Skip to content

feat(safari): strip DNR rules WebKit cannot compile#3280

Merged
smalluban merged 4 commits into
mainfrom
safari/filter-invalid-dnr-rules
Apr 27, 2026
Merged

feat(safari): strip DNR rules WebKit cannot compile#3280
smalluban merged 4 commits into
mainfrom
safari/filter-invalid-dnr-rules

Conversation

@chrmod

@chrmod chrmod commented Apr 21, 2026

Copy link
Copy Markdown
Member

Summary

  • Safari's WebKit URL filter parser silently rejects urlFilter / regexFilter patterns it does not support (disjunctions, character classes, arbitrary atom repetitions, etc.). Those rules ship to users but never match, producing gaps in ads/tracking/annoyance protection specific to Safari.
  • The Xcode build now runs the ghostery/WebKit validate-dnr-rules tool against every ruleset produced in dist/rule_resources/dnr-ads, dnr-tracking, dnr-fixes, dnr-annoyances, dnr-redirect-protection, and all dnr-lang-* regional lists — and drops any rules WebKit would reject.
  • The validator binary is fetched lazily from the latest ghostery/WebKit release by a postinstall hook and kept out of the repo. Unsupported host platforms (e.g. Windows, Linux arm64) skip the download silently so regular npm install is unaffected; Xcode Cloud's macOS arm64 runners pick up the correct asset.

On the current rulesets this removes 342 rules across 29 of 31 files — top offenders are dnr-ads (130), dnr-redirect-protection (80), dnr-tracking (18), dnr-lang-pl (19), dnr-lang-tr (16), dnr-lang-ja (12).

Test plan

  • Install Ghostery from a TestFlight build produced by this branch on Safari (macOS and iOS) and confirm the extension loads without ruleset-compilation errors in the system log.
  • Browse a handful of sites that rely on rules previously rejected by Safari (e.g. a page matched by one of the removed dnr-ads regex rules) and verify the page still renders correctly — the rule being dropped should not regress user-visible behaviour, since it was already a no-op in Safari.
  • Toggle regional language lists in the extension settings on Safari and confirm they still enable/disable without console errors.

Safari silently drops rules whose urlFilter/regexFilter the WebKit URL
filter parser rejects, so any pattern using features like disjunctions,
character classes, or arbitrary atom repetitions is a no-op for Safari
users. The Xcode build now runs the validator from ghostery/WebKit
against every ruleset and removes the rejected rules before packaging,
so the shipped lists match what Safari will actually enforce.

The validator binary is downloaded on demand by a postinstall hook from
the latest ghostery/WebKit release and kept out of the repo.
@chrmod chrmod requested a review from smalluban as a code owner April 21, 2026 19:08
Comment thread package.json Outdated
@smalluban smalluban merged commit 68cdd6d into main Apr 27, 2026
7 checks passed
@smalluban smalluban deleted the safari/filter-invalid-dnr-rules branch April 27, 2026 06:37
@smalluban smalluban mentioned this pull request Apr 27, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants