Git Product home page Git Product logo

slackredir's Introduction

Slack-Redir Patcher

Slack, the "messaging app for teams" uses a peculiar technique very common in forums and other board-like websites; they patch every link posted in public and private channels as well as private chat sessions to override the mouseOver and onClick events; this allows them to [1] inject some kind of hotlinking protection, [2] track external links posted in their service, and [3] probably something else that I (as an outsider) do not know.

Some time ago I built Pastio a pastebin-like web service that was later integrated in the internal toolset of my current employer Sucuri; one of its features is the ability to create private posts which obviously should not be visible outside of our network. When my co-workers share links on Slack (as we are using this service for our communication) the redirection patch (probably?) tracks the private links.

This Chrome extension aims to fix this (security?) issue by re-patching the mouseOver and onClick events in the reflow of the DOM, this way you can click and/or right-click the links posted in the channels or private sessions without leaking sensitive information.

Slow Experience

Note that due to the way JavaScript works there is no way to accurately detect changes in the DOM, so the reflow of the webpages that occurs when one switches between channels and/or private sessions may not be detected on time, and even if the reflow is detected the code used to power Slack is complex enough to trigger multiple reflows per each action so the extension will trigger the patcher multiple times making the webview significantly slow. Slack is slow by itself so you will not notice the difference.

Installation

  1. Clone or download this repository
  2. Using Chromium open this: chrome://extensions/
  3. Click the "Load unpacked extension" button
  4. Browse your disk and select the extension
  5. ???
  6. Profit

Additionally, I recommend you to add "slack-redir.net" to your hosts file and point it to a loopback address like "127.0.0.1"; this is to prevent the accidental click of a link that was not caught by the extension DOM reflow patcher (which may happen from time to time).

$ echo "127.0.0.1  slack-redir.net" | sudo tee -a /etc/hosts

slackredir's People

Contributors

cixtor avatar

Watchers

James Cloos avatar avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.