We have been working on migration to Manifest v3 (MV3) for some time and today we\nare shipping a JShelter version 0.18 that implements stateless replacement for\nbackground pages which is a first step towards MV3.<\/p>\n
MV2 extensions were allowed to create background pages. These pages allow running\nJavaScript \u2026<\/p>","content":"
We have been working on migration to Manifest v3 (MV3) for some time and today we\nare shipping a JShelter version 0.18 that implements stateless replacement for\nbackground pages which is a first step towards MV3.<\/p>\n
MV2 extensions were allowed to create background pages. These pages allow running\nJavaScript code and keep state like variables for the whole browser session.\nEssentially, all background pages started with the browser and lasted until the\nuser closed the browser. Hence, we could utilize background pages to safe all\ninformation needed to be kept in memory. For instance, JShelter needs to store:<\/p>\n
We needed to solve issues related to the migration of all these information from\nregular JavaScript variables to Web Storage. As we expect that other extensions\nneed to solve the same problem, we created a stateless NSCL\nbranch<\/a>. Among others, we\nneeded to solve the issue of writing to the storage too frequently. As the core\nof JShelter is heavily stateful, we needed to rewrite important parts that were\nin the code base for years and were proven to work.<\/p>\n JShelter has repeatable tests and we run additional testing, especially under\ncircumstances like this change. Everything should run the same as it used to\nwork in 0.17. However, please be cautious and report back any odd behavior that\nyou encounter with 0.18 and later versions.<\/p>\n Migration to stateless or non-persistent background pages is needed for MV3 but\nit is still not a final step. Expect other major changes in JShelter core code\nincluding removal of Network Boundary Shield for Chromium-based browsers soon.\nHence, keep cautious also in the following months and report back any issues\nthat you encounter. Have a look at our Release page<\/a> for more\ninformation about the changes in JShelter.<\/p>","category":{"@attributes":{"term":"pt"}}},{"title":"\"Fixing\" Manifest V3 date: 2024-02-07 12:00","link":{"@attributes":{"href":"https:\/\/jshelter.org\/pt\/fixing-mv3\/","rel":"alternate"}},"published":"2025-07-10T07:01:03+02:00","updated":"2025-07-10T07:01:03+02:00","author":{"name":"The JShelter team"},"id":"tag:jshelter.org,2025-07-10:\/pt\/fixing-mv3\/","summary":" In the previous post of this series, What is Manifest v3 and how\nit affects\nJShelter<\/a>, we've stressed the limitations of the new WebExtensions APIs,\nalong with the challenges and the threats it poses to privacy and security\nextensions such as JShelter.<\/p>\n As part of our strategy to mitigate these \u2026<\/p>","content":" In the previous post of this series, What is Manifest v3 and how\nit affects\nJShelter<\/a>, we've stressed the limitations of the new WebExtensions APIs,\nalong with the challenges and the threats it poses to privacy and security\nextensions such as JShelter.<\/p>\n As part of our strategy to mitigate these problems, we mentioned \"actively\nparticipating in the ongoing \/browser extensions API design work\/ of the Web\nExtensions Community Group<\/a> (WECG),\nto steer the MV3 specification in the most favorable direction for security and\nprivacy use cases\".<\/p>\n Here, we want to provide some updates about these design participation\nactivities, and pointers to follow their progress.<\/p>\n Specifically, we prompted the W3C's WECG to resume the discussion of the two main\nissues \"blocking\" JShelter, which we had originally opened more than 2 years ago:<\/p>\n See public notes of the meetings of the\nWECG<\/a>\nfor more details on the working of the group.<\/p>\n This time, the response has been unanimously positive on #1, and generally\npositive on #2, with Google expressing a neutral position motivated by Chromium\ndevelopers unsure if the Network Boundary Shield use case would be better served\nby a built-in browser UI around their (not ready for prime time yet and planned\nfor quite a long time now) Private Network Access.<\/p>\n The discussion continues on the specific follow-up proposals we've created\nafterwards, covering all our JavaScript Shield requirements:<\/p>\n Furthermore MAIN world support in\nFirefox<\/a> would greatly\nsimplify our cross-browser story, allowing us to drop a complex and fragile\ncompatibility layer working around Firefox's XRay vision approach to \"safe\"\nDOM \/ JavaScript environment manipulation that we currently employ in Jshelter\nfor Firefox.<\/p>\n Browser vendors now signalling adequate understanding of our requirements and\ntheir will to implement our API proposals or equivalent alternatives before MV2\nsunset can finally induce some cautious optimism about a reasonably better MV3\nfor privacy and security extensions.<\/p>","category":{"@attributes":{"term":"pt"}}},{"title":"JShelter Debuts as a Manifest V3 Extension","link":{"@attributes":{"href":"https:\/\/jshelter.org\/mv3-jshelter-debut\/","rel":"alternate"}},"published":"2024-07-27T19:00:00+02:00","updated":"2024-07-27T16:24:02+02:00","author":{"name":"The JShelter team"},"id":"tag:jshelter.org,2024-07-27:\/mv3-jshelter-debut\/","summary":" Today, we're happy to announce the release of JShelter 0.19: in spite of the odd decimal version number,\nthis is the most important milestone in our migration journey to Manifest v3 (MV3)<\/a>.<\/p>\n In fact, the JShelter 0.19 package we're shipping to the Chrome Store is the first one \u2026<\/p>","content":" Today, we're happy to announce the release of JShelter 0.19: in spite of the odd decimal version number,\nthis is the most important milestone in our migration journey to Manifest v3 (MV3)<\/a>.<\/p>\n In fact, the JShelter 0.19 package we're shipping to the Chrome Store is the first one officially marked\nas MV3-compatible, and it is built from a dedicated\nmv3 source code branch<\/a> implementing several changes\nto work around the severe limitations imposed by Google's Manifest V3 and affecting all the extensions\ninstalled in recent Chromium-based browsers.<\/p>\n Although we're very proud of this release, which prevents JShelter from getting disabled by Chrome,\nwe consider it more a start than a finish line. As anticipated in previous installments of this blog series<\/a>,\nwe had to drop some features (more exactly one and a half) from the Chromium version due to currently insurmountable\ntechnical constraints. We still hope to overcome these constraints in the future, if and when our advocacy efforts<\/a>\non behalf of privacy and security extensions developers eventually find a more receptive audience, especially\nfrom Google.<\/p>\n Firefox, on the other hand, should be fine for now, thanks to Mozilla's sensible choice of keeping around, even in\nthis brave new MV3 world, their powerful\nasynchronous blocking webRequest API<\/a>, which is crucial to implement\nany non-trivial content blocking browser extension, and to their more friendly attitude towards privacy and security extensions use cases.<\/p>\n On Firefox<\/strong>, JShelter 0.19 should be virtually indistinguishable from 0.18.1. In fact, it should work even better,\nbecause we fixed a bug due to the new stateless architecture which sometimes prevented the UI popup from being\nproperly rendered after long inactivity.<\/p>\n On Chrome<\/strong>, the most notable and annoying user-facing change, which JShelter will notify you about as soon as you try to use it,\nis that enabling the Extensions Developer Mode<\/a>\nis required for extensions (e.g., GreaseMonkey) to use the However, since the code changes both in JShelter itself and in the NoScript Commons Library have been many and pretty\ndramatic, we certainly expect bugs. Please report your issues here<\/a> as usual. Thanks!<\/p>\n As mentioned above, we had to remove one feature and a half from the Chrome version only<\/strong>:<\/p>\n Both of these features rely on the\nblocking webRequest API<\/a>,\nwhich in MV3 is provided only by Firefox.<\/p>\n The Network Boundary Shield also requires either a reliable DNS API or at least some form of LAN awareness<\/a>.<\/p>\n As we said, JShelter on Firefox is in pretty good shape, but we will keep fixing bugs and evolving anti-fingerprinting techniques\naligned with academic research. We also plan to gradually reduce the code path divergences introduced by the MV3 Chromium version,\nin order to enhance the maintainability and predictability of our code.<\/p>\n We also still hope to overcome in the future the main disadvantages that Chromium MV3 JShelter\nsuffers over its Firefox counterpart,\nbut for this plan to work we really need more cooperation from the\nWeb Extensions Community Group<\/a> (WECG)\n(and especially goodwill from Google as the dominant browser vendor represented there)\nat fixing MV3<\/a>:<\/p>\n The road ahead is long, but we've also accomplished a lot so far, and we want\nto express our gratitude to you, JShelter users, for your help. Please keep reporting any issues that you encounter\nand take a look at our Release page<\/a> for more information about\nongoing changes.<\/p>","category":{"@attributes":{"term":"posts"}}},{"title":"Translating the JShelter website","link":{"@attributes":{"href":"https:\/\/jshelter.org\/i18n_website\/","rel":"alternate"}},"published":"2024-07-08T15:00:00+02:00","updated":"2025-07-10T07:01:03+02:00","author":{"name":"The JShelter team"},"id":"tag:jshelter.org,2024-07-08:\/i18n_website\/","summary":" The JShelter website has a dedicated translation pipeline, described in this post.<\/p>\n The simplest way to contribute to the site translation is on Weblate. Just head\nover to the JShelter website\nsection<\/a>, select the\nlanguage you want to work on, and start translating. Project maintainers will \u2026<\/p>","content":" The JShelter website has a dedicated translation pipeline, described in this post.<\/p>\n The simplest way to contribute to the site translation is on Weblate. Just head\nover to the JShelter website\nsection<\/a>, select the\nlanguage you want to work on, and start translating. Project maintainers will\nreview and integrate new translations periodically.<\/p>\n If you're comfortable with editing PO files, that's also possible. For this,\n just do the following steps:<\/p>\n In case you run into any problem, feel free to create an issue in our issue\ntracker and we'll do our best to guide you through the process.<\/p>\n When there are updates to the site content, Weblate needs to be manually\nupdated to provide the new strings for translation.<\/p>\n First, run the command The resulting files can be uploaded to Weblate to update the string list. Right\nnow this upload needs to be done manually on a per-component basis, but the\nfollowing links will take you directly to each component's page so you can\nupload the appropriate PO file:\nWebsite<\/a>\n(pages.po), Blog\nPosts<\/a>\n(posts.po) or\nWrappers<\/a>\n(wrappers.po).<\/p>\n The command The resulting files can be found inside the If everything looks okay, you can commit the new translated files so that\nthey're integrated into the website.<\/p>\n There are many languages available on Weblate, but only some of them are\nintegrated in the website. This is for quality control reasons, to ensure\nthat a translation is stable enough before pushing it into the live site.<\/p>\n At the moment, only Portuguese ( To add a new language, first edit Add your new language here, here using Czech as an example:<\/p>\n Now, when you build the website with The JShelter website has a dedicated translation pipeline, described in this post.<\/p>\n The simplest way to contribute to the site translation is on Weblate. Just head\nover to the JShelter website\nsection<\/a>, select the\nlanguage you want to work on, and start translating. Project maintainers will \u2026<\/p>","content":" The JShelter website has a dedicated translation pipeline, described in this post.<\/p>\n The simplest way to contribute to the site translation is on Weblate. Just head\nover to the JShelter website\nsection<\/a>, select the\nlanguage you want to work on, and start translating. Project maintainers will\nreview and integrate new translations periodically.<\/p>\n If you're comfortable with editing PO files, that's also possible. For this, just\ndo the following steps:<\/p>\n In case you run into any problem, feel free to create an issue in our issue\ntracker and we'll do our best to guide you through the process.<\/p>\n When there are updates to the site content, Weblate needs to be manually updated\nto provide the new strings for translation.<\/p>\n First, run the command The resulting files can be uploaded to Weblate to update the string list. Right\nnow this upload needs to be done manually on a per-component basis, but the\nfollowing links will take you directly to each component's page so you can\nupload the appropriate PO file:\nWebsite<\/a>\n(pages.po), Blog\nPosts<\/a>\n(posts.po) or\nWrappers<\/a>\n(wrappers.po).<\/p>\n The command The resulting files can be found inside the If everything looks okay, you can commit the new translated files so that they're\nintegrated into the website.<\/p>\n There are many languages available on Weblate, but only some of them are\nintegrated in the website. This is for quality control reasons, to ensure that a\ntranslation is stable enough before pushing it into the live site.<\/p>\n At the moment, only Portuguese ( To add a new language, first edit Add your new language here, here using Czech as an example:<\/p>\n\n
\n
What does work<\/a><\/h3>\n
userScripts<\/code> API, which JShelter must leverage to build and inject JShelter's anti-fingerprinting wrappers.\nOnce the Developer Mode is enabled, almost everything should work as expected, except for one feature and a half, i.e., the\nNetwork Boundary Shield<\/a> and\nthe blocking mode of the Fingerprinting Detector<\/a> (more details below).<\/p>\nWhat does not work yet<\/a><\/h3>\n
\n
What we're still working on<\/a><\/h3>\n
\n
Translating the website content<\/a><\/h2>\n
Translating the website content<\/a><\/h2>\n
Translating locally without Weblate<\/a><\/h3>\n
\n
git checkout weblate<\/code><\/li>\nwebsite\/i18n\/<\/code> directory, which has\n subdirectories for each language<\/li>\nUpdating the translation source files<\/a><\/h2>\n
1. Updating the Weblate string list<\/a><\/h3>\n
make translate-extract<\/code>, which will generate PO files\ninside the i18n\/en\/<\/code> directory. This process uses the md2po<\/code> command from the\nmdpo<\/a> Markdown parsing package to read\nall the website strings and generate source PO translation files.<\/p>\n2. Download the latest translations and apply them<\/a><\/h3>\n
make translate<\/code> will download the latest version of each available\ntranslation. The resulting .po<\/code> files are placed inside the\nwebsite\/i18n\/<lang>\/<\/code> directory, where <lang><\/code> is the language 2-letter code.\nIt will also generate translated Markdown files from the .po<\/code> translation\nsources obtained in the previous step. <\/p>\nwebsite\/content\/<\/code> directory: it\ncreates a directory with the language code inside each section dir\n(website\/content\/pages<\/code>, website\/content\/posts<\/code> and\n website\/content\/wrappers<\/code>).<\/p>\nAdding a new language<\/a><\/h2>\n
pt_PT<\/code>) is included.<\/p>\nwebsite\/pelicanconf.py<\/code> and find the lines:<\/p>\n<\/span>I18N_SUBSITES<\/span> =<\/span> {<\/span>\n "pt"<\/span>:<\/span> {<\/span>\n "DESCRIPTION"<\/span>:<\/span> "A extens\u00e3o para navegar em seguran\u00e7a"<\/span>,<\/span>\n "LONGDESCRIPTION"<\/span>:<\/span> "Uma extens\u00e3o anti-malware para o teu navegador web que vai p\u00f4r sob controlo amea\u00e7as de JavaScript, incluindo a recolha de impress\u00f5es digitais, rastreamento e recolha de dados"<\/span>,<\/span>\n }<\/span>\n}<\/span>\n<\/code><\/pre><\/div>\n\n<\/span>I18N_SUBSITES<\/span> =<\/span> {<\/span>\n "pt"<\/span>:<\/span> {<\/span>\n "DESCRIPTION"<\/span>:<\/span> "A extens\u00e3o para navegar em seguran\u00e7a"<\/span>,<\/span>\n "LONGDESCRIPTION"<\/span>:<\/span> "Uma extens\u00e3o anti-malware para o teu navegador web que vai p\u00f4r sob controlo amea\u00e7as de JavaScript, incluindo a recolha de impress\u00f5es digitais, rastreamento e recolha de dados"<\/span>,<\/span>\n },<\/span>\n "cz"<\/span>:<\/span> {<\/span>\n "DESCRIPTION"<\/span>:<\/span> "A extens\u00e3o para navegar em seguran\u00e7a"<\/span>,<\/span>\n "LONGDESCRIPTION"<\/span>:<\/span> "Uma extens\u00e3o anti-malware para o teu navegador web que vai p\u00f4r sob controlo amea\u00e7as de JavaScript, incluindo a recolha de impress\u00f5es digitais, rastreamento e recolha de dados"<\/span>,<\/span>\n }<\/span>\n}<\/span>\n<\/code><\/pre><\/div>\n\nmake html<\/code>, the new language should be present\nin the generated website.<\/p>","category":{"@attributes":{"term":"posts"}}},{"title":"Translating the JShelter website","link":{"@attributes":{"href":"https:\/\/jshelter.org\/pt\/i18n_website\/","rel":"alternate"}},"published":"2024-07-08T15:00:00+02:00","updated":"2025-07-10T07:01:03+02:00","author":{"name":"The JShelter team"},"id":"tag:jshelter.org,2024-07-08:\/pt\/i18n_website\/","summary":"Translating the website content<\/a><\/h2>\n
Translating the website content<\/a><\/h2>\n
Translating locally without Weblate<\/a><\/h3>\n
\n
git checkout weblate<\/code><\/li>\nwebsite\/i18n\/<\/code> directory, which has\nsubdirectories for each language<\/li>\nUpdating the translation source files<\/a><\/h2>\n
1. Updating the Weblate string list<\/a><\/h3>\n
make translate-extract<\/code>, which will generate PO files\ninside the i18n\/en\/<\/code> directory. This process uses the md2po<\/code> command from the\nmdpo<\/a> Markdown parsing package to read\nall the website strings and generate source PO translation files.<\/p>\n2. Download the latest translations and apply them<\/a><\/h3>\n
make translate<\/code> will download the latest version of each available\ntranslation. The resulting .po<\/code> files are placed inside the\nwebsite\/i18n\/<lang>\/<\/code> directory, where <lang><\/code> is the language 2-letter code.\nIt will also generate translated Markdown files from the .po<\/code> translation\nsources obtained in the previous step.<\/p>\nwebsite\/content\/<\/code> directory: it\ncreates a directory with the language code inside each section dir\n(website\/content\/pages<\/code>, website\/content\/posts<\/code> and\nwebsite\/content\/wrappers<\/code>).<\/p>\nAdding a new language<\/a><\/h2>\n
pt_PT<\/code>) is included.<\/p>\nwebsite\/pelicanconf.py<\/code> and find the lines:<\/p>\n<\/span>I18N_SUBSITES<\/span> =<\/span> {<\/span>\n "pt"<\/span>:<\/span> {<\/span>\n "DESCRIPTION"<\/span>:<\/span> "A extens\u00e3o para navegar em seguran\u00e7a"<\/span>,<\/span>\n "LONGDESCRIPTION"<\/span>:<\/span> "Uma extens\u00e3o anti-malware para o teu navegador web que vai p\u00f4r sob controlo amea\u00e7as de JavaScript, incluindo a recolha de impress\u00f5es digitais, rastreamento e recolha de dados"<\/span>,<\/span>\n }<\/span>\n}<\/span>\n<\/code><\/pre><\/div>\n\n<\/span>I18N_SUBSITES<\/span> =<\/span> {<\/span>\n "pt"<\/span>