Tor v3 onion address auto-mode rule

I finally came up with an auto-mode rule that would automagically enable proxy-mode as well as exclude force-https-mode on v3 onion addresses!

((match-regex "^https?://([a-z0-9.-]+.)?[a-z2-7]{56}.onion") :included (nyxt/proxy-mode:proxy-mode) :excluded (nyxt/force-https-mode:force-https-mode))

And then here’s my proxy-mode config…

(define-configuration nyxt/proxy-mode:proxy-mode
  ((nyxt/proxy-mode:proxy (make-instance 'proxy
                                         :url (quri:uri "socks5://localhost:9050")
                                         :allowlist '("localhost")
                                         :proxied-downloads-p t))))

Perhaps someone has ideas for improvements? It’s possible, say, that the regex is slightly off, but so far, it’s worked for everything I gave it in real life!


That’s a nice one!

Maybe we should enable something like it by default?

What is the ([a-z0-9.-]+.)? in the beginning for? Are some websites not following the [a-z2-7]{56} format?

This regex can be easily expanded to support v2 too (using an additional clause with {16}) :slight_smile:

Nice! Thanks for sharing.

It’s for URLs like Brave Search https://search.brave4u7jddbv7cyviptqjc7jusxh72uik7zt6adtckl5f4nwy2v72qd.onion/, where it’s a subdomain of some onion address.

I would advise against v2 onion addresses, although I’m not entirely sure they are completely, absolutely unavailable these days. I know TBB doesn’t allow them anymore.

Oh, it never occured to me that .onion donains can have subdomains xD

Then there’s a dangerous unescaped dot before the closing parenthesis in your regex :slight_smile:

OK Mr. Smarty-Pants, does ^https?://([a-z0-9.-]+\.)?[a-z2-7]{56}\.onion look better to you? :stuck_out_tongue:

Yes, it does xD

Sorry if I was being annoying :slight_smile:

Actually, I always forget how much (one or two?) backslashes one needs to use in CL to hape properly escaped regex special characters, so it can still be “incorrect” :upside_down_face:

Another tip: instead of merely customizing proxy-mode, you can subclass it and use that instead, in case, say, you have more than just Tor for a proxy.

(define-mode tor-proxy-mode (nyxt/proxy-mode:proxy-mode)
  "Set proxy to local Tor SOCKS5 proxy."
  ((nyxt/proxy-mode:proxy (make-instance 'proxy
                                         :url (quri:uri "socks5://localhost:9050")
                                         :allowlist '("localhost")
                                         :proxied-downloads-p t))))

It should be easy to test the correct number of escapes by running a minimal regex containing a single dot against a character other than dot and seeing whether it matches.

1 Like

Could one use this idea to match both Tor and I2P at the same time and switch based on the URL given?

Could one use this idea to match both Tor and I2P at the same time and switch based on the URL given?

I’m not sure I follow? Since Tor and I2P addresses are resolved differently, you’d have to create two rules and two proxy-mode classes…

That actually answers exactly what I was wondering, I just expressed myself poorly. More clearly stated my question was whether one could write rules such that Nyxt resolves I2P addresses via the I2P network, and Tor addresses via the Tor network.

This is really cool.