A few weeks ago the reddit staff made some code changes so that the content of selfposts [posts on reddit that contain text] on nsfw subs only gets displayed when JavaScript is activated. Since the change every lurker had to enable js just to browse this sub properly, which poses an unnecessary security risk. Some high profile users [e.g. vendors or market admins] would probably prefer not to execute js code from a big US based company which does not care much about their users privacy.
Although the content can be displayed with a small workaround while still having JS disabled [as described here: https://www.reddit.com/r/DarkNetMarkets/comments/59u6w4/this_js_bullshit_is_getting_annoying/d9btbmx/] it is still a hassle to do this for every selfpost you open. So I decided to make a pretty simple Firefox Add-on which does this automatically.
Wait, before you close the tab because OP wants you to install an Add-on in your Tor browser please read the whole post. The Add-on is available in the official Firefox Add-on list, was checked by devs before being released to the public and of course everybody can view the source code.
If you are using Tails:
The only Tor browser data that can be saved with the persistence volume, are the bookmarks. So you would need to reinstall the Add-on every time you reboot tails. It is therefore not that ideal in this case because to be secure you would need to take a quick look at the source code first before downloading it to make sure it has not changed since the last time.
So it is more convenient to only use the Add-on on systems that do not wipe your data with every reboot [e.g. whonix]. If you use tails it is easier to enable JS according to these steps https://www.reddit.com/r/DarkNetMarketsNoobs/wiki/bible/buyer/about/redditwithtor and you will still be fine because your threat model as a buyer or normal vendor is not high enough for attacks originating from JS code on reddit.
How to verfiy the source code:
Fortunately you need absolutely no understanding of programming languages to understand the three lines of code which the Add-on has. to check the source code go the the page of the Add-on: https://addons.mozilla.org/en-US/firefox/addon/show-reddit-selfposts-w-o-js/ and scroll down to 'Version Information' and click on the link 'View the source'.
On the new page you will have to allow scripts for https://addons.mozilla.org to see the source code. After that is done you see the manifest.json file which contains the meta information about the addon. Most of the parts are self explanatory [if not google them or post your question here] but the important part are these two lines:
"matches": ["*://*.reddit.com/r/*/comments/*"],
"css": ["ShowSelfpostsWithoutJS.css"]
These mean that every time the tor browser opens a URL that matches this pattern '://.reddit.com/r//comments/' [the * is a placeholder for any value] the file 'ShowSelfpostsWithoutJS.css' gets executed. The pattern covers every selfpost thread on reddit so the addon can make the content of it visible again. CSS is a style sheet language meaning that it can change the layout of the displayed site.
To see what code is in the ShowSelfpostsWithoutJS.css file, click the link to it on the left sidebar under 'Files:'. You will see this code:
.expando {
display: block !important;
}
The content of the selfpost belongs to the class 'expando' and the css code from reddit makes all the content hidden when JS is disabled [with display: none;]. the Add-on overwrites this value so the content gets displayed again.
That is it! As you could see the source code only makes the hidden content of the selfpost visible again. Also it does not fuck up the layout if you decide to log in or enable JavaScript.
I hope that some users will find this Add-on useful and can enjoy more privacy and security with it.
Disable auto updates
Do not forget to disable auto updates for this Add-on so I can not automatically execute code that you do not want. To prevent this go to your Add-on over view page [about:addons] and click on the more link for the Add-on. Then set the 'automatic updates' option to off.
tl;dr OP made an Add-on that makes it possible to view selfposts of nsfw subs with disabled JS
This can be added to TOR & not mess with it?????