Brave doesn’t support
$popup, so no. technically the popup is not even blocked, what popup does is to open it and then close it.
But you can always use the other features as a workaround.
Alternatives features that can be used to block popups are:
CSP with sandbox property, you block a lot of things including popups, all you need is to allow scripts and the site will work normally, but block forms and popups and all that.
CSP is like whitelisting stuff, so unless specify in the rule, nothing will get allowed.
canyoublockit.com$csp=sandbox allow-same-origin allow-scripts
cons about CSP:
- well, many websites will block making the site a ‘sandbox’.
- There is a bug in Brave shields where sandboxing frames don’t get properly blocked by Brave, which means you have to use CSP with
script-src to do the job.
- you can easily see in console what is being blocked with a message like:
https://canyoublockit.com/extreme-test/ in a new window because the request was made in a sandboxed frame whose ‘allow-popups’ permission is not set.
2. Scriptlet Injection filters
Brave uses uBlock resources https://github.com/gorhill/uBlock/wiki/Resources-Library and there are two scriptlets that can be used to block popups.
window-close-if. It is the closest to
$popup, it does a
window.close() to the popup.
canyoublockit.com##+js(window-close-if, /^/) you can see in uBlock wiki it can be tweaked if needed, like
So pretty much you convert
$popup rules like that.
Like in the case of this testing website the rule by uBlock is
eatcells.com##+js(window-close-if, /^/) should act similarly
nowoif - window.open-defuser
This stops any popup by using
window.open(), which means it can work in many popups but sometimes it doesn’t.
In the case of the test, it does work, and you use it as:
you can add more arguments to be more specific but since logging the nowoif shows
[uBO] window.open: https://canyoublockit.com/extreme-test/ _blank
that means that you can do it as
##+js(nowoif, _blank) and it will be more specific instead of blocking all popups if not necessary.
3. block the script causing the popup to happen.
It will be either an external script or an inline script doing it, which can be blocked by Brave, through scriptlet injections or normal Network request filters.
CSP can also do it easily but when it comes to inline-scripts, it can get messy because you have to allow one by one if necessary, because the only way to allow inline scripts is by using
unsafe-inline, which will allow all inline scripts which means, it will not do the job.
So as you can see, Brave can easily do it, the problem is feature parity to support the filters that Easylist and uBlock lists (Brave default lists) have, and that’s exactly what Brave has been working on all these years since the write of Brave Adblocker.
Currently Brave supports most important features/filters, but there are missing features of course, I would say Brave supports like 95% of rules today.
Of course, you hope someday to finally see
$popup supported, just like the other missing features uBlock has.
And the Procedural filters as well, which are only used to hide html elements, so nothing relevant for this talk, but more about how Brave little by little supports uBlock features and someday it will have the feature parity with uBlock, enough to support 99.9% of rules (it will never be 100%)