Age | Commit message (Collapse) | Author | |
---|---|---|---|
2021-09-14 | use default settings that only contain a demo script (the rest is available ↵ | Wojtek Kosior | |
through Hydrilla) | |||
2021-09-13 | rename the extension to "Haketilo" | Wojtek Kosior | |
2021-09-11 | added missing line break in options page | Wojtek Kosior | |
2021-09-10 | disable service workers when scripts are blocked | Wojtek Kosior | |
2021-09-10 | Make it impossible to check "Allow native scripts" for pages with payload. | Wojtek Kosior | |
2021-09-10 | limit allowed pattern lengths | Wojtek Kosior | |
2021-09-09 | restore compatibility with IceCat 60 | Wojtek Kosior | |
2021-09-09 | simplify CSP handling | Wojtek Kosior | |
All page's CSP rules are now removed when a payload is to be injected. When there is no payload, CSP rules are not modified but only supplemented with Hachette's own. | |||
2021-09-08 | Fix sanitizing of non-HTML XMLDocument's | Wojtek Kosior | |
2021-09-06 | re-enable sanitizing of data: URLs and also sanitize intrinsics on non-HTML ↵ | Wojtek Kosior | |
pages where CSP doesn't work | |||
2021-09-06 | generate Chromium unique key automatically in `build.sh' | Wojtek Kosior | |
2021-09-04 | fix script blocking bug under Chromium | Wojtek Kosior | |
2021-09-04 | update documentation link in the README | Wojtek Kosior | |
2021-09-04 | show appropriate message when repository returns no custom content for given URL | Wojtek Kosior | |
2021-09-04 | merge changes before version 0.1 | Wojtek Kosior | |
2021-09-03 | limit width of url in popup heading | Wojtek Kosior | |
2021-09-03 | disable payload injection on non-html pages | Wojtek Kosior | |
2021-09-03 | only apply stream filter modifications when reasonably necessary | Wojtek Kosior | |
2021-09-02 | implement rethinked <meta> tags sanitizing approach | Wojtek Kosior | |
This has not been tested yet. Additionally, functionality for blocking of `data:' urls needs to be re-enabled. | |||
2021-09-02 | also require "unlimitedStorage" permission to avoid surprise later | Wojtek Kosior | |
2021-09-02 | enable toggling of global script blocking policy\n\nThis commit also ↵ | Wojtek Kosior | |
introduces `light_storage' module which is later going to replace the storage code we use right now.\nAlso included is a hack to properly display scrollbars under Mozilla (needs testing on newer Mozilla browsers). | |||
2021-09-01 | add styling to settings install(import) dialog | Wojtek Kosior | |
2021-09-01 | change description | Wojtek Kosior | |
2021-09-01 | add styling for popup page\n\nThis does not include styling for contents of ↵ | Wojtek Kosior | |
the import dialog | |||
2021-08-30 | add styling for options page\n\nThis does not include styling for contents ↵ | Wojtek Kosior | |
of the import popup | |||
2021-08-27 | reset CSS rules | Wojtek Kosior | |
2021-08-27 | start using `<template>' tag | Wojtek Kosior | |
2021-08-27 | put simplest, asynchronous local storage operations in a separate file | Wojtek Kosior | |
2021-08-27 | add support for `ftp://' protocol | Wojtek Kosior | |
2021-08-27 | enable whitelisting of `file://' protocol\n\nThis commit additionally also ↵ | Wojtek Kosior | |
changes the semantics of triple asterisk wildcard in URL path. | |||
2021-08-26 | filter HTTP request headers to remove Hachette cookies in case they slip through | Wojtek Kosior | |
2021-08-26 | improve signing\n\nSignature timestamp is now handled in a saner way. Sha256 ↵ | Wojtek Kosior | |
implementation is no longer pulled in contexts that don't require it. | |||
2021-08-23 | use StreamFilter under Mozilla to prevent csp <meta> tags from blocking our ↵ | Wojtek Kosior | |
injected scripts | |||
2021-08-20 | sanitize `<meta>' tags containing CSP rules under Chromium | Wojtek Kosior | |
This commit adds a mechanism of hijacking document when it loads and injecting sanitized nodes to the DOM from the level of content script. | |||
2021-08-18 | remove unneeded policy-related cosole messages; restore IceCat 60 compatibility | Wojtek Kosior | |
2021-08-18 | implement smuggling via cookies instead of URL | Wojtek Kosior | |
2021-08-18 | enhance our bundler to protect top-level `this' from accidental clobbering | Wojtek Kosior | |
2021-08-14 | merge facility to install from Hydrilla | Wojtek Kosior | |
2021-08-14 | merge csp-PoC | Wojtek Kosior | |
2021-08-14 | Revert changes to content/main.js to commit 25817b68c* | jahoti | |
It turns out modifying the CSP headers in meta tags has no effect. | |||
2021-08-10 | change default repository URL | Wojtek Kosior | |
2021-08-06 | Facilitate installation of scripts from the repository | Wojtek Kosior | |
This commit includes: * removal of page_info_server * running of storage client in popup context * extraction of some common CSS to a separate file * extraction of scripts import view to a separate file * addition of a facility to conveniently clone complex structures from DOM (in DOM_helpers.js) * addition of hydrilla repo url to default settings * other minor changes and of course changes related to the actual installation of scripts from the repo | |||
2021-08-05 | enable modularization of html files | Wojtek Kosior | |
2021-08-04 | make settings_query.js use storage object passed as an argument | Wojtek Kosior | |
2021-08-02 | [UNTESTED- will test] Add filtering for http-equiv CSP headers | jahoti | |
2021-07-28 | Rationalize CSP violation report blocking. | jahoti | |
Report blocking now applies iff scripts are blocked. | |||
2021-07-27 | validate settings on import | Wojtek Kosior | |
2021-07-26 | provide a facility to sanitize externally-obtained JSON | Wojtek Kosior | |
2021-07-26 | code maintenance | Wojtek Kosior | |
2021-07-26 | Squash more CSP-filtering bugs | jahoti | |
On Firefox, original CSP headers are now smuggled (signed) in an x-orig-csp header to prevent re-processing issues with caching. Additionally, a default header is added for non-whitelisted domains in case there are no existing headers we can attach to. |