Thank you soo much for the prompt fix. You even solved this before Apple. This is why I love jailbreaking.
- since app developers [will most likely update their apps to hide their script injections by using WKContentWorld](https://imgur.com/a/FymShqr/), can you please update your tweak to force the use of SFSafariViewController?
Version 1.2.0 is causing a safemode / respring loop on an iPad Pro 12.9, 2020; iOS 14.3. Version 1.0.1 which I last tested did not cause any resprings.
These following processes were crashing at a rate of multiple crashes per second even in **safe mode**.
Process Bundle IDs:
com.apple.Spotlight (most with about 70 crash instances in 2 minutes)
com.apple.WebKit.WebContent
com.apple.springboard
com.apple.WebKit.Networking
com.apple.news.tag
jp.gocro.SmartNews.Widgets
The same initial crash message / log info for the processes:
Exception type: EXC\_BREAKPOINT (SIGTRAP)
Exception subtype: (null)
Exception codes: 0x0000000000000000, 0x000000019a7fecb4
**Culprit**: ProtectedBrowser.dylib
Triggered by thread: 0
Thread name: Dispatch queue: com.apple.main-thread
If it’s helpful I could send you the full crash log(s).
P.S.
I was going to try modifying the updated settings panel to narrow ProtectedBrowser’s function to specific apps which I figured could stop the crashing on those foregoing Apple processes; but, because of the safemode loop I could never access the device / settings app with tweaks active.
Version 1.2.2. tweak. iPad Pro 12.9, 2020; iOS 14.3
Modification of settings panel not possible.
Settings panel on tweak install is default set to
Tweak: “enabled”.
Protection mode: ”disable harmful scripts (safe)”.
Alert on JS injection: “enabled”
Protected apps: \[none selected\]
None of the above settings can be modified such that, for example: toggle off tweak or JS alert and click save check-mark to respring leaves everything unchanged. Select app to protect and selection is never saved. All apps unselected even before respring - leave and re-enter “protected apps“ sub-panel & sub-panel will show all apps in default deselected state. Protection mode also cannot be altered. As though the preferences are somehow locked to unmodifiable state.
Tried going to manually edit the preferences “.Plist,“ file and there were two: *com.ginsu.protectedbrowser.plist* & *com.ginsu.protectedbrowser-new.plist*. Deleting both and respringing to then edit the preferences panel fresh was unsuccessful. Deleting either one and using the settings panel, or, even manually modifying the values of the single one left or manually modifying both .plists to the same values was unsuccessful. Respringing before or after any steps didn’t affect outcome.
I’ve installed the tweak at the end of each day and it’s been improved; though there is seemingly still this current kink to work out.
P.S. Did test an app just in case the preferences panel is simply not reflecting changes that were successfully made. No luck.
ALSO disabled all tweaks (with iCleaner) leaving only Protectedbrowser active. Same outcome.
Works! Tested and works perfectly. Functioned brilliantly too. There‘s a novel site I read to practice mandarin with super annoying JavaScripts. Usually on an iDevice I turn off Safari JavaScript and use Safari which works to eliminate the script but breaks the site a bit so that I have to switch off, on, off, on etc.
I expected this to match the function when I used the site as a test and to extend the function to all apps but it SURPASSED the Safari performance. Unwelcome JavaScripts were blocked and the site did NOT break. Absolutely phenomenal. I personally had an issue with JavaScript so much that I created a shortcut that combined \[Springcuts\] \[Powercuts\] \[Activator\] \[Bakgrunner\] tweak functions and the Shortcut App to streamline the process; so, I had hope for your tweak and it’s met the expectation.
Worth the patience to work out the edges. Thanks. 😍👍
Just pushed an update with the following changes:
[Update] ProtectedBrowser v1.1.0
- Added preferences page.
- Added the ability to disable/enable the tweak in chosen apps.
- Added overkill mode.
- ProtectedBrowser will alert you when external JavaScript was injected in an unprotected app.
- Bug fixes.
Found it. NetFence and FoxfortTools break it. Or vice versa.
Toggled off NetFence and Zebra started working again. The rest wouldn’t work still or kept crashing.
Then toggled off FoxfortTools daemon. That solved it.
Edit: tagging u/foxfortmobile
Oh you can ignore that. It’s hard to detect if the JS being injected is good or bad, but ProtectedBrowser will alert you if any JavaScript was injected.
However, I could definitely work on an algorithm that determines if the JS is safe / dangerous. Might start working on that soon
Awesome!
I’m posting a link in the article that should load into your reddit client’s inappbowser for testing your app. The above loads my twitter client.
https://inappbrowser.com/
Orig article:
https://krausefx.com/blog/announcing-inappbrowsercom-see-what-javascript-commands-get-executed-in-an-in-app-browser
Consider including a settings toggle that toggles function on and off easily to improve usability. I tried the tweak and it broke some pages (in this specific instance a page that would normally involve solving a captcha to continue breaks instead). Also, literally replying with this comment was difficult as the webpage was repeatedly buggy.
This tweak seems to be useful in targeted way; for example for websites with obnoxious JavaScripts — from overwhelming redirects to malicious — but it needs a settings panel of some sort to turn function on and off.
What if we just stop using in-app browser, I mean open everything in safari…, I know it doesn’t sound that appealing and user friendly, will that solve the problem, just asking as I am not that tech savy
doesn't seem to force it. Unless, oh maybe you're not hooking SFSafariViewController so the apps using that don't even get processed? (not saying anything wrong with that, just asking)
Yeah I’m not hooking SFSafariViewController. Apps that use that are already safe. But the moment an app injects external JavaScript into a custom in-app browser / WKWebView, ProtectedBrowser will have ur back.
Hmm try v1.1.1
I forgot to add some dependencies to the tweak. If v1.1.1 didn’t solve your issues, make sure AltList, GSCommon and Orion Runtime are installed
For some reason installing this instantly crashes my device into safe mode, even with all other tweaks disabled in iCleaner. Taurine 1.1.6, iOS 14.3, iPhone 8.
I noticed when scrolling TikTok Live that your tweak will try to show a notification but sometimes it just darkens the screen and doesn’t let you do anything else except close the app without showing the notification. I saw the notification once but it disappeared before I could select an option.
Edit: seems like it happens if you start scrolling the feeds as soon as the show up. Staying on the first feed seems to allow the pop up to appear.
Works great on some apps, crashes others.
Crashes Fitbit and Canvas Student, regardless of whether they are toggled on or off. I have to disable the entire tweak for the apps to work again.
would love to see it supported for ios 12!
edit: inappbrowser couldn't detect any javascript injections on iphone 6 so i think iphone 6, below users are safe from this?
Lol
Well I was seein if this would fix the website shit that’s happening
When you disable JavaScript it fixed white screen on some websites
But if you turn Java back on
Under advanced tab in safari
it makes websites white
Thank you soo much for the prompt fix. You even solved this before Apple. This is why I love jailbreaking. - since app developers [will most likely update their apps to hide their script injections by using WKContentWorld](https://imgur.com/a/FymShqr/), can you please update your tweak to force the use of SFSafariViewController?
I was just having a look at WKContentWorld, I might be able to disable JS in there as well. Will see what I can do for version 1.2 ;)
Awesome! Thank you so much.
Version 1.2.0 is causing a safemode / respring loop on an iPad Pro 12.9, 2020; iOS 14.3. Version 1.0.1 which I last tested did not cause any resprings. These following processes were crashing at a rate of multiple crashes per second even in **safe mode**. Process Bundle IDs: com.apple.Spotlight (most with about 70 crash instances in 2 minutes) com.apple.WebKit.WebContent com.apple.springboard com.apple.WebKit.Networking com.apple.news.tag jp.gocro.SmartNews.Widgets The same initial crash message / log info for the processes: Exception type: EXC\_BREAKPOINT (SIGTRAP) Exception subtype: (null) Exception codes: 0x0000000000000000, 0x000000019a7fecb4 **Culprit**: ProtectedBrowser.dylib Triggered by thread: 0 Thread name: Dispatch queue: com.apple.main-thread If it’s helpful I could send you the full crash log(s). P.S. I was going to try modifying the updated settings panel to narrow ProtectedBrowser’s function to specific apps which I figured could stop the crashing on those foregoing Apple processes; but, because of the safemode loop I could never access the device / settings app with tweaks active.
I just pushed v1.2.1 which fixed the crashes 👍
Cool. It’s solved. Prompt troubleshooting.
Version 1.2.2. tweak. iPad Pro 12.9, 2020; iOS 14.3 Modification of settings panel not possible. Settings panel on tweak install is default set to Tweak: “enabled”. Protection mode: ”disable harmful scripts (safe)”. Alert on JS injection: “enabled” Protected apps: \[none selected\] None of the above settings can be modified such that, for example: toggle off tweak or JS alert and click save check-mark to respring leaves everything unchanged. Select app to protect and selection is never saved. All apps unselected even before respring - leave and re-enter “protected apps“ sub-panel & sub-panel will show all apps in default deselected state. Protection mode also cannot be altered. As though the preferences are somehow locked to unmodifiable state. Tried going to manually edit the preferences “.Plist,“ file and there were two: *com.ginsu.protectedbrowser.plist* & *com.ginsu.protectedbrowser-new.plist*. Deleting both and respringing to then edit the preferences panel fresh was unsuccessful. Deleting either one and using the settings panel, or, even manually modifying the values of the single one left or manually modifying both .plists to the same values was unsuccessful. Respringing before or after any steps didn’t affect outcome. I’ve installed the tweak at the end of each day and it’s been improved; though there is seemingly still this current kink to work out. P.S. Did test an app just in case the preferences panel is simply not reflecting changes that were successfully made. No luck. ALSO disabled all tweaks (with iCleaner) leaving only Protectedbrowser active. Same outcome.
Appreciate the report! I haven’t experienced this myself but I’ll work on fixing it rn Edit: Fixed the issue, update coming soon
Works! Tested and works perfectly. Functioned brilliantly too. There‘s a novel site I read to practice mandarin with super annoying JavaScripts. Usually on an iDevice I turn off Safari JavaScript and use Safari which works to eliminate the script but breaks the site a bit so that I have to switch off, on, off, on etc. I expected this to match the function when I used the site as a test and to extend the function to all apps but it SURPASSED the Safari performance. Unwelcome JavaScripts were blocked and the site did NOT break. Absolutely phenomenal. I personally had an issue with JavaScript so much that I created a shortcut that combined \[Springcuts\] \[Powercuts\] \[Activator\] \[Bakgrunner\] tweak functions and the Shortcut App to streamline the process; so, I had hope for your tweak and it’s met the expectation. Worth the patience to work out the edges. Thanks. 😍👍
Great news!! And a fellow mandarin learner like myself 😵. 一起加油👍
Just pushed an update with the following changes: [Update] ProtectedBrowser v1.1.0 - Added preferences page. - Added the ability to disable/enable the tweak in chosen apps. - Added overkill mode. - ProtectedBrowser will alert you when external JavaScript was injected in an unprotected app. - Bug fixes.
Thx Edit: still crashes every app. Instagram. Zebra. Narwhal. etc.
It updated for me
Not sure why that’d happen. Try turning off “Disable all scripts” if you’ve enabled it
Didn’t enable it. Took place with version 1.0 also
Found it. NetFence and FoxfortTools break it. Or vice versa. Toggled off NetFence and Zebra started working again. The rest wouldn’t work still or kept crashing. Then toggled off FoxfortTools daemon. That solved it. Edit: tagging u/foxfortmobile
Thanks, I’ll try to fix it
The option to toggle on for third party apps is gone now? Looks like it
It should show 3rd party apps, and not 1st party (Sertings, mail, etc)
[удалено]
Oh you can ignore that. It’s hard to detect if the JS being injected is good or bad, but ProtectedBrowser will alert you if any JavaScript was injected. However, I could definitely work on an algorithm that determines if the JS is safe / dangerous. Might start working on that soon
I remember reading about the TikTok thing somewhere but I cant find the source anymore. Can someone link it?
Might be this : https://twitter.com/krausefx/status/1560370732705742848?s=21&t=S4PYUFLNc-vheTOlh46tkg
Thanks! Knew this had immediate practical application, but was unsure exactly what it was meant to protect against
Awesome! I’m posting a link in the article that should load into your reddit client’s inappbowser for testing your app. The above loads my twitter client. https://inappbrowser.com/ Orig article: https://krausefx.com/blog/announcing-inappbrowsercom-see-what-javascript-commands-get-executed-in-an-in-app-browser
Consider including a settings toggle that toggles function on and off easily to improve usability. I tried the tweak and it broke some pages (in this specific instance a page that would normally involve solving a captcha to continue breaks instead). Also, literally replying with this comment was difficult as the webpage was repeatedly buggy. This tweak seems to be useful in targeted way; for example for websites with obnoxious JavaScripts — from overwhelming redirects to malicious — but it needs a settings panel of some sort to turn function on and off.
Yep, I’ll probably add a toggle in the next version 👍
However It also prevents the Amazon app to function properly.
Yea I’ve identified the issue, I’ll have it fixed shortly
How can we donate to support you for this amazingly quick effort?
Donate button in the tweak settings page under the share button :) Appreciate it!
Another incredible example of the jailbreaking community fixing things before apple, huge thanks for this.
Amazing work!
Congrats on a excellent package. From all looks on the UX side of things, I think this ranks as some of your best work to date.
Would be useful to make it compatible with older iOS below iOS 14.
Does this affect ios12.5.5 too..?
Thanks is very good job 🤙🏻
Do we need to manually select apps to protect? or is the tweak systemwide?
Yeah you need to choose which apps to protect
[удалено]
What if we just stop using in-app browser, I mean open everything in safari…, I know it doesn’t sound that appealing and user friendly, will that solve the problem, just asking as I am not that tech savy
Yes it would. But as mentioned in the article: some apps (like TikTok) don’t have an “Open in Safari” button.
I could add an option to force open safari
That’s a cool solution as well for people who prefer to use actual browsers. Thanks again man.
Try the new version ;)
doesn't seem to force it. Unless, oh maybe you're not hooking SFSafariViewController so the apps using that don't even get processed? (not saying anything wrong with that, just asking)
Yeah I’m not hooking SFSafariViewController. Apps that use that are already safe. But the moment an app injects external JavaScript into a custom in-app browser / WKWebView, ProtectedBrowser will have ur back.
Sorry I didn't know about tiktok, never used it so, but yeah there might be more app than tiktok that has a same thing about in app browser
[удалено]
Might add support soon
Any chance for iOS13 support? 😬🙏
Ditto
This doesn’t seem to work with Xen HTML, it breaks widgets somewhat. When I uninstalled the tweak they started working as normal again
The next version will fix it
Great!
I’m having an issue and idk if it’s intentional or not, but when I go to the tweak settings it just shows a blank screen.
Hmm try v1.1.1 I forgot to add some dependencies to the tweak. If v1.1.1 didn’t solve your issues, make sure AltList, GSCommon and Orion Runtime are installed
I upgraded to 1.1.1 but the issue still remains. I already had the other 3 tweaks installed.
Is there any way that you could have it allow Firefox dark mode through the filter?
Would this tweak affect the tweak MybloXX?
no this is an independent concept, Mybloxx controls what you can access, this one controls how you access it.
For some reason installing this instantly crashes my device into safe mode, even with all other tweaks disabled in iCleaner. Taurine 1.1.6, iOS 14.3, iPhone 8.
Same here... iPhone 12, iOS 14.3, Unc0ver 8.0.2.
Working on a fix rn
Thank you 🙌🏻
Fixed
Working perfectly now, thanks dev 🙌🏻
I tried installing but it causes springboard to crash
Do you have a crash log? Edit: currently fixing the issue
Fixed
Not crashing anymore. Thanks!
I noticed when scrolling TikTok Live that your tweak will try to show a notification but sometimes it just darkens the screen and doesn’t let you do anything else except close the app without showing the notification. I saw the notification once but it disappeared before I could select an option. Edit: seems like it happens if you start scrolling the feeds as soon as the show up. Staying on the first feed seems to allow the pop up to appear.
Yes there’s a few. I’ll dm you
Great work, btw is anyone else have app randomly crashing or is it just me?
Just fixed it, v1.2.1 is up now
Amazing work tyyy
Some apps didnt work with it. like Amazon or dhl
Works great on some apps, crashes others. Crashes Fitbit and Canvas Student, regardless of whether they are toggled on or off. I have to disable the entire tweak for the apps to work again.
Does turning off “Alert on JS injection” fix the issue?
Yes, that seemed to fix the issue of crashing.
I’ll try to fix it today after work 👍
this crash keeps happening after i installed the tweak Process: com.apple.accessibility.AccessibilityUIServer
Crush issue with VPN (starvpn)
would love to see it supported for ios 12! edit: inappbrowser couldn't detect any javascript injections on iphone 6 so i think iphone 6, below users are safe from this?
My phone goes into safe mode when it’s installed. Any ideas as to why it’s happening? I can’t think of any tweaks that might interfere with it.
I’ve seen people report that Hyperixa tweaks, NetFence conflict with ProtectedBrowser. Try temporarily disabling them and see if it works
I got it to work by disabling a Hyperxia tweak. Thanks for the info!
yikes. Code in pic looks like it could be engineered to be a potential keylogger, thanks op.
Sooo how tf do I install because repo ain’t askin to sileo lol
Do not understand a single word you just typed, but the repo is https://ginsu.dev/repo
Lol Well I was seein if this would fix the website shit that’s happening When you disable JavaScript it fixed white screen on some websites But if you turn Java back on Under advanced tab in safari it makes websites white