Issue 705 - Generate element hiding instead request blocking filters for non-HTTP URLs

include.postload.js

Index: include.postload.js
===================================================================
--- a/include.postload.js
+++ b/include.postload.js
@@ -408,11 +408,18 @@
 
   if (url)
   {
-    clickHideFilters.push(url.replace(/^[\w\-]+:\/+(?:www\.)?/, "||"));
+    var src = elt.getAttribute("src");
+    var selector = src && elt.localName + '[src=' + quote(src) + ']';

[Wladimir Palant, 2014/10/30 22:36:28]

elt.localName still needs escaping, DOM methods allow creating elements with any
tag name. And that's an unquoted identifier so the complicated escaping approach
is actually required...

Same thing with the style-based selector below.

[Sebastian Noack, 2014/10/31 13:52:49]

The syntax for valid tag names is very restrictive. It seems that none of the
valid characters needs escaping in CSS. And (at least on Chrome and Safari)
calling document.createElement() with an invalid name raises an exception. Tags
with invalid names given in the HTML source are parsed as  text nodes.

[Wladimir Palant, 2014/11/03 18:14:28]

document.createElement("foo:bar") might still be problematic but not addressing
this here is fine with me.

 
-    var src = elt.getAttribute("src");
-    if (src)
-      selectorList.push('[src=' + quote(src) + ']');
+    if (/^https?:/i.test(url))
+    {
+      clickHideFilters.push(url.replace(/^[\w\-]+:\/+(?:www\.)?/, "||"));
+
+      if (selector)
+        selectorList.push(selector);
+    }
+    else if (selector)
+      addSelector(selector);
   }
 
   // restore the original style, before generating the fallback filter that