Filtering rules limitations (custom filter, user filter)

[ameshkov]

@ameshkov commented on Tue Dec 18 2018

1. Custom filters must not support powerful modifiers ($replace and JS) unless they are explicitly enabled by the user filter (there should be a "Trusted" checkbox in the custom filter dialog)
2. Change the CSS rules validation process and discard those with url in the style text

[ ] Trusted filter
Filters marked as trusted can use powerful filtering rules modifiers which can be dangerous in the wrong hands. Do not check this box unless you fully trust it.

Pre-installed filters are marked as trusted by default (as we perform validation on the server-side).

[ameshkov]

Additionally:

1. You need to show "trusted" value on the filter details screen
2. Add an option to remove a custom filter on its details screen

[TPS]

It may be useful to flag only filter(list)s that have rules (filters) disabled unless this Trusted flag is checked.… Meaning, this could be true per update of these lists, if such unsafe rules are added/removed during such.

[nkartyshov]

done

Test instruction for QA:

1. Install AdGuard
2. Go to custom filters screen
3. Import custom filter
4. Mark filter as trusted
5. Start protection

Expected result:
The modify rules should be worked