4. Logging and Monitoring

• Both versions log actions, but the new script includes more detailed logs at each critical action, especially during redirect handling and URL monitoring.

Detailed Comparison

### Script Metadata
- **Old Version**: 2.74
- **New Version**: 2.75

### Trusted Websites
- **Old List**:
  - Included a baseline set of commonly trusted websites like Google, Amazon, Facebook, etc.
- **New List**:
  - Significantly expanded to include more domains across various sectors, potentially to address a wider range of legitimate redirect scenarios.

### Handling Logic
- **Old Script**:
  - Monitored redirects using `popstate` and `hashchange` events.
  - Disabled user inputs like clicks, form submissions, keypresses, and touch events only after detecting an untrusted redirect.
- **New Script**:
  - Continues to use the same event listeners for redirect detection.
  - Implements a more aggressive approach by potentially disabling inputs preemptively upon detecting a redirect, before attempting to revert to the original URL after a brief delay.

### Improvements in New Script
- **Robust URL Monitoring**:
  - Continuously checks the URL and handles changes more aggressively to combat sophisticated redirect loops or spamming.
- **Block Mechanism**:
  - Introduces a `blockActive` flag to manage the state of script activation, preventing redundant or overlapping handling logic which can lead to performance issues or missed redirects.
- **Enhanced User Input Disabling**:
  - Applies a more comprehensive input disabling strategy that might include additional events or a more foolproof method to ensure that no user action can trigger redirects once a block is active.

### Summary
The updates in version 2.75 of the script reflect a progression towards handling more complex redirect scenarios and a broader set of websites, likely in response to evolving threats or user feedback on the previous script's effectiveness. Enhanced logging and state management suggest a move to stabilize functionality and improve user experience during active redirect blocking.

Stop Nefarious Redirects Script Update

Changes Made

1. Streamlined the script logic:

   • The updated script has a more focused approach to handling redirects.
   • It removes unnecessary functions and event listeners, such as handleNavigation and the beforeunload event listener.
   • The script now relies solely on the popstate and hashchange event listeners to detect redirections.

2. Improved redirection handling:

   • The handleRedirect function is now triggered only when a redirection is detected and the script is not already activated.
   • It logs the redirection details, including the original URL, attempted redirect URL, and redirection method.
   • The function stops the redirection using event.preventDefault() and event.stopPropagation().
   • It then disables all inputs that can cause further redirections by calling the disableInputs function.
   • After disabling the inputs, the script sets a timeout of 100ms and then loads the original URL using window.location.href.

3. Added input disabling functionality:

   • The disableInputs function is introduced to disable all user inputs that can potentially cause redirections.
   • It disables clicks, form submissions, keypresses, and touch events by adding event listeners that prevent the default behavior and stop event propagation.
   • This ensures that no further redirections can be triggered by user interactions after a redirection is detected.

4. Removed the continuous URL change checking:

   • The checkUrlChange function is removed from the updated script.
   • The script no longer continuously checks for URL changes every 100ms.
   • Instead, it relies solely on the popstate and hashchange event listeners to detect redirections.

5. Maintained the trusted websites functionality:

   • The updated script still includes the trustedWebsites array and the isTrustedWebsite function.
   • This allows the script to allow redirects on trusted websites while blocking redirects on non-trusted websites.

Why the Updated Script Works Better

1. Improved performance:

   • By removing unnecessary functions and event listeners, the updated script has improved performance.
   • It no longer continuously checks for URL changes every 100ms, reducing the script's overhead.

2. Enhanced user experience:

   • The updated script disables all user inputs that can cause redirections after a redirection is detected.
   • This prevents users from accidentally triggering further redirections and ensures a smoother browsing experience.

3. Maintains the trusted websites functionality:

   • The script still allows redirects on trusted websites while blocking nefarious redirects on non-trusted websites.
   • This ensures that legitimate redirects on trusted websites are not blocked, improving the user experience on those sites.

4. Cleaner and more focused codebase:

   • The updated script has a more streamlined and focused codebase.
   • It removes unnecessary complexities and simplifies the logic, making it easier to understand and maintain.

Overall, the updated "Stop Nefarious Redirects" script provides a more efficient and effective solution to blocking nefarious redirects while allowing legitimate redirects on trusted websites. By streamlining the code, improving performance, enhancing the user experience, and maintaining the trusted websites functionality, the script offers better protection against unwanted redirections while minimizing potential disruptions to the user experience on trusted sites.

1. Modified the isTrustedWebsite function:

   • Changed the condition from url.endsWith(website) to url.includes(website).
   • This modification allows for more flexible matching of trusted domains. Instead of requiring the URL to end with the trusted website, it now checks if the URL includes the trusted website anywhere in the string.

2. Updated the handleRedirect function:

   • Added a check to see if the current website is trusted using the isTrustedWebsite function.
   • If the website is trusted, it allows the redirect by updating the previousUrl and currentUrl variables and returning early, preventing the script from blocking the redirect.

3. Replaced the handleBackNavigation function with handleNavigation:

   • Removed the separate handleBackNavigation function and created a single handleNavigation function to handle both forward and backward navigation.
   • The handleNavigation function simply updates the previousUrl and currentUrl variables whenever a navigation event occurs (click or popstate).

4. Modified the checkUrlChange function:

   • Added a check to see if the current website is trusted using the isTrustedWebsite function.
   • If the website is trusted, it updates the previousUrl and currentUrl variables and allows the navigation to proceed without blocking the redirect.
   • If the website is not trusted and the URL has changed, it proceeds with the existing logic to block the redirect and load the previous URL.

5. Updated the event listeners:

   • Changed the click event listener to use the handleNavigation function instead of handleForwardNavigation.
   • Added a popstate event listener that also uses the handleNavigation function to handle backward navigation.

6. Included the complete script:

   • Provided the full script code, including the Tampermonkey/Greasemonkey header, so that it can be directly copied and pasted into the userscript manager.

These changes address the issue of the script blocking redirects on trusted websites like GitHub. The script now checks if the current website is trusted before blocking any redirects. If the website is trusted, it allows the navigation to proceed normally. If the website is not trusted and a redirection is detected, the script blocks the redirect and loads the previous URL.

By modifying the isTrustedWebsite function to use includes instead of endsWith, the script can now handle cases where the URL changes within the same trusted domain (e.g., navigating from https://github.com/user/repo to https://github.com/user/repo#section).

The updated event listeners and the handleNavigation function ensure that the previousUrl and currentUrl variables are properly updated during both forward and backward navigation.

Overall, these changes improve the script's behavior on trusted websites while still maintaining its ability to detect and stop nefarious redirects on untrusted websites.

I added subdomain matching.
Example: google.com in the whitelisted domains will cover all subdomains like mail.google.com. The script no longer required exact matching.

Improved the back button redirections. Some redirects were getting through and now they seem to have ceased.

another small spacing error to keep the code as beautiful as possible. I'm anal like that. I probably have bad OCD lol.

Fixed a small spacing error to keep the code looking beautiful.

Sorted the whitelisted websites by name.