Age | Commit message (Collapse) | Author | |
---|---|---|---|
2021-09-01 | change description | Wojtek Kosior | |
2021-09-01 | add styling for popup page\n\nThis does not include styling for contents of ↵ | Wojtek Kosior | |
the import dialog | |||
2021-08-30 | add styling for options page\n\nThis does not include styling for contents ↵ | Wojtek Kosior | |
of the import popup | |||
2021-08-27 | reset CSS rules | Wojtek Kosior | |
2021-08-27 | start using `<template>' tag | Wojtek Kosior | |
2021-08-27 | put simplest, asynchronous local storage operations in a separate file | Wojtek Kosior | |
2021-08-27 | add support for `ftp://' protocol | Wojtek Kosior | |
2021-08-27 | enable whitelisting of `file://' protocol\n\nThis commit additionally also ↵ | Wojtek Kosior | |
changes the semantics of triple asterisk wildcard in URL path. | |||
2021-08-26 | filter HTTP request headers to remove Hachette cookies in case they slip through | Wojtek Kosior | |
2021-08-26 | improve signing\n\nSignature timestamp is now handled in a saner way. Sha256 ↵ | Wojtek Kosior | |
implementation is no longer pulled in contexts that don't require it. | |||
2021-08-23 | use StreamFilter under Mozilla to prevent csp <meta> tags from blocking our ↵ | Wojtek Kosior | |
injected scripts | |||
2021-08-22 | Support a custom certificates directory in test/server.py | jahoti | |
2021-08-22 | Incorporate patch for test/gorilla.py | jahoti | |
Patch by Wojtek provides a bundle-all option and only reads Hydrilla files. | |||
2021-08-20 | sanitize `<meta>' tags containing CSP rules under Chromium | Wojtek Kosior | |
This commit adds a mechanism of hijacking document when it loads and injecting sanitized nodes to the DOM from the level of content script. | |||
2021-08-18 | remove unneeded policy-related cosole messages; restore IceCat 60 compatibility | Wojtek Kosior | |
2021-08-18 | implement smuggling via cookies instead of URL | Wojtek Kosior | |
2021-08-18 | enhance our bundler to protect top-level `this' from accidental clobbering | Wojtek Kosior | |
2021-08-17 | Begin work on a Hydrilla-compatible virtual website for testing | jahoti | |
The file test/gorilla.py will help with testing respositories. It also provides a CLI Hydrilla > Hachette fix converter. | |||
2021-08-17 | Enable the hijacking proxy in the test suite to serve responses | jahoti | |
2021-08-17 | Merge remote-tracking branch 'origin/master' into jahoti | jahoti | |
2021-08-14 | merge facility to install from Hydrilla | Wojtek Kosior | |
2021-08-14 | merge csp-PoC | Wojtek Kosior | |
2021-08-14 | Revert changes to content/main.js to commit 25817b68c* | jahoti | |
It turns out modifying the CSP headers in meta tags has no effect. | |||
2021-08-10 | change default repository URL | Wojtek Kosior | |
2021-08-06 | Facilitate installation of scripts from the repository | Wojtek Kosior | |
This commit includes: * removal of page_info_server * running of storage client in popup context * extraction of some common CSS to a separate file * extraction of scripts import view to a separate file * addition of a facility to conveniently clone complex structures from DOM (in DOM_helpers.js) * addition of hydrilla repo url to default settings * other minor changes and of course changes related to the actual installation of scripts from the repo | |||
2021-08-06 | Add the beginnings of a test suite | jahoti | |
2021-08-05 | enable modularization of html files | Wojtek Kosior | |
2021-08-04 | make settings_query.js use storage object passed as an argument | Wojtek Kosior | |
2021-08-02 | [UNTESTED- will test] Add filtering for http-equiv CSP headers | jahoti | |
2021-07-28 | Rationalize CSP violation report blocking. | jahoti | |
Report blocking now applies iff scripts are blocked. | |||
2021-07-27 | validate settings on import | Wojtek Kosior | |
2021-07-26 | provide a facility to sanitize externally-obtained JSON | Wojtek Kosior | |
2021-07-26 | code maintenance | Wojtek Kosior | |
2021-07-26 | Squash more CSP-filtering bugs | jahoti | |
On Firefox, original CSP headers are now smuggled (signed) in an x-orig-csp header to prevent re-processing issues with caching. Additionally, a default header is added for non-whitelisted domains in case there are no existing headers we can attach to. | |||
2021-07-26 | Fix some bugs in the refined CSP handling | jahoti | |
2021-07-26 | [UNTESTED- will test] Use more nuanced CSP filtering | jahoti | |
CSP headers are now parsed and processed, rather than treated as simple units. This allows us to ensure policies delivered as HTTP headers do not interfere with our script filtering, as well as to preserve useful protections while removing the ones that could be problematic. Additionally, prefetching should now be blocked on pages where native scripts aren't allowed, and all reporting of CSP violations has been stripped (is this appropriate?). | |||
2021-07-26 | Remove unnecessary imports of url_item and add a CSP header-parsing function | jahoti | |
The parsing function isn't used yet; however, it will eventually be as a less destructive alternative to handling headers as indivisible units. | |||
2021-07-25 | Squash more CSP-filtering bugs | jahoti | |
On Firefox, original CSP headers are now smuggled (signed) in an x-orig-csp header to prevent re-processing issues with caching. Additionally, a default header is added for non-whitelisted domains in case there are no existing headers we can attach to. | |||
2021-07-23 | extract observables implementation from storage.js | Wojtek Kosior | |
2021-07-22 | Fix some bugs in the refined CSP handling | jahoti | |
2021-07-21 | add ability to query page content from repo and display it in the popup | Wojtek Kosior | |
2021-07-21 | store repository URLs in settings | Wojtek Kosior | |
2021-07-21 | remove unused variables | Wojtek Kosior | |
2021-07-21 | [UNTESTED- will test] Use more nuanced CSP filtering | jahoti | |
CSP headers are now parsed and processed, rather than treated as simple units. This allows us to ensure policies delivered as HTTP headers do not interfere with our script filtering, as well as to preserve useful protections while removing the ones that could be problematic. Additionally, prefetching should now be blocked on pages where native scripts aren't allowed, and all reporting of CSP violations has been stripped (is this appropriate?). | |||
2021-07-21 | Merge remote-tracking branch 'origin/koszko' into jahoti | jahoti | |
2021-07-21 | Remove unnecessary imports of url_item and add a CSP header-parsing function | jahoti | |
The parsing function isn't used yet; however, it will eventually be as a less destructive alternative to handling headers as indivisible units. | |||
2021-07-20 | Merge rebranding to "Hachette" | Wojtek Kosior | |
2021-07-20 | fix options_main.js bugs | Wojtek Kosior | |
2021-07-20 | fix page info server bugs | Wojtek Kosior | |
2021-07-20 | Merge commit 'ecb787046271de708b94da70240713e725299d86' | Wojtek Kosior | |