Script to perform moderation actions on remote instances from the Mastodon frontend (and technically, a tool to generate the script).
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

92 lines
6.7 KiB

<!DOCTYPE html>
<meta charset="utf-8">
<title>Remote Instance Actions</title>
<link rel="stylesheet" type="text/css" href="style.css">
<script src="scripts.js"></script>
<body id="top">
<h1>Remote Instance Actions</h1>
<figure><img src="ria.png" alt="The userscript in action, suspending badfaith.instance." /><figcaption>Quickly suspend or silence remote instances from the Mastodon frontend</figure>
<div id="prereqs"><h2>Prerequisites</h2>
<p>Ensure Tampermonkey is installed: <a href="">Tampermonkey Home Page</a> <a href="">Chrome Extension</a> <a href="">Firefox Add-On</a></p></div>
<div id="installation"><h2>Installation Form</h2>
<h5><a href="#whyform">Why?</a></h5>
<form id="install-form" action="remote_instance_actions.user.js" method="get">
<p>Enter each instance you wish to use the script on. This should be just "domain.tld", no extra formatting. One domain per line.</p>
<textarea id="instance-input" placeholder=""></textarea><br>
<input id="install-button" type="submit" value="Install">
<div id="faq"><h2>FAQ</h2>
<div id="whatsthis"><h3>What's this?</h2>
<p>Remote Instance Actions is a userscript I've written to aid in Mastodon moderation.</p>
<p>(That really is just "Mastodon", not "fediverse". Sorry, Misskey admins).</p>
<p>It's as simple as the image at the top makes it look! Just highlight the URL of an instance you want to silence or suspend, and select the new context option. It does a little bit of simple sanitizing and validation to make sure you highlighted what you wanted to highlight. Then, it checks to see if the instance is already limited. Finally, it opens a new tab to your instance's "New Domain Block" form.</p>
<p>The checks to ensure that the highlighted text is a domain and that it's not already limited on the instance are imperfect. For example, if the instance "domain.tld" is blocked, the latter check will give a false positive on "mydomain.tld". For this reason, the checks can be overridden manually.</p>
<h3>What is a userscript?</h3>
<p>A userscript is sort of like a browser extension, but smaller! Just a little bit of Javascript code that gets run on certain pages to enhance the experience.</p>
<p>Of course, most browsers do actually need a browser extension to run userscripts. The most popular and feature-complete one by far (as well as the one this userscript was tested with!) is Tampermonkey.</p></div>
<div id="whyform"><h3>It's just a userscript? Why the complex installation process?</h3>
<p>When writing a userscript, you have to hardcode in the URL of websites it will work on*. That's fine for, say, Twitter, where it's always found at "" (for the time being, anyway). Mastodon instances are a lot harder to write for. If I wrote it to, for example, check if the current page is a Mastodon instance and conditionally add the context menu item, it would have to run on <em>every page you visit</em> to make that check.</p>
<p>The usual way to solve this problem is to just tell the user to modify the userscript to add the pages you'd like it to run on. That sucks for a number of reasons. The most obvious are that users don't want to have to go in and mess with the code, and that it breaks with Tampermonkey's update functionality. This page here is my overengineered solution.</p>
<p>The userscript itself, in a usable state, isn't <em>exactly</em> stored anywhere on my server. There is a version that's very similar, but with a little bit of PHP where you would expect the @match directives to be. That PHP code fills in the match directives with domains provided via GET parameters before sending it to your browser. Since the script was installed from a URL with those parameters in it, Tampermonkey will include those same parameters when checking for updates.</p>
<p>The slightly less technical answer is that using this install page generates the userscript with the proper domains set on the fly, and does so in a way such that Tampermonkey will fetch updates that are generated with the same domains.</p>
<p>*This is not technically true, you can also match URLs with regular expressions. But anything that would match any Mastodon instance is going to have a lot of false positives, and I believe Tampermonkey throws up a big scary warning if you do this anyway.</p></div>
<div id="source"><h3>Can I see the source code?</h3>
<p>Well, your browser will show you the code before installing, but if you want to inspect it it's available on <a href="">my gitea instance</a>.</div>
<div id="contact"><h3>How can I contact you?</h3>
<p>If you're on the fediverse, I can be found at <a href=""></a>.</p>
<p>If you aren't... How exactly did you get here?</p></div>
<div id="firefoxnote"><h2><s>Note For Firefox Users</s></h2>
<h3>This script used to be broken in Firefox, and this part of the page details a workaround. A Tampermonkey update has fixed the bug, so this is no longer required unless you're on an old version of Tampermonkey for some reason.</s></h3>
<p>There's currently an extremely weird bug somewhere in the intersection of Tampermonkey and Firefox. I've managed to find a few reports of it occuring for other people, but only in the context of other issues that have since been closed. I have no idea what causes it, but there is a workaround.</p>
<p>Simply, your web browser has some security features built in to prevent any code that's not "supposed to be there" from executing. Tampermonkey is supposed to still be able to execute despite this, but something super weird and beyond my understanding is getting in its way. But for whatever reason, reloading the page <em>without your cache</em> fixes it. I can't explain why, but I can explain how to do it.</p>
<h4>At any point before using the script, press Ctrl+F5 to "hard refresh", reloading the page without using the cache. When you do, the script will work until the next time the page is loaded.</h4>
<p>Hopefully this issue is solved in the future, and this workaround stops being needed.</p>
<p>There is a way to work around the bug in a more permanent way, but it comes with some security risks. In fact, it's dangerous enough that I don't feel comfortable explaining how to do it here. But if you know what you're doing: Disabling CSP enforcement should allow the script to work.</p></div></div>
<h4><a id="top-link" href="#top">Back to top</a></h4>