Simple Run Blocker Download Review

// DOM elements const urlInput = document.getElementById('urlInput'); const allowBtn = document.getElementById('allowBtn'); const blockDemoBtn = document.getElementById('blockDemoBtn'); const clearAllBtn = document.getElementById('clearAllBtn'); const blockedListEl = document.getElementById('blockedList'); const statusSpan = document.getElementById('statusMsg');

<div class="content"> <div class="info-panel"> <p>🛡️ <strong>Active protection:</strong> any download attempt is <span style="color:#ffad6a;">blocked</span> by default until you approve.</p> <p>📌 <span class="rule">"Run blocker" mode: all executable-like requests are intercepted</span></p> <p>✅ Add trusted URLs manually → they become downloadable. Everything else stays blocked.</p> </div>

// attach remove event listeners for each dynamically created remove button document.querySelectorAll('.remove-btn[data-url]').forEach(btn => btn.removeEventListener('click', handleRemoveBlock); btn.addEventListener('click', handleRemoveBlock); );

body background: linear-gradient(145deg, #101418 0%, #1a1f2c 100%); font-family: 'Segoe UI', Roboto, system-ui, 'Helvetica Neue', sans-serif; display: flex; justify-content: center; align-items: center; min-height: 100vh; margin: 0; padding: 24px; simple run blocker download

// actual download via dynamic anchor (safe browser download) function performActualDownload(url) try // create temporary link element const link = document.createElement('a'); link.href = url; link.download = ''; // optional: forces download for same-origin or CORS-enabled URLs link.target = '_blank'; link.rel = 'noopener noreferrer'; // For cross-origin, .download attribute may not force download, but at least it opens or triggers save-as. // Still safe, we're just providing download capability. document.body.appendChild(link); link.click(); document.body.removeChild(link); updateStatusMessage(`📥 Download started for allowed URL`, '#9effcf'); catch (err) console.warn(err); updateStatusMessage(`⚠️ Download failed (browser restrictions): $err.message`, '#ffbc6e'); // fallback: open new window window.open(url, '_blank');

// Helper: update UI for blocked list (quarantine) function renderBlockedList() if (!blockedListEl) return; if (blockedItems.length === 0) blockedListEl.innerHTML = '<li class="empty-msg">✨ No blocked attempts. Run blocker is watching.</li>'; return; // show latest first (reverse) const reversed = [...blockedItems].reverse(); blockedListEl.innerHTML = reversed.map((item, idx) => const displayUrl = item.url.length > 65 ? item.url.substring(0, 62) + '...' : item.url; const timeStr = item.timestamp ? new Date(item.timestamp).toLocaleTimeString() : 'just now'; return ` <li> <span class="file-url" title="$escapeHtml(item.url)">🚫 $escapeHtml(displayUrl)</span> <span style="font-size:0.7rem; background:#1e1f2e; padding:2px 8px; border-radius:40px;">$timeStr</span> <button class="remove-btn" data-url="$escapeHtml(item.url)" data-removeidx="$blockedItems.length - 1 - idx">✖</button> </li> `; ).join('');

.remove-btn background: none; border: none; color: #ff8a8a; font-size: 1.3rem; cursor: pointer; font-weight: bold; padding: 0 8px; transition: 0.1s; border-radius: 40px; // DOM elements const urlInput = document

.btn-danger background: #ab2e3c; color: white;

.section-title font-size: 0.85rem; text-transform: uppercase; font-weight: 700; letter-spacing: 1px; color: #7f8bb3; padding: 12px 16px 4px; display: flex; justify-content: space-between;

function updateStatusMessage(msg, color = '#b5ff9e') if (statusSpan) statusSpan.textContent = msg; statusSpan.style.color = color; setTimeout(() => if (statusSpan.textContent === msg) statusSpan.style.color = '#87e987'; statusSpan.textContent = '✅ ready'; , 2800); document

function escapeHtml(str) if (!str) return ''; return str.replace(/[&<>]/g, function(m) if (m === '&') return '&'; if (m === '<') return '<'; if (m === '>') return '>'; return m; ).replace(/[\uD800-\uDBFF][\uDC00-\uDFFF]/g, function(c) return c; );

/* main card */ .blocker-card max-width: 650px; width: 100%; background: rgba(22, 26, 35, 0.85); backdrop-filter: blur(2px); border-radius: 48px; box-shadow: 0 25px 45px rgba(0, 0, 0, 0.5), 0 0 0 1px rgba(255, 255, 255, 0.05); overflow: hidden; transition: all 0.2s ease;

// Simulate a "malicious run attempt" -> gets blocked function simulateBlockedRun() const fakeRuns = [ "powershell.exe -EncodedCommand ... (blocked)", "C:\\Users\\temp\\malware.exe", "https://evil-server/runme.bat", "file:///C:/Windows/Tasks/backdoor.vbs", "https://fakecdn.com/setup.exe?click=1" ]; const randomFake = fakeRuns[Math.floor(Math.random() * fakeRuns.length)]; addBlockedEntry(randomFake, 'Simulated run attempt (auto-blocked by Run Blocker)'); renderBlockedList(); updateStatusMessage(`⚠️ SIMULATED run blocked: $shorten(randomFake, 60)`, '#ffaa77'); triggerSimulatedBlockAlert(randomFake);

.sub color: #8f98b3; margin-top: 8px; font-size: 0.9rem; font-weight: 400;

© 2026 Northern Leaf. All rights reserved.