Nanochan X is a userscript that i developed in my free time during the last 2 months, with the purpose of making lurking and posting on nanochan more comfy than ever!
As you may have intuited nanochan X was inpired by the like of 4chanX(https://github.com/ccd0/4chan-x) and OneeChan(https://github.com/KevinParnell/OneeChan), although the codebase is completely original and different design choices were often made.
It was made initially for personal use, but with time it became a really big project and some people expressed mild interest, so i decided to share it to get it peer-reviewed and audited.
I've put quite some effort into this, so i hope it's gonna be useful, feedback of any kind is welcome.
Main features - Transparent data storage; You get direct access to the JSON configurations objects and any saved data, nothing gets stored behind your back.
- Fully configurable; You can enable or disable each feature and customize most of the script behavior at your own will even without touching the code.
- Ricer-friendy; You can customize theme, navbar and other elements and even inject custom CSS and custom JS on top of the script.
- Modest code size; To put in comparison, 4chanX v1.14.14.4 has 27354 lines of code without blank lines(28054 lines of code with blank lines) and weights 1.07 MiB(1128573 bytes), while nanochan X v1.0.0 has 4442 lines of code without blank lines(5160 lines of code with blank lines) and weights 255 KiB(261983 bytes), that is 83.77% less lines of code and 76.79% less size.
- No third party code or dependencies; The script is 99.9% written by me, the other 0.01% was written by Lain when i was asleep with my face on the keyboard.
- Auditable, fully commented and designed to be expanded; The source code has comments everywhere, no seriously i think i've even put too many, i've even divided the script into sections, this should make it really easy to audit it, so please do.
- Designed with security, privacy and user control in mind; NO user data or anything that could deanonimize the user gets saved in any way, nanochan X does not save visit or post history(this is why there are no (You)s) and i'm not interested in adding features in the future that requires user tracking unless for a good reason and disabled by default, also the choice of putting security and privacy over performance was counsciously made in the design of some parts of the script(see for example how the thread watcher fetches each board at the same time instead of particular boards or threads to avoid possible user fingerprinting).
- Easy on the userscript permissions; nanochan X requires only three extra permissions, "GM_getValue" and "GM_setValue" to save and load the configuration objects and "GM_addStyle" to inject the theme, nothing else.
- No cross-origin fuckery going on; The ONLY domain with which the scripts is gonna interact is the nanochan one, also ALL asynchronous HTTP requests are done with the basic javascript version of "XMLHttpRequest" which is bound by nanochan's Content Security Policies(and NOT the userscript version of it "GM_XMLHttpRequest" which bypasses CSP), effectively making it impossible to get or send any data outside of nanochan.
- Made by a bored hikki with too much free time, coded with lot of autism and animu magic!
- Released under public domain, literally do what you want with it!
Actual full list of features - Theming; There are a total of 6 themes included with the script, and other than the themes themselves there are also lots of other cosmetic improvements.
-- nanochan theme; Has the same colors of the original nanochan theme, made for the ones that don't like the dark theme.
-- nanochan Dark theme; This is mostly based on my previous userstyle project(>>>/meta/3072) which was kind of the spiritual predecessor to this script, it's a dark theme designed with colorcoding in mind, it's moderately high contrast so you may want to edit some of the colors from the configuration if that's not your cup of tea.
-- Futaba theme; My own attempt at recreating the classic Futaba theme.
-- Burichan theme; My own attempt at recreating the classic Burichan theme.
-- Custom theme; An empty white theme, i've added this as a blank slate to design your own theme, although it's also kind of nice in it's own way, it looks like an ink on paper document, some people may appreciate it.
-- Custom theme 2; Also an empty theme, also acts as a blank slate to design your own theme, this time it's white on black, it kind of looks like an high contrast terminal page, maybe somebody it's into that.
-- You can now hide announcements.
-- Extra space at the end of each page; The default is 1/4 of the page height.
-- Customizable post width.
-- Customizable catalog thread width and height.
-- Notifications, navbar and forms customizable opacity.
-- Responsive theme; In particular the navbar and forms are resized properly if you resize your window or if you use small screens or tablets/smartphones.
-- Custom CSS; In case you want to expand the theme, you can do it directly from the configuration without needing a userstyle extension.
- Keyboard navigation; The following can be done directly with keyboard, note also that you can remap each binding as you prefer.
-- Moving to main, log, stats, recent, overboard and board catalog.
-- Opening the configuration and post form.
-- Watching a thread.
-- Navigating between pages in log and recent.
-- Navigating from post to post in recent and threads.
-- Autofilling name and email.
- Regex filters; Using this script you can filter any post or catalog thread using regular expressions, you can also create different lists of filters per-page, when filtering posts the filters are gonna be matched against the board name(only in recent), the thread number(also only in recent), the subject, the name, the email, the post number, the image name(which mean hash and extension, so you can filter out avatarfags like me! yay) and the post comment, while when filtering catalog threads the filters are gonna be matched against the board name(you can filter entire boards from overboard this way), the thread number, the image name, the thread flag(you can filter all autosaged threads for example), the subject and the catalog thread comment, with a basic understanding of regex this can be really powerful.
- Reference tools; All the following also applies to referees.
-- Reference expansion; By hovering the cursor on a reference you can now see it's content in a floating container.
-- Reference inlining; By clicking on a reference you can now inline it(aka add a copy of it) at the end of the post, recursive inlining is also supported.
-- Hashed references; Since clicking on a reference inlines it, an extra "#" reference link is added before the reference so you can still navigate to the referenced post as usual.
-- Referenced post highlighting; When you hover the cursor on a reference, its own referenced post is gonna get highlighted.
-- Opening post reference highlighting; References that links to the original post are gonna get "(OP)" appended to them.
- File tools.
-- Image and video expansion; Similar to reference expansion, by hovering the cursor on a file thumbnail you can see the original file in a floating container, this works with any image and video comprising transparent pngs, animated gifs, webms and mp4s, available both on threads and on catalogs.
-- Image and video inlining; Similar to reference inlining, By clicking on a file thumbnail you can now inline it, or in other words you substitute the thumbnail with the full size file, this also works with any image and video comprising transparent pngs, animated gifs, webms and mp4s, you can also specify if you want inlined videos to preload, have playback controls, autoplay, loop and start muted.
- Relative time; Makes time elements relative, the absolute timstamp is kept in the tooltip.
- Asynchronous captchas; Did it ever happen to you to lose the contents of an entire post just cause the captcha expired? It happens every fucking time to me cause i write posts that are too long. Did it ever happen to you to get a really unlucky unreadable captcha? Well now you can reload captchas in real-time without any need to reload the page.
- Toggleable mod tools; Right now mod links are hidden in catalogs and visible in threads, which i find really unconsistent and ugly, with the script they are now hidden consintently on all pages, or if you are a mod you can get them back everywhere also on catalog.
- Logging; Pretty much everything that the script does, comprising errors and warning, is logged to the console, you can of course decide the verbosity of the logging and you can suppress all errors and all warnings.
- Notifications; I've included notifications(just basic floating box with a message, nothing fancy) to give visual feedback to the user for some actions or errors and warnings, you can of course suppress notifications depending on their type or just plain disable them.
- Navbar; The design of the navbar didn't change that much, i just tried to make it more readable, added new buttons to the right for the new forms and the countdown to the next page update, the real improvement lies in the list of boards which can now be reordered and riced with any HTML element.
-- Page/board/form highlighting in the navbar; Simply the correlated links in the navbar are gonna be highlighted(with an underline) depending on the current page or board and the current opened forms.
- Interactive forms; All newly added forms can be opened and closed without polluting the url, they can also be hidden so that only the header is visible, multiple forms can stay open at the same time and they can all be set to remember their previous state.
- Configuration form; Although you can modify the configuration directly in your userscript extension's dashboard, i thought that having a way to do it inside the page was comfier, so i made this simple form that let's you edit, save, load and reset the various configurations.
- Post form; This is a part of the script that i'm particularly proud of, i've redesigned the post form from zero and added lot of extra features to it, if you don't like this you can still use the old one ofc.
--Board name and thread number fields; This may seem like two completely new fields, but if you look in the nanochan source they're always been there, they were just hidden, i made them visible so that now you can do stuff like posting from the recent page or making a new thread from anywhere(write 0 for a new thread) and more.
-- Formatting legend; I've added as a placeholder of the post comment textareaa a full formatting legend, manily cause sometime i forgot stuff.
-- File reset button; It is possible now to clear the selected file.
-- File info and preview; When a file is selected, the name, size and type of the file is gonna be displayed, also a file preview of the file is gonna be shown, the file preview works with any image and video comprising transparent pngs, animated gifs, webms and mp4s and audio files, although videos and audio files previews don't work in the main page, overboard, board catalogs and threads cause of different CSPs than the "/Nano" pages where preview works fine with all files.
-- Asynchronous posting; An alternative way of submitting posts that has several advantages compared to the usual synchronous way, such as less interruptions and wasted time caused by the redirection and better error handling, whenever there is a connection error or a server error or you get the captcha wrong instead of being redirected to the error page(possibly losing your post in the process) a notification with the relevant error message will be shown and the captcha will be automatically reloaded, also you can keep reading the thread while post is getting uploaded and you can abort the posting request at any time, finally on successful posting the thread is gonna be updated with your new post added at the end.
-- Post form reset; You can reset the whole post form with a button and also automatically on successful posting...or also not, if you want to repeat same post multiple times(pls don't spam kids).
- Thread watcher; As the name implies, it is a full fledged thread watcher that includes buttons to watch and unwatch a thread(also with keyboard shortcut), mark as read a watched thread and change the order of the watched threads.
- Opening post and reply posts customizable indentation and spacing.
- Automatic focus jumping to first or last post.
- Automatic quote insertion; Really requested feature, it simply adds the quote number in the post comment field at the current cursor position, also if the post form it's close or hidden it will be opened and made fully visible.
- Recent page; I've redesigned it to resemble a normal thread, i also made all references local to also browse it like a normal thread.
- Update; It is possible to update the following parts of the page manually or automatically on a certain interval.
-- Update time; It simply updates the relative times so that they stays relative to now.
-- Update thread; If there are new posts in a thread, they will be added them in real time.
-- Update thread watcher; Exactly as it sounds this keeps updated the thread watcher, also note that this is the only non-manual way for the thread watcher to fetch a watched thread info, like total replies, description, etc.
-- Custom javascript; Let's you add whatever extra javascript code you want, you should use this only for quick hacks though, the "eval" function has lot of performance problems and the "function" constructor can't access any of the variables and functions of nanochan X, so you may as well make your own separate script at this point(or instead submit code to add to nanochan X in this thread *wink* *wink*).
Useless features that i wasted time developing for no reason - Customizable page titles and board titles and subtitles; Not sure what i was thinking when i was coding this, it's pretty useless, but maybe someone creative can find a use to it.
- Link to the "/audit.log" file in the log page; I made this for you asuka-chan <3 maybe it will save you some time, or maybe you have your own ways of autodownloading that file, anyway that link is there.
- Multipage switcher; Navigating between pages in recent and log it's a pain in the ass, so i added page links to navigate back and fourth between pages inside the page switchers, it's pretty useless as now, but maybe if index view gets implemented it's gonna become useful.
- Visible emails; It makes the email visible by appending it after name, like this for example Nanonymous(sage).
- Opening post highligthing; Opening posts will be highlighted by appending a "(OP)" after the post number, i've added this to make OPs more recognizable in recent.
- Extra view and download file links in catalog threads; Cause why not.
- Faggotry; If you're into that...
-- Default name; Aka namefagging, can be filled manually via keyboard shortcut or autofilled, disabled by default ofc.
-- Default email; Aka sagefagging, can be filled manually via keyboard shortcut or autofilled, disabled by default ofc.
There is probably more stuff that i forgot and minor improvements, read the comments and the code in source file i guess.
Known limitations - If you disable the theme, notifications and forms are gonna get stuck at the bottom of the page.
- At the moment you can't used any combinations of keys or modifiers to map keyboard shortcuts.
- Keyboard navigation doesn't work inside inlined posts.
- The "highlight_post" function does not work with inlined posts.
- The file preview in the post form doesn't work outside of the "/Nano" pages, cause of CSP.
- Thread watcher's performances and memory usage sucks.
Known bugs - The "get_configuration" function with the "nested" parameter set to true does not work with arrays. Although this is probably a bug in the "flatten_object" and "unflatten_object" utilities.
- Keyboard navigation will still navigate to filtered posts.
- Reference inlining will break if you inline the same post over different depth and the try to de-inline it and other weirds stuff when recursive inlining.
- The log page breaks if you resize the window(this is more like a nanochan bug though).
Note that i tested the script only on Tor Browser.
Roadmap - Mascottes(like on OneeChan), accepting suggestions on what waifus should i include.
- Unique post and catalog thread ids(to avoid duplicate ids on recent, bugs with inlined posts and as a base for other future stuff that i have in mind).
- Catalog thread keyboard navigation.
- Different filters lists for each board.
- Recent page update(this depends if admin makes it cached).
- Catalog update.
Anything other that you wish to add, i accept suggestions...
F.F.A.Q Future frequently asked questions Or in other words, questions that i know people will ask cause of past experiences, so i may as well preemtively anwer.
>Do i need to unblock javascript to use this script?
Short answer is no, you can still block javascript globally and at the same time run userscripts without any problem.
Long answer is that it depends on how you block javascript and what userscript extension you use, if you block scripts with "about:config -> javascript.enabled = true" or the "NoScript" extension then Tampermonkey will stop working, but Violentmonkey will still work fine, instead if you block scripts using uMatrix both Tampermonkey and Violentmonkey will still work, so just choose the right extension based on your preferred method of script blocking.
>Wait a second, isn't javascript cancer?
If you mean javascript as in the programming language, yes it is cancer and i dislike it, there is no other way of doing something like this in a browser without using it though, so it's a necessary evil to achieve superior comfiness.
If you mean javascript as in a certain stack of technologies that can be used by websites to track and spy users, then this is not the case, userscripts gives lot of control to the user over what is executed on their machine and are subject to many limitations, this script in particular is still bound by nanochan content security policies which means that the script cannot send any information outside of nanochan and since there is also no "auto update" feature included and no code gets downloaded or executed from a server, there is no way to do anything malicious with it.
I'm not trying to say that userscripts are the perfect and that this is the best way of doing things, what i'm saying is that using javascript inside a userscript is a whole different context than just blindly downloading scripts that could be malicious every time you visit a website.
>Are you advocating to add javascript to nanochan?
No, i'm not, i'm fine with nanochan remaining as it is, and if you think about it now that this script exists there is no reason to add javascript in the first place, people that want extra features can use this script instead.
>I think this is bloat, why would i want to use it?
You tell me xD i'm not trying to convince anybody here, nor i gain anything by getting people to use my script, as i see it this script is aimed at a certain kind of people that like me desire to have some extra features on top of the elegant HTML/CSS only base of nanochan, but also care about being in control on the code executed on the machines.
If you're not interested in the features listed above, then just don't use the script, if you are interested just in one feature or some of the features, then just disable the rest of them through the configuration, or fork it and write your own light version of it, choice is yours.
>How did you make this script?
Very simple.
- A simple text editor.
- Tor browser dev tools.
- Animu magic.
That's about it.
>This thread belongs on /meta/ right?(mods pls read)
I know there is a userscript thread on /meta/, but there are specific reasons i made it on /g/, one of my reasons to publish this was to have it and peer-reviewed and audited by fellow nanons, another one is that this is still in active developement and maybe some /g/ autists can help, /meta/ is basically a containment board for drama at this point and i want this thread to be about software development and not drama or meta-talk, so i think i fits better on /g/.
PGP public key This is the PGP key that i am gonna use from now on to sign the releases and other important posts.
REMEMBER TO ALWAYS VERIFY THE SIGNATURE BEFORE EXECUTING THE SCRIPT FOR THE FIRST TIME OR AFTER AN UPDATE, SINCE IT COULD BE POSTED BY SOMEONE ELSE IMPERSONATING ME AND DISTRIBUTING MALWARE.
Install instructions During this instructions i'm gonna assume that you are retarded, don't take it personally, i'm also gonna assume that you are using Tor Browser on a UNIX operating system, but you should be able to get it working easily also on other browsers and operating systems.
What you need:
- A text editor; Preferably with javascript syntax highlighting.
- A userscript extension; I officially support two extensions, choose the one you like the most:
-- Tampermonkey(https://www.tampermonkey.net); Proprietary freeware, but with lot of features, surprisingly configurable and with better script injection, not compatible with some kinds of script blocking.
-- Violentmonkey(https://violentmonkey.github.io); Free and open source, minimalistic, not configurable enough imo, compatible with most kinds of script blocking.
- gpg(https://www.gnupg.org).
How to install:
0. Make a directory to hold all the files, from now on this is gonna be called the "working directory", then open a terminal and change directory to the working directory.
1. Import my PGP public key in your gpg keyring; Copy the public key from above, then save in a file named "Nanonimousu.key", then run the following command "gpg --import Nanonimousu.key".
2. Locate the latest nanochan X release post; It should be near the end of this thread.
3. Download the text file included in the release post to your working directory; Name it "nanochanX.asc".
4. Verify the signature of "nanochanX.asc"; Run the following command "gpg -o nanochanX.js --decrypt nanochanX.asc", then check if the firgerprint matches, congratulations you have a legit version of the script.
5. Now that you have a verified version of the script it's a good time to check if the source doesn't contain anything malicious(sometime i don't even trust myself, so you should neither); Open "nanochanX.js" with your preferred text exitor, optionally sintax highlight for javascript, then start start by reviewing the userscript header(also called the metadata block), this is the most important part cause this is where the script can ask for permissions and whitelist third party domains, this is some documentation regarding it: https://sourceforge.net/p/greasemonkey/wiki/Metadata_Block/https://wiki.greasespot.net/Metadata_Blockhttps://www.tampermonkey.net/documentation.phphttps://violentmonkey.github.io/api/metadata-block/ now continue with the rest of the script, when you are satisfied proceed onto next step.
6.a. Go to the Tampermonkey dashboard then click on the "+" button, a new tab will open with a blank script, now go back to "nanochanX.js" in your text editor, copy everything and paste it in the new Tampermonkey tab, then press "CTRL+S".
6.b. Go to the Violentmonkey dashboard then click on the "+" button and select "New", the page will switch to a blank script, now go back to "nanochanX.js" in your text editor, copy everything and paste it in the new Violentmonkey page, then press "CTRL+S".
7. Now go back to the newly created userscript, then switch to the "Settings" tab and uncheck the checkbox near "Check for updates" or "Allow updates", even though no auto-update link is included in the userscript header in the first place, this way you can be sure it's not gonna auto-update, this is also the place where you can add your user excludes, for example if by any chance you are a mod, you might want to add "https://nanochanqwrwtmamtnhkfwbbcducc4i62ciss4byo6f3an5qdkhjngid.onion/Nano/mod*" to your user excludes.
>>8139 >I disable through about:config personally
You can still use the script even if you disable through about:config btw, just use Violentmonkey instead of Tampermonkey, more details in one of the answers in the F.F.A.Q. section in the OP.
>>8142 >Well, that's SOME bloat. xD
Well, how much "SOME" is too much then?
As i wrote in the OP compared to 4chanX, nanochan X is at least 75%~ less bloated, and regardless of code size and LoC total number there is a limit to how much you can compress the code per feature, so it's more like a matter of number of features.
Now, i agree that lot of features are useless and i added them just for the sake of it, i even wrote an entire section in the OP called "Useless features that i wasted time developing for no reason", so the question is:
Are you and other nanons interested in a light version of the script?
And if you are what features should be kept or discarded in the light version?
Also keep in mind that you can already disable most features from the configuration, which meand that the code related to them will literally not be executed.
>>8156 >>8158 >>8164 Please let's not derail the thread with nanochan vs picochan.
Anyway i forgot to add this to the OP, but i already plan to port the script to picochan in the future. I will port it when asuka-chan releases picochan-2.0. Should be trivial to do.
If you read this asuka-chan i would appreciate if you add the RPCs to picochan-2.0, using RPCs instead of XHR + HTML parsing would make the thread update and thread watcher way more performant than it is now. btw picochan posting was actually very fast, at least in the demonstration instance that i tried, imagine combined with the async posting of nanochan X...
>>8165 > Are you and other nanons interested in a light version of the script?
Me, not really. I actually even uninstalled the dark theme provided by some other weeb.
I think that the only acceptable addition is inserting the >>postnumber into a post form on a click on a post number. The script would take like <10 LOCs, probably.
>>8166 >I actually even uninstalled the dark theme provided by some other weeb.
>This is mostly based on my previous userstyle project(>>>/meta/3072)
Oh wait, that was ACTUALLY you, fuck my life.
Well, I wanted to believe there is more than one autist working his ass off for nanochan.
>>8166 >>8167 >I think that the only acceptable addition is inserting the >>postnumber into a post form on a click on a post number.
I disagree, but ok.
>The script would take like <10 LOCs, probably.
There you go, i made it for you, exactly 10 LoC as you wanted, it took me 12 minutes to write this, testing included, it will probably take me more to write this post.
It wasn't particularly fun or satisfying to do though, cause it's just a quick hack that anybody can do in 10 minutes, you see the reason i do programming it's for fun, it's like solving puzzles for me, i don't like to make minimal hacks like this cause it doesn't give me any intellectual satisfation, while instead completing big projects that requires creativity and skill to pull it off correctly is something that gives me lot of satisfaction, i also don't like to use minimalistic software cause i like to be able to customize stuff in detail and to have lot of features, but that is just my opinion and preference, i get it.
>Well, I wanted to believe there is more than one autist working his ass off for nanochan.
Lol, other than all what hapase did in the past, there is me, asuka-chan and sakamoto-kun that tried to improve nanochan in different ways. Although only me and asuka-chan are autistic enough to actually dedicate time to it xD.
>>8168 It's ok fren, i'm used to getting bullied by star-chan.
Progress report For the next version i'm currently working on:
- Mascottes; I plan on making a separate configuration object where you can add your own base64 encoded mascottes.
- Board specific filters.
- Catalog update; Not sure how to do this catalog thread by catalog thread, so i think i'll just download the whole updated catalog though xhr and then substitute it.
- Dedicated [Update] and [Mark all as read] buttons in the watcher form.
I may add a single post or single image hiding feature, that instead of using regex uses two [Hide] and [Hide image] buttons placed on each post, and instead of hiding completely a post in only hides either the post comment or the image and it lets the post header intact, dunno it's just an idea.
I also noticed that i left a typo in the configuration form:
>For any inquiries, suggestions and/or feedback use the thread in /meta/.
Obviously the thread is not in /meta/, i forgot it from an older version, i will change it instead with the link to this thread.
Don't expect next version too soon though, this time i want to focus on big releases so people do not have to update manually the script every time.
Maybe i'll write a small user manual later, in particular for filtering.
>>8165 >You can still use the script even if you disable through about:config btw, just use Violentmonkey instead of Tampermonkey, more details in one of the answers in the F.F.A.Q. section in the OP.
I appreciate the guidance but I do it because I don't want JS anywhere near my Tor experience.
>>8197 It's in theory possible by using something like https://github.com/commonsmachinery/blockhash-js but tbh i don't think it's worth it, imagine the performance drop in a thread with hundreds of images or in catalogs, and as far as i understand perceptual hashing techniques you need different algoritms for different kind of checks, for example you need an algorith for resized images, a different one for cropped images, a different one to check only some parts and then compare(for example this would be necessary if you draw a black square at the center of an image).
So unless you provide me with a performant and reliable perceptual hashing js implementation it's not going to happen(i could implement it myself but i really don't want to spend days or weeks implementing such a thing in javashit, the sole thought of it makes me shiver).
>>8534 >remove your thread and kill yourself
no u
also read the op and the source before spouting memes, my script has none of the problems that usual scripts have and if you disagree please point at line number and explanation of the vulnerability you found or gtfo
>>8592 >my script has none of the problems that usual scripts have
javascript is a cancer not just because it allows websites to run code on your PC. it is also cancer because it is interpreted, it is badly designed, it wastes memory
also, your script requires some malware addon to be installed that allows scripts like your to be run
your script is not needed - I can open nanochan in web browser and browse threads, post replies, so why would I need your botnet script?
userscripts are cancer
>and if you disagree please point at line number and explanation of the vulnerability you found
I am not going to waste my time reviewing this code and finding backdoors in it, but they could be there
>>8606 >it is also cancer because it is interpreted
There is nothing wrong for a language designed to be streamed between computers to be interpreted. In fact it is better since you can run the code as it is being sent to you. You do not have to wait for the entire pile of code to arrive so you can compile the whole thing at once.
>>8606 >javascript is a cancer not just because it allows websites to run code on your PC
This is a userscript it's different from javascript included in a webpage, nanochan(the website) has no control over it, i(the author) have no control over it, like seriously it's literally impossible for me or anyone else to run code on your pc with this script or to remotely modify the source, i didn't provide a way to autoupdate the script on purpose to make sure of it, you(the user) have full control over it, read the source if you don't believe me(https://nanochanqwrwtmamtnhkfwbbcducc4i62ciss4byo6f3an5qdkhjngid.onion/Media/4bdcfd8c2bb3b6939495aaf4b18d150d7fac15b77d1adcdb4bacb1a0a2382eb3.txt). So what you're saying is just false, again if you think that there is a way to remotely execute code though this script or other vulnerabilities, provide line number and an explanation of the exploit.
>it is also cancer because it is interpreted
>it is badly designed
>it wastes memory
I agree, but there's not much i can do about it, if there was an alternative i would use it, but theres not. I would rather write this in C++ or Python if it was possible, but it's not.
>also, your script requires some malware addon
>malware
Citation needed, Violentmonkey https://github.com/violentmonkey/violentmonkey is open source.
>your script is not needed
If you don't need it then don't use it, i respect that. I'm not forcing anybody here, i don't understand what's the problem.
>why would I need your botnet script?
I don't know why you would need it, you tell me, i can tell you why i need it and why i made it, which is cause i needed files and quotes expansion/inlining, filters, a thread watcher, async posting, async captcha reload and a way to asynchronously update the thread before submitting the post, also i really needed a way to navigate the website only with the keyboard(btw i am making keyboard navigation even better in version 1.1).
>I am not going to waste my time reviewing this code and finding backdoors in it, but they could be there
>they could be there
The fuck, you are talking hypothetical now?
Imagine going to a developer and saying "yo dude i never used your software and i didn't read the source at all but i'm pretty sure that there may be backdoors in it", what a meme, you can't make this shit up.
>>8609 >There is nothing wrong for a language designed to be streamed between computers to be interpreted.
The real problem of javascript is that it is downloaded and executed automatically when you visit a webpage without getting user consent and without a proper permissions system, which makes it really exploitable, userscripts fixes this problems by having their own permissions ans limitations system and by asking user consent before getting installed and updated although they are not streamed, they are more like local scripts.
The concept of a streamed language is even cool in a way, is there a programming language that can be streamed and is implemented in a not completely exploitable way?(i'm not talking about using ssh)
Btw you can't exactly stream js as far as i know, to execute a script you have to first download its entire source file and then you can execute it. Am i missing something?
>>8613 >The concept of a streamed language is even cool in a way, is there a programming language that can be streamed and is implemented in a not completely exploitable way?
Chrome + V8 is the only language implementation that is able to parse / compile its language as it is being downloaded over the network that I personally know of. I do not think it is able to start executing it though, but I could be mistaken.
>>8613 >I agree, but there's not much i can do about it, if there was an alternative i would use it, but theres not. I would rather write this in C++ or Python if it was possible, but it's not.
There is alternative. Instead of shitty js userscript, you can make a standalone desktop software that will be used to browse, post, archive, nanochan. You can extend it to support other imageboards too.
You can implement it in any language you want.
look at this project
https://weboob.org/ they basically implement websites or class of websites, as open source desktop application with GUI or CLI
>>8613 >like seriously it's literally impossible for me or anyone else to run code on your pc with this script or to remotely modify the source
this is what was said
>Citation needed, Violentmonkey https://github.com/violentmonkey/violentmonkey is open source.
since when is open source not malware? ever heard about firefox, ubuntu, systemd?
I would need to waste my time to review violentmonkey code, then your userscript code, for what purpose? to get some shit features that nobody needs? if they were important, they would be implemented into nanochan
>i can tell you why i need it and why i made it, which is cause i needed files and quotes expansion/inlining, filters, a thread watcher, async posting, async captcha reload and a way to asynchronously update the thread before submitting the post
almost useless things
>also i really needed a way to navigate the website only with the keyboard(btw i am making keyboard navigation even better in version 1.1).
this is retarded. mouse is superior to keyboard, why would you not use mouse?
and seems a standalone application would be better for such purpose. you can make CLI and GUI nanochan client
>Imagine going to a developer and saying "yo dude i never used your software and i didn't read the source at all but i'm pretty sure that there may be backdoors in it", what a meme, you can't make this shit up.
this is valid argument. we don't have time to review some shit code, also backdoors can be hidden in good ways. if you don't use something, you don't risk to be backdoored
also I am sure your async captcha reload and other shit are producing unique behavour, allowing to detect user as your userscript user
>>8643 >Can't tell if typo or someone has arrived from the alternate universe.
<he doesn't know about Firefox
<he doesn't know about Ubuntu
<he doesn't know about systemd
>>8646 <he doesn't know about Tor
<is probably using firefox
<if not using systemd is probably using a - get this - open source alternative!!!
<is using nanochan which is 99.99% open source
Just go full Ballmer already, why are you here?
>>8639 >write a standalone desktop application instead of using a userscript
That's a whole different thing, i was saying that there are no alternatives to javascript IN THE BROWSER.
In any case making a command-line application for nanochan/picochan it's actually something that i was planning to do since a lot of time, what held me back all this time is that there is no API, hapase made an API for like one day and then shut it down(read >>>/meta/1096), i then tried to convice hapase in global meta back in april(i think?) to get the API back online again so i could make a thread watcher but she refused for privacy concerns(which i agree with).
And before you say it yeah i know that i could just parse the HTML, but it's a pain in the ass and it's way less performant than just getting the data through an API.
Anyway i'm not gonna make any promises but in the future i may develop a command-line client, this depends on a bunch of factors though, it depends if nanochan is gonna switch to the picochan engine or not and it depends if asuka-chan is gonna actually implement the API/RPC in picochan.
Also if i ever make such a program, i want it to be focused on automatic archival, data gathering, advanced moderation tools and in general advanced user features, not everyday stuff, you can already use the browser for that, by making it about non-everyday stuff the API privacy concerns should become non-important.
>weboob
https://weboob.org/applications/ The fucking names, how am i supposed to take the project seriously.
"Check your bank account on Boobank!"
"Find a job at QHandjoob!"
lol
i do use cock.li though so i can't judge after all xD
>>8641 >since when is open source not malware? ever heard about firefox, ubuntu, systemd?
- Firefox is not malware, it is a really powerful browser if you know how to configure it, for example look at Tor Browser which is a highly privacy customized version of Firefox, don't get me wrong i disagree with lot of choices of Mozilla, still there lot of good in the Firefox project, without it we would have only 1 popular browser(Chrome) and only one popular HTML rendering engine(Webkit), the net result of the Firefox project in the tech world is positive.
- Ubuntu is not malware, it's just a shit irrelevant distro.
- Systemd is not malware, people hate it for stupid reasons like "muh unix philosophy" or "it's too gomblex me can't understand" i literally don't care i use arch and never had a problem with it.
Anyway we are derailing make another thread if you want to discuss about that this stuff, i will be there.
>I would need to waste my time to review violentmonkey code, then your userscript code, for what purpose?
>if they were important, they would be implemented into nanochan
You can't implement most of nanochan X features without changing nanochan to use javascript or a deanonimizing API and therefore becoming like most other imageboards, examples to prove this:
- to get a thread watcher working you need an API used in a way that will deanonimize users, this is why hakase didn't like my thread watcher idea back then btw and i agree with her, sending a unique list of watched threads to the API server will make user-tracking possible, this is why nanochan X instead asks the server for the catalogs of all the boards at the same time and then parses them locally to get the watched threads data, this way the server cannot distinguish one user from another.
- to get filters working you would first need dynamic page generation instead of current static page generation, then same as the thread watcher you would need a filters API and you would need to send to the API server a unique list of filters which will deanonimize you, only way to have filters and keep anonimity is with javascript, i know that may sound crazy to you, but it's the truth.
- as asuka-chan showed in picochan it's possible to get image inlining without javascript with a css trick, but you can't have video and quote inlining without javascript, also it's impossible to have any kind of file or quote expansion without javascript as far as i know.
- you can't get quote injection in postform without bloating the html see >>>/l/15739 - it's impossible to have async posting or async captcha without js for obvious reasons.
- and any kind of async page update for same reason as previous point.
>this is retarded. mouse is superior to keyboard
Keyboard it's faster and more precise, with mouse i have to waste time aiming and i can still aim wrong missing or clicking on wrong thing which may be really dangerous, also mouse buttons are worse than my mechanical keyboard keys at clicking, no matter how you try to shill mouse keyboard is always gonna be superior and first choice for powerusers, if you were a programmer you would understand.
>this is valid argument. we don't have time to review some shit code, also backdoors can be hidden in good ways. if you don't use something, you don't risk to be backdoored
No, no, i don't think you understood what i said, what i meant is that since you know nothing about my software or its code, your backdoor accusations are ridiculous at best and malicious at worst. Is it more clear?
>also I am sure your async captcha reload and other shit are producing unique behavour, allowing to detect user as your userscript user
As far as i know no, they should look like normal HTTP requests to the server.
Anyway if you are still paranoid about it, which is something that i respect, this is the list of features that sends XHR coupled with its configuration option to disable it:
- Async captcha(configuration.captcha.asynchronous: false)
- Async post(just don't click on "Async post" button and use "Sync post" instead, if you want next version i can include a configuration option to completely disable it and hide button)
- Thread update(configuration.update.thread: false)
- Watcher update(configuration.update.watcher: false), now to be completely honest when you run the update_watcher_form() function 10 XHRs, one for each board, are sent, so in theory the server could correlate this request to an active nanochan X user, but this doesn't make you unique so the server cannot track you, this is still the most anonymous way you can implement a thread watcher.
By the way to be perfectly clear NO XHR is sent without specific user action, if you go look at the default configuration configuration.update.thread_automatic and configuration.update.watcher_automatic are disabled by default, async captcha happens only if you click on the captcha image and async posting happens only if you click on the async post button.
>>8658 >In any case making a command-line application for nanochan/picochan it's actually something that i was planning to do
command-line and GUI
>i then tried to convice hapase in global meta back in april(i think?) to get the API back online again so i could make a thread watcher but she refused for privacy concerns(which i agree with).
tell more
>And before you say it yeah i know that i could just parse the HTML, but it's a pain in the ass and it's way less performant than just getting the data through an API.
it's not pain in the ass, it's simple. and you can make simulated API, a library or functions so you can use them easily in your software, those library/functions will mess with HTML
>Anyway i'm not gonna make any promises but in the future i may develop a command-line client, this depends on a bunch of factors though, it depends if nanochan is gonna switch to the picochan engine or not
why does it matter? you can implement both engines and more
>Also if i ever make such a program, i want it to be focused on automatic archival, data gathering, advanced moderation tools and in general advanced user features, not everyday stuff, you can already use the browser for that, by making it about non-everyday stuff the API privacy concerns should become non-important.
posting could also be made, but it would need to simulate Tor Browser. in extreme case you could even start hidden Tor Browser window for that, but this shouldn't be necessary
>The fucking names, how am i supposed to take the project seriously.
it is serious, it could defeat all jews and their javascript, ads, tracking
with Weboob we could destroy the web and web browsers. and jews
>>8658 >- and any kind of async page update for same reason as previous point.
I actually think that this is actually likely to be possible and am considering having this in my imageboard engine. I am pretty sure you can accomplish this by just having the page slowly load. If you have ever browsed with a slow internet connection or tried to browse a large file you may have noticed that the page started rendering before the whole thing was downloaded. For this you do the same thing. You quickly send the page but at the end you just hang instead of closing the connection. When there is a new post to the thread you send the post and then go back to hanging. Another approach could be using iframes with a long GET where the new post includes another iframe. The long GET waits for a new post to the thread and once it is received by the imageboard engine it sends the response. This approach with the iframes might not work very well due to the resources needed for a lot of iframes, so the first approach would be ideal. Although I have not got around into implementing this, I think there is a good chance that it is possible.
>>8678 >command-line and GUI
Nanon i have nothing against GUIs trust me, problem is that most GUI libraries suck and are super bloated, do you have a GUI library to recommend? (i would prefer if cross platform or portable without much hassle)
>tell more
There is not much more to tell, hapase's motivation against the API was that it would make a distinction between a user using the API and one browsing normally making it less anonymous, while her motivation against the first version of my thread watcher idea was that it would make tracking possible(basically my idea at the time was to just send to the server a list of threads and receive as a response something like +11 posts in the last hour or just the number of posts in the thread for each thread in the list).
>you can make simulated API
Ok, you half-convinced me i'll think about making a nanochan/picochan simulated API.
>you can implement both engines
Yeah sure i can, but i would prefer to avoid wasting time developing a client and then see nanochan change to the picochan engine making all my work useless xD
Although i was thinking that if go toward the "simulated API route" what i could do is:
- making a nanochan simulated API library
- making a picochan simulated API library
- making a client that can use both
is this what you meant with "you can implement both engines and more"?
The if an official API is implemented on either nanochan or picochan i will give user choice to use the offical one instead of the simulated one if they prefer to get performance at the cost of privacy.
>posting could also be made
If i make the dedicated client it's gonna be feature complete, so that means that whatever you can do with the browser you can do in dedicated client, posting is obviously gonna be included, what i meant in previous thread is that i want to also focus on other advanced features or it makes the effort of making a client useless IMO.
>but it would need to simulate Tor Browser
There is no need to do anything complex in that regard, only thing that would be necessary is to change http headers to match the ones of tor browser.
>>8691 >async page update
>you can accomplish this by just having the page slowly load
>You quickly send the page but at the end you just hang instead of closing the connection
That is not how html and http works, first consider that http requests have a timeout so after a while connection would be cut, second there is no way to make the connection "hang" and then "resume" with bare HTML and HTTP, i don't think this is possible.
>Another approach could be using iframes with a long GET where the new post includes another iframe
>long GET
Again you can't really do that, even if you waste ton of bandwidth on downloading a big file the HTML part of the page is still loaded before anything else, for example look at how images load after the text is already fully loaded.
>nested iframes
I never fucked with nested iframes before so not sure what would happen if you let page be for like an hour, would that crash the browser after you get 60 levels of nested iframes?
>That is not how html and http works, first consider that http requests have a timeout
Do they really though?
>second there is no way to make the connection "hang" and then "resume" with bare HTML and HTTP, i don't think this is possible.
You simply stop sending data. Why wouldn't that be possible. IF there's a timeout send a single byte to reset it.
>Again you can't really do that, even if you waste ton of bandwidth on downloading a big file the HTML part of the page is still loaded before anything else, for example look at how images load after the text is already fully loaded.
This may be possible to mitigate by using a different domain for the images.
>for example look at Tor Browser which is a highly privacy customized version of Firefox
Tor Browser is not firefox. it is firefox fork. they have to remove all spyware and shit from it
also, Tor Browser is now based on Firefox for historical reasons. When Tor Project decided to use Firefox, it was long time ago, when Firefox wasn't malware. now they continue to use it as they already invested in it, they have code build on firefox. but if they were to decide today, they might make another choice.
>without it we would have only 1 popular browser(Chrome)
firefox is chrome. mozilla is doing everything to make their browser be chrome with different name
>- Systemd is not malware,
is malware, developed by corporation, big code with hidden backdoors, cannot audit it, they force everyone to use it
>Anyway we are derailing make another thread
fuck this thread, it was shit
>- to get a thread watcher working you need an API used in a way that will deanonimize users, this is why hakase didn't like my thread watcher idea back then btw and i agree with her, sending a unique list of watched threads to the API server will make user-tracking possible, this is why nanochan X instead asks the server for the catalogs of all the boards at the same time and then parses them locally to get the watched threads data
you first say it's not possible but in the end of the sentence you provide a way to do it
>this way the server cannot distinguish one user from another.
but it can identify if someone is using Nanochan X and there is not many people using it
>- as asuka-chan showed in picochan it's possible to get image inlining without javascript with a css trick, but you can't have video and quote inlining without javascript, also it's impossible to have any kind of file or quote expansion without javascript as far as i know.
minor features. but you could implement them into nanochan GUI standalone application
>- it's impossible to have async posting or async captcha without js for obvious reasons.
it is. just put captcha into iframe, when user clicks on captcha it reloads the iframe
>- and any kind of async page update for same reason as previous point.
not needed. press refresh, get updated page
also async page update is serious anonymity risk
>no matter how you try to shill mouse keyboard is always gonna be superior and first choice for powerusers
sure, is that why 95% professionals use windows, mouse, GUI applications?
>if you were a programmer you would understand.
if only you know how wrong you are
>what i meant is that since you know nothing about my software or its code, your backdoor accusations are ridiculous at best and malicious at worst. Is it more clear?
accusations are justified. all code and software should be assumed to be backdoored. so now, if someone wants to use Nanochan X, he should audit it's code. is it worth the time to do it, to get what benefits?
>As far as i know no, they should look like normal HTTP requests to the server.
they are normal HTTP requests. however, they produce specific requests, at specific time intervals, specific urls, so it is trivial to identify if someone uses Nanochan X or not
or async captcha might only reload captcha, when normal user would reload entire page (not sure if that's how nanochan X does, haven't looked into it's code)
>Anyway if you are still paranoid about it, which is something that i respect, this is the list of features that sends XHR coupled with its configuration option to disable it
that would be even worse. if Nanochan X users will have their unique configurations, each user will have unique behavour of his Nanochan X
>>9009 >is malware, developed by corporation, big code with hidden backdoors, cannot audit it, they force everyone to use it
>is malware
I do not see how it is malicious.
<developed by corporation
There is nothing wrong with that.
>with hidden backdoors
Proof?
>cannot audit it
It's open source. Anyone can pay for or audit it themselves.
>force everyone to use it
No one forced anyone to use it. Distribution started using it because it was superior to what they had before.
>but it can identify if someone is using Nanochan X and there is not many people using it
All the server could possibly know is approximately how many people use Nanochan X. It is not like it deanonymizes anyone.
>it is. just put captcha into iframe, when user clicks on captcha it reloads the iframe
And how would you do this without javascript? I guess you could have the iframe refresh every X seconds showing you a new captcha.
>>9020 <developed by corporation
>There is nothing wrong with that.
this is your brain on jews and capitalism
>with hidden backdoors
>Proof?
I won't release them to you, when I am finding them I sell them for big money
>It's open source. Anyone can pay for or audit it themselves.
nobody can audit it. it is made so big code bloat on purpose, so nobody in open source has resources (people, money) to audit it. they can put 1000 backdoors there and you won't see them
systemd is as proprietary as windows
>Distribution started using it because it was superior to what they had before.
key people from linux distributions got bribed or forced to use systemd
>All the server could possibly know is approximately how many people use Nanochan X. It is not like it deanonymizes anyone.
if there is only few people using it and they post at different hours it is very easy to identify and track them
>And how would you do this without javascript? I guess you could have the iframe refresh every X seconds showing you a new captcha.
no
there is a feature, you might not know about it, it's called a link. <a> element
you create this link element on captcha page. between the <a> tags, you don't put text but you put captcha image. so the image becomes the link. when someone clicks on the image the iframe will move to the page in <a> link. this page is captcha page, so it will reload captcha page, with new captcha image
the disadvantage of this is that it requires iframe, so not sure if shit browsers like the ones nanochanners use will support it
>>9009 >you first say it's not possible but in the end of the sentence you provide a way to do it
As i said you have two ways of implementing a thread watcher on nanochan:
1. Send watched threads list to server and compute remotely = doesn't need JS but you can be deanonimized and tracked with it.
2. Retrieve watched threads informations from catalogs and compute locally = needs JS, cannot be used to deanonimize or track you(as you noted can be used to guess if someone is using the script at that moment or not).
The solution i provided(#2) needs JS, read my post again.
>it is. just put captcha into iframe, when user clicks on captcha it reloads the iframe
Yep, that is possible, i pitched your idea to sakamoot here https://nanochanqwrwtmamtnhkfwbbcducc4i62ciss4byo6f3an5qdkhjngid.onion/meta/8.html#post6519 if he goes through with it i will remove the async captcha feature completely from the script.
>sure, is that why 95% professionals use windows, mouse, GUI applications?
Just saying it and pulling out of your ass fake percentages doesn't make it true, the only reason you would use windows to program is if you are using the proprietary microsoft ecosystem(C#, ASP.net, Visual Studio) and i pity whoever is forced to do it, the only reason you would use mouse during programming is to select lot of text quickly there is no reason you wouldn't use keyboard shortcuts for everything else.
>accusations are justified. all code and software should be assumed to be backdoored...
It's a waste of time to continue replying to you about that, think whatever you want, i don't care.
I will answer to valid accusations not assumptions based on thin air.
>if Nanochan X users will have their unique configurations, each user will have unique behavour of his Nanochan X
You have no idea what you are talking about, nanochan X configuration is stored locally in the userscript extension storage(on disk), not in cookies or web storage, there is no way it can be read or accessed and the behavior the configuration produces cannot be fingerprinted in a unique way no matter how much you make the configuration unique, trust me it's way easier to fingerprint you using your writing style, opinions and images.
>>9067 <developed by corporation
>There is nothing wrong with that.
>this is your brain on jews and capitalism
A corporation is just a group of people with similar interests incorporated into a single entity https://en.wikipedia.org/wiki/Corporation this literally existed since tribes were a thing millennia ago and it doesn't have anything to do with good or bad.
As you may have intuited nanochan X was inpired by the like of 4chanX(https://github.com/ccd0/4chan-x) and OneeChan(https://github.com/KevinParnell/OneeChan), although the codebase is completely original and different design choices were often made.
It was made initially for personal use, but with time it became a really big project and some people expressed mild interest, so i decided to share it to get it peer-reviewed and audited.
I've put quite some effort into this, so i hope it's gonna be useful, feedback of any kind is welcome.
Main features
- Transparent data storage; You get direct access to the JSON configurations objects and any saved data, nothing gets stored behind your back.
- Fully configurable; You can enable or disable each feature and customize most of the script behavior at your own will even without touching the code.
- Ricer-friendy; You can customize theme, navbar and other elements and even inject custom CSS and custom JS on top of the script.
- Modest code size; To put in comparison, 4chanX v1.14.14.4 has 27354 lines of code without blank lines(28054 lines of code with blank lines) and weights 1.07 MiB(1128573 bytes), while nanochan X v1.0.0 has 4442 lines of code without blank lines(5160 lines of code with blank lines) and weights 255 KiB(261983 bytes), that is 83.77% less lines of code and 76.79% less size.
- No third party code or dependencies; The script is 99.9% written by me, the other 0.01% was written by Lain when i was asleep with my face on the keyboard.
- Auditable, fully commented and designed to be expanded; The source code has comments everywhere, no seriously i think i've even put too many, i've even divided the script into sections, this should make it really easy to audit it, so please do.
- Designed with security, privacy and user control in mind; NO user data or anything that could deanonimize the user gets saved in any way, nanochan X does not save visit or post history(this is why there are no (You)s) and i'm not interested in adding features in the future that requires user tracking unless for a good reason and disabled by default, also the choice of putting security and privacy over performance was counsciously made in the design of some parts of the script(see for example how the thread watcher fetches each board at the same time instead of particular boards or threads to avoid possible user fingerprinting).
- Easy on the userscript permissions; nanochan X requires only three extra permissions, "GM_getValue" and "GM_setValue" to save and load the configuration objects and "GM_addStyle" to inject the theme, nothing else.
- No cross-origin fuckery going on; The ONLY domain with which the scripts is gonna interact is the nanochan one, also ALL asynchronous HTTP requests are done with the basic javascript version of "XMLHttpRequest" which is bound by nanochan's Content Security Policies(and NOT the userscript version of it "GM_XMLHttpRequest" which bypasses CSP), effectively making it impossible to get or send any data outside of nanochan.
- Made by a bored hikki with too much free time, coded with lot of autism and animu magic!
- Released under public domain, literally do what you want with it!
Actual full list of features
- Theming; There are a total of 6 themes included with the script, and other than the themes themselves there are also lots of other cosmetic improvements.
-- nanochan theme; Has the same colors of the original nanochan theme, made for the ones that don't like the dark theme.
-- nanochan Dark theme; This is mostly based on my previous userstyle project(>>>/meta/3072) which was kind of the spiritual predecessor to this script, it's a dark theme designed with colorcoding in mind, it's moderately high contrast so you may want to edit some of the colors from the configuration if that's not your cup of tea.
-- Futaba theme; My own attempt at recreating the classic Futaba theme.
-- Burichan theme; My own attempt at recreating the classic Burichan theme.
-- Custom theme; An empty white theme, i've added this as a blank slate to design your own theme, although it's also kind of nice in it's own way, it looks like an ink on paper document, some people may appreciate it.
-- Custom theme 2; Also an empty theme, also acts as a blank slate to design your own theme, this time it's white on black, it kind of looks like an high contrast terminal page, maybe somebody it's into that.
-- You can now hide announcements.
-- Extra space at the end of each page; The default is 1/4 of the page height.
-- Customizable post width.
-- Customizable catalog thread width and height.
-- Notifications, navbar and forms customizable opacity.
-- Responsive theme; In particular the navbar and forms are resized properly if you resize your window or if you use small screens or tablets/smartphones.
-- Custom CSS; In case you want to expand the theme, you can do it directly from the configuration without needing a userstyle extension.
- Keyboard navigation; The following can be done directly with keyboard, note also that you can remap each binding as you prefer.
-- Moving to main, log, stats, recent, overboard and board catalog.
-- Opening the configuration and post form.
-- Watching a thread.
-- Navigating between pages in log and recent.
-- Navigating from post to post in recent and threads.
-- Autofilling name and email.
- Regex filters; Using this script you can filter any post or catalog thread using regular expressions, you can also create different lists of filters per-page, when filtering posts the filters are gonna be matched against the board name(only in recent), the thread number(also only in recent), the subject, the name, the email, the post number, the image name(which mean hash and extension, so you can filter out avatarfags like me! yay) and the post comment, while when filtering catalog threads the filters are gonna be matched against the board name(you can filter entire boards from overboard this way), the thread number, the image name, the thread flag(you can filter all autosaged threads for example), the subject and the catalog thread comment, with a basic understanding of regex this can be really powerful.
- Reference tools; All the following also applies to referees.
-- Reference expansion; By hovering the cursor on a reference you can now see it's content in a floating container.
-- Reference inlining; By clicking on a reference you can now inline it(aka add a copy of it) at the end of the post, recursive inlining is also supported.
-- Hashed references; Since clicking on a reference inlines it, an extra "#" reference link is added before the reference so you can still navigate to the referenced post as usual.
-- Referenced post highlighting; When you hover the cursor on a reference, its own referenced post is gonna get highlighted.
-- Opening post reference highlighting; References that links to the original post are gonna get "(OP)" appended to them.
- File tools.
-- Image and video expansion; Similar to reference expansion, by hovering the cursor on a file thumbnail you can see the original file in a floating container, this works with any image and video comprising transparent pngs, animated gifs, webms and mp4s, available both on threads and on catalogs.
-- Image and video inlining; Similar to reference inlining, By clicking on a file thumbnail you can now inline it, or in other words you substitute the thumbnail with the full size file, this also works with any image and video comprising transparent pngs, animated gifs, webms and mp4s, you can also specify if you want inlined videos to preload, have playback controls, autoplay, loop and start muted.
- Relative time; Makes time elements relative, the absolute timstamp is kept in the tooltip.
- Asynchronous captchas; Did it ever happen to you to lose the contents of an entire post just cause the captcha expired? It happens every fucking time to me cause i write posts that are too long. Did it ever happen to you to get a really unlucky unreadable captcha? Well now you can reload captchas in real-time without any need to reload the page.
- Toggleable mod tools; Right now mod links are hidden in catalogs and visible in threads, which i find really unconsistent and ugly, with the script they are now hidden consintently on all pages, or if you are a mod you can get them back everywhere also on catalog.
- Logging; Pretty much everything that the script does, comprising errors and warning, is logged to the console, you can of course decide the verbosity of the logging and you can suppress all errors and all warnings.
- Notifications; I've included notifications(just basic floating box with a message, nothing fancy) to give visual feedback to the user for some actions or errors and warnings, you can of course suppress notifications depending on their type or just plain disable them.
- Navbar; The design of the navbar didn't change that much, i just tried to make it more readable, added new buttons to the right for the new forms and the countdown to the next page update, the real improvement lies in the list of boards which can now be reordered and riced with any HTML element.
-- Page/board/form highlighting in the navbar; Simply the correlated links in the navbar are gonna be highlighted(with an underline) depending on the current page or board and the current opened forms.
- Interactive forms; All newly added forms can be opened and closed without polluting the url, they can also be hidden so that only the header is visible, multiple forms can stay open at the same time and they can all be set to remember their previous state.
- Configuration form; Although you can modify the configuration directly in your userscript extension's dashboard, i thought that having a way to do it inside the page was comfier, so i made this simple form that let's you edit, save, load and reset the various configurations.
- Post form; This is a part of the script that i'm particularly proud of, i've redesigned the post form from zero and added lot of extra features to it, if you don't like this you can still use the old one ofc.
--Board name and thread number fields; This may seem like two completely new fields, but if you look in the nanochan source they're always been there, they were just hidden, i made them visible so that now you can do stuff like posting from the recent page or making a new thread from anywhere(write 0 for a new thread) and more.
-- Formatting legend; I've added as a placeholder of the post comment textareaa a full formatting legend, manily cause sometime i forgot stuff.
-- File reset button; It is possible now to clear the selected file.
-- File info and preview; When a file is selected, the name, size and type of the file is gonna be displayed, also a file preview of the file is gonna be shown, the file preview works with any image and video comprising transparent pngs, animated gifs, webms and mp4s and audio files, although videos and audio files previews don't work in the main page, overboard, board catalogs and threads cause of different CSPs than the "/Nano" pages where preview works fine with all files.
-- Asynchronous posting; An alternative way of submitting posts that has several advantages compared to the usual synchronous way, such as less interruptions and wasted time caused by the redirection and better error handling, whenever there is a connection error or a server error or you get the captcha wrong instead of being redirected to the error page(possibly losing your post in the process) a notification with the relevant error message will be shown and the captcha will be automatically reloaded, also you can keep reading the thread while post is getting uploaded and you can abort the posting request at any time, finally on successful posting the thread is gonna be updated with your new post added at the end.
-- Post form reset; You can reset the whole post form with a button and also automatically on successful posting...or also not, if you want to repeat same post multiple times(pls don't spam kids).
- Thread watcher; As the name implies, it is a full fledged thread watcher that includes buttons to watch and unwatch a thread(also with keyboard shortcut), mark as read a watched thread and change the order of the watched threads.
- Opening post and reply posts customizable indentation and spacing.
- Automatic focus jumping to first or last post.
- Automatic quote insertion; Really requested feature, it simply adds the quote number in the post comment field at the current cursor position, also if the post form it's close or hidden it will be opened and made fully visible.
- Recent page; I've redesigned it to resemble a normal thread, i also made all references local to also browse it like a normal thread.
- Update; It is possible to update the following parts of the page manually or automatically on a certain interval.
-- Update time; It simply updates the relative times so that they stays relative to now.
-- Update thread; If there are new posts in a thread, they will be added them in real time.
-- Update thread watcher; Exactly as it sounds this keeps updated the thread watcher, also note that this is the only non-manual way for the thread watcher to fetch a watched thread info, like total replies, description, etc.
-- Custom javascript; Let's you add whatever extra javascript code you want, you should use this only for quick hacks though, the "eval" function has lot of performance problems and the "function" constructor can't access any of the variables and functions of nanochan X, so you may as well make your own separate script at this point(or instead submit code to add to nanochan X in this thread *wink* *wink*).
Useless features that i wasted time developing for no reason
- Customizable page titles and board titles and subtitles; Not sure what i was thinking when i was coding this, it's pretty useless, but maybe someone creative can find a use to it.
- Link to the "/audit.log" file in the log page; I made this for you asuka-chan <3 maybe it will save you some time, or maybe you have your own ways of autodownloading that file, anyway that link is there.
- Multipage switcher; Navigating between pages in recent and log it's a pain in the ass, so i added page links to navigate back and fourth between pages inside the page switchers, it's pretty useless as now, but maybe if index view gets implemented it's gonna become useful.
- Visible emails; It makes the email visible by appending it after name, like this for example Nanonymous(sage).
- Opening post highligthing; Opening posts will be highlighted by appending a "(OP)" after the post number, i've added this to make OPs more recognizable in recent.
- Extra view and download file links in catalog threads; Cause why not.
- Faggotry; If you're into that...
-- Default name; Aka namefagging, can be filled manually via keyboard shortcut or autofilled, disabled by default ofc.
-- Default email; Aka sagefagging, can be filled manually via keyboard shortcut or autofilled, disabled by default ofc.
There is probably more stuff that i forgot and minor improvements, read the comments and the code in source file i guess.
Known limitations
- If you disable the theme, notifications and forms are gonna get stuck at the bottom of the page.
- At the moment you can't used any combinations of keys or modifiers to map keyboard shortcuts.
- Keyboard navigation doesn't work inside inlined posts.
- The "highlight_post" function does not work with inlined posts.
- The file preview in the post form doesn't work outside of the "/Nano" pages, cause of CSP.
- Thread watcher's performances and memory usage sucks.
Known bugs
- The "get_configuration" function with the "nested" parameter set to true does not work with arrays. Although this is probably a bug in the "flatten_object" and "unflatten_object" utilities.
- Keyboard navigation will still navigate to filtered posts.
- Reference inlining will break if you inline the same post over different depth and the try to de-inline it and other weirds stuff when recursive inlining.
- The log page breaks if you resize the window(this is more like a nanochan bug though).
Note that i tested the script only on Tor Browser.
Roadmap
- Mascottes(like on OneeChan), accepting suggestions on what waifus should i include.
- Unique post and catalog thread ids(to avoid duplicate ids on recent, bugs with inlined posts and as a base for other future stuff that i have in mind).
- Catalog thread keyboard navigation.
- Different filters lists for each board.
- Recent page update(this depends if admin makes it cached).
- Catalog update.
Anything other that you wish to add, i accept suggestions...
F.F.A.Q
Future frequently asked questions
Or in other words, questions that i know people will ask cause of past experiences, so i may as well preemtively anwer.
>Do i need to unblock javascript to use this script?
Short answer is no, you can still block javascript globally and at the same time run userscripts without any problem.
Long answer is that it depends on how you block javascript and what userscript extension you use, if you block scripts with "about:config -> javascript.enabled = true" or the "NoScript" extension then Tampermonkey will stop working, but Violentmonkey will still work fine, instead if you block scripts using uMatrix both Tampermonkey and Violentmonkey will still work, so just choose the right extension based on your preferred method of script blocking.
>Wait a second, isn't javascript cancer?
If you mean javascript as in the programming language, yes it is cancer and i dislike it, there is no other way of doing something like this in a browser without using it though, so it's a necessary evil to achieve superior comfiness.
If you mean javascript as in a certain stack of technologies that can be used by websites to track and spy users, then this is not the case, userscripts gives lot of control to the user over what is executed on their machine and are subject to many limitations, this script in particular is still bound by nanochan content security policies which means that the script cannot send any information outside of nanochan and since there is also no "auto update" feature included and no code gets downloaded or executed from a server, there is no way to do anything malicious with it.
I'm not trying to say that userscripts are the perfect and that this is the best way of doing things, what i'm saying is that using javascript inside a userscript is a whole different context than just blindly downloading scripts that could be malicious every time you visit a website.
>Are you advocating to add javascript to nanochan?
No, i'm not, i'm fine with nanochan remaining as it is, and if you think about it now that this script exists there is no reason to add javascript in the first place, people that want extra features can use this script instead.
>I think this is bloat, why would i want to use it?
You tell me xD i'm not trying to convince anybody here, nor i gain anything by getting people to use my script, as i see it this script is aimed at a certain kind of people that like me desire to have some extra features on top of the elegant HTML/CSS only base of nanochan, but also care about being in control on the code executed on the machines.
If you're not interested in the features listed above, then just don't use the script, if you are interested just in one feature or some of the features, then just disable the rest of them through the configuration, or fork it and write your own light version of it, choice is yours.
>How did you make this script?
Very simple.
- A simple text editor.
- Tor browser dev tools.
- Animu magic.
That's about it.
>This thread belongs on /meta/ right?(mods pls read)
I know there is a userscript thread on /meta/, but there are specific reasons i made it on /g/, one of my reasons to publish this was to have it and peer-reviewed and audited by fellow nanons, another one is that this is still in active developement and maybe some /g/ autists can help, /meta/ is basically a containment board for drama at this point and i want this thread to be about software development and not drama or meta-talk, so i think i fits better on /g/.
PGP public key
This is the PGP key that i am gonna use from now on to sign the releases and other important posts.
REMEMBER TO ALWAYS VERIFY THE SIGNATURE BEFORE EXECUTING THE SCRIPT FOR THE FIRST TIME OR AFTER AN UPDATE, SINCE IT COULD BE POSTED BY SOMEONE ELSE IMPERSONATING ME AND DISTRIBUTING MALWARE.
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQINBF2n+NsBEACo5hYywF5B3D0ZPzbtBw5q5tu3Wt6daIQh1nUx+wL48LpwVHDP
yfIEwd2SA9J1HLt0XSYoAzYrd9ij8MGXdDEz45lLgQ1XbrdOKyZjaoBHV1pY32dw
WVXJzjilmTQdRiBS8xB0Ndkr1+BiNKjs3lAR2DEJ9tGveqo5/mRV16VBSyg665z+
jJO6mC5Ggoa6TMPblzJsxjNBdrNWuYeZfqWHbx7N/xrOZAR703/7h39UlkZskrTt
GLb+mz9tqTUqMIPZfUkwl3KA5MDKEEAkEFJHEJSXISWlIzRjgXJ9h9q4d0dvVsi0
go8kxu/Xcq82CafPR5yqh5eIdQES8zR46US3S+0gcwdMGu7k1oCNgEhO3V9utD3K
e2t9fE6HqnAynFc4bCWTcu8q7gGRru4FYZNTPSyJx48dlGWujVP2y0RRqlF6RXMj
im89aZnuQ0JaCWXrqXy8l2T0Il3fJ2IspI9wrZCc2DmpWt0UAt3IR/A+iXsDe9Rk
2UQLqPoBey7XrBo8OlyMupohCWljBBfkbH3AJsWJ8u34fGatSOZu9vEu7OmSO7F1
KJ8YrqnuGkt55WPWvkNFReS+hM1etTgE93j+/PiIHfECY+nx3k4uxm7QZwxVTW3B
wujn9ha6Am6rWz4D02R+waBkj9YdYzbsQdz+z1Mfp8wPprr8UgnCKARtTwARAQAB
tCdOYW5vbmltb3VzdSAodXd1KSA8TmFub25pbW91c3VAY29jay5saT6JAk4EEwEI
ADgWIQQFURmm5AQk5KouR000jCMzXU+YKQUCXaf42wIbAwULCQgHAgYVCgkICwIE
FgIDAQIeAQIXgAAKCRA0jCMzXU+YKdz+EACoeegkKhf6j6GwzxW5oYgetQALGKDo
igEArP2V9ULoa+trzAVO9jHlLNtE1t2o2aIan68VyKq/R1zf1yWZ3fOvHS8Xr6vo
JLzHC3WdDRtCpYwKu6/m60hWasuxnJrpYjwgBqxfcLhvcIUsRiR0KYUOEbngPI6Z
B948HDNH3gxa82DYQHakDOrCsUct1lpjeNqDJ9fmZu8yjdBlEGoSTNdDQ3IdTClW
3qMXasLufQGDVXwWYgWS/CbsknmEuVauUcmuwWlimmOb8NxeS5EUv/hG57b3LxlB
orgtazsFh7X2V98Rhg8R2r7DcnNKEPA7U3dEG86HSdERbf5o6hSBuwXiIl3rXeqq
KsUZBSnSTudbgnyNpPzNWZR/miWe77tZxjlMOEtFV20WkhEvZOllvmxp1VnxNR06
5GCdgmBuIQHOU3Tffqo7Xuh9aG+ttLTAbFvcDWKK9p4EypJsJfmfw5xdX6vRcBd3
nEdttrrPlkIpkVH7RfRIE8ckQ9m6OUb08i7WMLThq+ym1RrlxX59NPowJ5iY5sNV
6DbRxo+m/jNlcUygDHbEJrwudRYB8b68sci8wrFrfdEIhSNjmXplTePOhepIdmyt
oeU8IhYBrPJVEpdVCLy9rN0h7nspBPEQFcv4enyxIWH5npOjk4pshoEPx9Op/O/y
tuGDEChANCtxbrkCDQRdp/jbARAA4NdyzQQWc7SJoxfb/8IG//RzqJljrWMXaDe0
e60mvHYnDG4TPX2/OhGNHI1ucbojdE5hbECwxjLAS0oEgTH/XcoCDJAw2l41oTnr
TvcBkE7xjC/kdN3IrCI47MXkJX/ik3pO78st6bOEnicOlELQzUMH7urkrPt5Rl6c
tBlcVlFHxkl5PJWV+pi/j0JacY1For4v6yGICrDQpm3IkVrDnOodKNM6Mr33xMvv
0hldGSEWXp+7AqSphudyGE8dRx3xQuRyWzAz1CaE0R0gH4Ow49EcVH0dIKKqVcxN
BjANu55X5CbCYne+uRZZyS/OH/feMdQKNm4RuefVeRGZ3fXOIYTOC9MEd5CvuaXd
OjZIGWlYw9JKY83DkMdKrcmmG8/un4xUSYQxV+JqWGK2IoQh+wst9CLqqu+BtI02
mfArRSl/MHZ6c9OC6UVq7fFQVvnCDcRTScRlWaOXLtCou9j4jDBXiSQEnqWFv67Q
irtp0zL/kMxx2gNmGyQt+kObNT7BUsv9PiOic0wX3tRasvt5q9jSc2iPK2ck7sbO
hqNZX8txGMUbvOsTGkuICU7PUkmR4OYFP4cU41dBXbfRm/S3oqxfg3ndfkiIHeRw
Lwhez9jzPBQ9TfhVg/SV9dVnH2stHb2iNxcgcXP2BmgKmk0ULQ8/GKSBAZlo7sHj
BxAjgiMAEQEAAYkCNgQYAQgAIBYhBAVRGabkBCTkqi5HTTSMIzNdT5gpBQJdp/jb
AhsMAAoJEDSMIzNdT5gpNwsP/01sv9NMoO4wozy7boP5GfXCKNmUkadwqbU1pXgN
ckkGpFpw+rOxQSnxpkRVitv+Da2dB/rxnQwPmBguGoU4e35s7f3wFQGB4WonJWAO
POwDVS+rNPL2WSHMbfMa23UBIKwzo6msvCMx9KCGFUl0qELbvGLUhKmQREXBeHTA
bKuxY6Hfhnb2MiWJEdoK9Xz4Zdf8dP7oS0srz+rr/i8Dva+22TKA2mW64RkYz7jq
FlDScCnGwHnHdo5J8R4PJ9szdMnBh0rXoCnnzqyo/BJiPqQH95QEta2iAeCmbhjB
BsUSHRu0EjQkePfrTZ8GtSSfLUIGRoI7+/qBPqNUn0QqjtDnV8UqpL4EqPizGHPE
qNP8dnnmtR6vHAb6Pp5+g6ToyvG9fO21NF4oNl4B7h8Rteol+FJvWnxSBdM/aQoa
DGniqVtYPuyZgJ9HTOcKnNky+qvptKCWQAu1v1cE41zupjVMjA0yndd836MbvMwS
ppq/zpIGUQNy/oq1w9S1zPs7DF58jqYHJ+rrQ/qPmFMi41DMjLImP3YEWjN1Grwx
VidOqEYNIhY9fC4Zqdgko2h3FsNGHr/UTAYkGPk/RKllb+p1p4IRx4cwE5ASd2Ku
Cfax4CcqbA5tYToHMNaUUO/rMJ5Gku15huKoITOVZSg+ZWKdWKtOR/fsg2pF8fxw
RTGc
=MjfZ
-----END PGP PUBLIC KEY BLOCK-----
Fingerprint: 055119A6E40424E4AA2E474D348C23335D4F9829
Install instructions
During this instructions i'm gonna assume that you are retarded, don't take it personally, i'm also gonna assume that you are using Tor Browser on a UNIX operating system, but you should be able to get it working easily also on other browsers and operating systems.
What you need:
- A text editor; Preferably with javascript syntax highlighting.
- A userscript extension; I officially support two extensions, choose the one you like the most:
-- Tampermonkey(https://www.tampermonkey.net); Proprietary freeware, but with lot of features, surprisingly configurable and with better script injection, not compatible with some kinds of script blocking.
-- Violentmonkey(https://violentmonkey.github.io); Free and open source, minimalistic, not configurable enough imo, compatible with most kinds of script blocking.
- gpg(https://www.gnupg.org).
How to install:
0. Make a directory to hold all the files, from now on this is gonna be called the "working directory", then open a terminal and change directory to the working directory.
1. Import my PGP public key in your gpg keyring; Copy the public key from above, then save in a file named "Nanonimousu.key", then run the following command "gpg --import Nanonimousu.key".
2. Locate the latest nanochan X release post; It should be near the end of this thread.
3. Download the text file included in the release post to your working directory; Name it "nanochanX.asc".
4. Verify the signature of "nanochanX.asc"; Run the following command "gpg -o nanochanX.js --decrypt nanochanX.asc", then check if the firgerprint matches, congratulations you have a legit version of the script.
5. Now that you have a verified version of the script it's a good time to check if the source doesn't contain anything malicious(sometime i don't even trust myself, so you should neither); Open "nanochanX.js" with your preferred text exitor, optionally sintax highlight for javascript, then start start by reviewing the userscript header(also called the metadata block), this is the most important part cause this is where the script can ask for permissions and whitelist third party domains, this is some documentation regarding it: https://sourceforge.net/p/greasemonkey/wiki/Metadata_Block/ https://wiki.greasespot.net/Metadata_Block https://www.tampermonkey.net/documentation.php https://violentmonkey.github.io/api/metadata-block/ now continue with the rest of the script, when you are satisfied proceed onto next step.
6.a. Go to the Tampermonkey dashboard then click on the "+" button, a new tab will open with a blank script, now go back to "nanochanX.js" in your text editor, copy everything and paste it in the new Tampermonkey tab, then press "CTRL+S".
6.b. Go to the Violentmonkey dashboard then click on the "+" button and select "New", the page will switch to a blank script, now go back to "nanochanX.js" in your text editor, copy everything and paste it in the new Violentmonkey page, then press "CTRL+S".
7. Now go back to the newly created userscript, then switch to the "Settings" tab and uncheck the checkbox near "Check for updates" or "Allow updates", even though no auto-update link is included in the userscript header in the first place, this way you can be sure it's not gonna auto-update, this is also the place where you can add your user excludes, for example if by any chance you are a mod, you might want to add "https://nanochanqwrwtmamtnhkfwbbcducc4i62ciss4byo6f3an5qdkhjngid.onion/Nano/mod*" to your user excludes.
Ok, that should do it, have fun.