Stop Nefarious Redirects

Block unauthorized redirects

当前为 2024-04-29 提交的版本,查看 最新版本

  1. // ==UserScript==
  2. // @name         Stop Nefarious Redirects
  3. // @namespace    http://tampermonkey.net/
  4. // @version      3.78.3
  5. // @description  Block unauthorized redirects
  6. // @match        http://*/*
  7. // @match        https://*/*
  8. // @grant        none
  9. // @license      MIT
  10. // ==/UserScript==
  11.  
  12. (function() {
  13.     'use strict';
  14.  
  15.     // Function to check if a URL is allowed to be navigated to
  16.     function isUrlAllowed(url) {
  17.         const trustedWebsites = [
  18.         '500px.com', 'accuweather.com', 'adobe.com', 'adulttime.com', 'alibaba.com', 'amazon.com', 'amazonaws.com',
  19.         'amd.com', 'americanexpress.com', 'anaconda.com', 'angular.io', 'ap.org', 'apache.org', 'apnews.com', 'apple.com',
  20.         'arstechnica.com', 'artstation.com', 'asana.com', 'asus.com', 'atlassian.com', 'autodesk.com', 'axios.com',
  21.         'battle.net', 'bbc.co.uk', 'bbc.com', 'behance.net', 'bestbuy.com', 'bing.com', 'bitbucket.org', 'blogger.com',
  22.         'bloomberg.com', 'bmw.com', 'boeing.com', 'booking.co.uk', 'booking.com', 'bootstrapcdn.com', 'breitbart.com',
  23.         'buzzfeed.com', 'canva.com', 'capitalone.com', 'cbsnews.com', 'character.ai', 'chase.com', 'chaturbate.com',
  24.         'cisco.com', 'citi.com', 'claude.ai', 'cnbc.com', 'cnet.com', 'cnn.com', 'codecademy.com', 'constantcontact.com',
  25.         'coursera.org', 'craigslist.org', 'dailymail.co.uk', 'dell.com', 'deviantart.com', 'discord.com', 'disney.com',
  26.         'django.com', 'docker.com', 'docusign.com', 'dribbble.com', 'dropbox.com', 'duckduckgo.com', 'duolingo.com',
  27.         'duosecurity.com', 'ebay.com', 'economist.com', 'edx.org', 'elsevier.com', 'engadget.com', 'epicgames.com',
  28.         'eporner.com', 'espn.com', 'etsy.com', 'eurogamer.net', 'expedia.com', 'facebook.com', 'fandom.com', 'fedex.com',
  29.         'figma.com', 'finance.yahoo.com', 'flickr.com', 'flipkart.com', 'forbes.com', 'foxnews.com', 'framer.com',
  30.         'freecodecamp.org', 'gamespot.com', 'gartner.com', 'gettyimages.com', 'git-scm.com', 'github.com', 'gizmodo.com',
  31.         'go.com', 'godaddy.com', 'gog.com', 'goldmansachs.com', 'google.com', 'healthline.com', 'hilton.com', 'homedepot.com',
  32.         'hp.com', 'hubspot.com', 'huffpost.com', 'hulu.com', 'humblebundle.com', 'ibm.com', 'ieee.org', 'ifixit.com',
  33.         'ign.com', 'ikea.com', 'imdb.com', 'imgur.com', 'indeed.com', 'instagram.com', 'instructure.com', 'intel.com',
  34.         'intuit.com', 'invisionapp.com', 'itch.io', 'java.com', 'jetbrains.com', 'joomla.org', 'jquery.com', 'khanacademy.org',
  35.         'kotaku.com', 'kotlinlang.org', 'laravel.com', 'lenovo.com', 'lg.com', 'lifehacker.com', 'linkedin.com',
  36.         'live.com', 'lowes.com', 'lynda.com', 'macys.com', 'mailchimp.com', 'marriott.com', 'mashable.com', 'masterclass.com',
  37.         'mcdonalds.com', 'medium.com', 'mercedes-benz.com', 'microsoft.com', 'microsoftonline.commit.edu', 'mongodb.com',
  38.         'moodle.org', 'mozilla.org', 'msn.com', 'msnbc.com', 'nasa.gov', 'nationalgeographic.com', 'nbc.com', 'nbcnews.com',
  39.         'netflix.com', 'nextdoor.com', 'nih.gov', 'npr.org', 'nvidia.comnypost.com', 'nytimes.com', 'office.com',
  40.         'okta.com', 'onlyfans.com', 'openai.com', 'oracle.com', 'oreilly.com', 'origin.com', 'outlook.com', 'overstock.com',
  41.         'patreon.com', 'paypal.com', 'pcgamer.com', 'pexels.com', 'php.net', 'pinterest.com', 'pixabay.com', 'pluralsight.com',
  42.         'polygon.com', 'pornhub.com', 'python.org', 'quizlet.com', 'quora.com', 'reactjs.org', 'realtor.com',
  43.         'reddit.com', 'redhat.com', 'roblox.com', 'rubyonrails.org', 'salesforce.com', 'samsung.co.kr', 'samsung.com',
  44.         'sap.com', 'sciencedirect.com', 'scopus.com', 'sears.com', 'sharepoint.com', 'shutterstock.com', 'siemens.com',
  45.         'sketch.com', 'skillshare.com', 'skype.com', 'slack.com', 'sony.com', 'soundcloud.com', 'spotify.com',
  46.         'spring.io', 'stackoverflow.com', 'steamcommunity.com', 'steampowered.com', 'surveymonkey.com', 'symantec.com',
  47.         'target.com', 'techcrunch.com', 'temu.com', 'tesla.com', 'texasinstruments.com', 'theguardian.com', 'thenextweb.com',
  48.         'theverge.com', 'tiktok.com', 'time.com', 'toyota.com', 'trello.com', 'trip.com', 'tripadvisor.com', 'tumblr.com',
  49.         'twitch.tv', 'twitter.com', 'uber.com', 'ucla.edu', 'ucsf.edu', 'udemy.com', 'unity.com', 'unsplash.com', 'ups.com',
  50.         'usatoday.com', 'usnews.com', 'usps.com', 'verizon.com', 'vice.com', 'Vice.com', 'vimeo.com', 'vk.com', 'vmware.com',
  51.         'volkswagen.com', 'vox.com', 'walmart.com', 'washingtonpost.com', 'weather.com', 'weather.gov', 'webmd.com',
  52.         'whatsapp.com', 'wikimedia.org', 'wikipedia.org', 'wired.com', 'wordpress.com', 'wsj.com', 'wunderground.com',
  53.         'x.com', 'xerox.com', 'xfinity.com', 'xhamster.com', 'xilinx.com', 'xnxx.com', 'xvideos.com', 'yahoo.com',
  54.         'yelp.com', 'youtube.com', 'zapier.com', 'zendesk.com', 'zeplin.iozillow.com', 'zoom.us'
  55.         ];
  56.         return trustedWebsites.some(allowedUrl => url.includes(allowedUrl));
  57.     }
  58.  
  59.     // Monitor and block any direct changes to window.location
  60.     const originalLocationAssign = window.location.assign;
  61.     window.location.assign = function(url) {
  62.         if (isUrlAllowed(url)) {
  63.             console.log('Allowed redirect to:', url);
  64.             return originalLocationAssign.apply(this, arguments);
  65.         } else {
  66.             console.error('Blocked unauthorized redirect to:', url);
  67.             return null; // Block the redirect
  68.         }
  69.     };
  70.  
  71.     // Override the window.location.href setter to intercept and validate URL changes
  72.     Object.defineProperty(window.location, 'href', {
  73.         get: function() {
  74.             return location.href;
  75.         },
  76.         set: function(url) {
  77.             if (isUrlAllowed(url)) {
  78.                 console.log('Redirect to known page allowed:', url);
  79.                 return Reflect.set(window.location, 'href', url);
  80.             } else {
  81.                 console.error('Blocked unauthorized redirect attempt to:', url);
  82.                 return location.href; // Prevent the redirect
  83.             }
  84.         },
  85.         configurable: true
  86.     });
  87.  
  88.     // Enhance error handling for redirects
  89.     window.addEventListener('popstate', function(event) {
  90.         let expectedUrl = document.referrer || sessionStorage.getItem('lastKnownGoodUrl');
  91.         if (!isUrlAllowed(window.location.href)) {
  92.             console.error('Blocked unauthorized back navigation to:', window.location.href);
  93.             if (expectedUrl) {
  94.                 window.location.replace(expectedUrl); // Force navigation to a safe URL
  95.             } else {
  96.                 window.history.back(); // Attempt to go back if safe URL isn't known
  97.             }
  98.         } else {
  99.             console.log('Allowed navigation to:', window.location.href);
  100.             sessionStorage.setItem('lastKnownGoodUrl', window.location.href);
  101.         }
  102.     });
  103.  
  104.     console.log('Redirect control script initialized.');
  105. })();