If you find some missing information or errors in any of the translations, help us by opening a pull request with the necessary modifications in the texts.
| WebAPI | method | intercepted? | reported? | can be blocked? |
|---|---|---|---|---|
| EventTarget | removeEventListener |  |
 |
|
| EventTarget | addEventListener | |
|
|
| Battery Status | getBattery | |
|
|
| Fetch API | fetch | |
|
|
| Gamepad API | getGamepads | |
|
|
| Geolocation | getCurrentPosition | |
|
|
| Geolocation | watchPosition | |
|
|
| HTTP headers | User-Agent | |
|
|
| NavigatorID | userAgent | |
|
|
| Window | setInterval | |
|
|
| Window | setTimeout | |
|
|
| WebSocket | send | |
|
|
| XMLHttpRequest | open | |
|
|
| XMLHttpRequest | send | |
|
|
EventTarget.removeEventListener is not reported because it is only an interception to not break websites because of EventTarget.addEventListener interception.
All codes intercepted are divided into 3 groups:
Some JavaScripts are reported with a different nomenclature to get closer to the actual written code or to facilitate understanding:
| JavaScript | reported as | example code |
|---|---|---|
| (Battery Status).getBattery | getBattery | navigator.getBattery().then(fn) |
| (Fetch API).fetch | fetch | fetch('f.txt').then(fn) |
| (Gamepad API).getGamepads | getGamepads | navigator.getGamepads() |
| Geolocation.getCurrentPosition | geo.getCurrentPosition | navigator.geolocation.getCurrentPosition(fn) |
| Geolocation.watchPosition | geo.watchPosition | navigator.geolocation.watchPosition(fn) |
| (HTTP headers).User-Agent | headers.User-Agent | accessed by code on server side |
| NavigatorID.userAgent | NavigatorID.userAgent | window.navigator.userAgent |
| Window.setInterval | setInterval | setInterval(function() { }, 1000) |
| Window.setInterval (execution) | setInterval.call | setInterval(function() { /*call*/ }, 1000) |
| Window.setTimeout | setTimeout | setTimeout(function() { }, 1000) |
| Window.setTimeout (execution) | setTimeout.call | setTimeout(function() { /*call*/ }, 1000) |
| WebSocket.send | WebSocket.send | (new WebSocket('ws://host:80')).send('hello') |
| XMLHttpRequest.open | XMLHttpRequest.open | (new XMLHttpRequest()).open('GET', 'f.txt') |
| XMLHttpRequest.send | XMLHttpRequest.send | (new XMLHttpRequest()).open('GET', 'f.txt').send() |
fn= some callback function, example:var fn = function(response) { console.log(response); }
EventTarget.addEventListener is not reported in this group because we give a different attention to this EventTarget method.
addEventListener is used to report to the website when an event occurs. An event can be literally anything, so we've created a special session to look at the events that each site is trying to look at. Example:
document.getElementById('some-form-textarea-element').addEventListener(
'keypress', function(event) { console.log('key pressed: ' + event.key); }
);Some common examples of events:
| event name | fired when |
|---|---|
| beforeunload | you close some tab of the browser |
| copy | you copy some text with ctrl+c |
| keypress | you type some text |
| mousemove | you move your mouse pointer |
| wheel | you try to scroll the page |
What about the handleEvent group? Consider this code:
some_image.addEventListener('mousemove', function(_event) {
send_report('the user is moving the mouse over the image');
});addEventListener will be reported once, but every time the mouse is moved over the image, send_report will be called, that's what we call handleEvent.
If you block an event in addEventListener, you will never see it in handleEvent because it will never be called, however, to unblock the event you will need to reload the page.
If the event is allowed in addEventListener you will see it every time it is triggered in hanleEvent and you can block/unblock it inside handleEvent without needing to reload the page.
All triggered events that have been added with the EventTarget.addEventListener method.
All events that have been added to be reported with handleEvent.
Luminous has some categories at automatic settings about the EventTarget.addEventListener events names:
No events.
A predefined list of common events:
[
// Resource Events
'abort', 'beforeunload', 'unload',
// Focus Events
'focus', 'blur',
// Websocket Events
'open', 'message', 'close',
// Session History Events
'pagehide', 'pageshow', 'popstate',
// Form Events
'reset', 'submit',
// Text Composition Events
'compositionstart', 'compositionupdate', 'compositionend',
// View Events
'fullscreenchange', 'fullscreenerror', 'resize', 'scroll',
// Clipboard Events
'cut', 'copy', 'paste',
// Keyboard Events
'keydown', 'keypress', 'keyup',
// Mouse Events
'mouseenter', 'mouseover', 'mousemove', 'mousedown', 'mouseup', 'auxclick',
'click', 'dblclick', 'contextmenu', 'wheel', 'mouseleave', 'mouseout',
'select', 'pointerlockchange', 'pointerlockerror',
// Drag & Drop Events
'dragstart', 'drag', 'dragend', 'dragenter', 'dragover', 'dragleave', 'drop',
// Media Events
'canplay', 'canplaythrough', 'ended', 'play', 'playing', 'pause', 'volumechange',
// Storage events
'storage', 'change',
// Value change events
'broadcast', 'CheckboxStateChange', 'hashchange', 'input',
'RadioStateChange', 'readystatechange', 'ValueChange',
// Gamepad API events
'gamepadconnected', 'gamepaddisconnected',
// Uncategorized events
'localized', 'message', 'open', 'show'
]Some events from the list of common events or an event that follows a rule of not having special characters, example:
- Valid almost all events:
someEventanothereventSomeEventB - Invalid almost all events:
yt-somethingimage:uploadedmy_event
Any event.