aboutsummaryrefslogtreecommitdiff
AgeCommit message (Expand)Author
2021-07-26provide a facility to sanitize externally-obtained JSONWojtek Kosior
2021-07-23extract observables implementation from storage.jsWojtek Kosior
2021-07-21add ability to query page content from repo and display it in the popupWojtek Kosior
2021-07-21store repository URLs in settingsWojtek Kosior
2021-07-21remove unused variablesWojtek Kosior
2021-07-20Merge rebranding to "Hachette"Wojtek Kosior
2021-07-20fix options_main.js bugsWojtek Kosior
2021-07-20fix page info server bugsWojtek Kosior
2021-07-20Merge commit 'ecb787046271de708b94da70240713e725299d86'Wojtek Kosior
2021-07-19Change the iconjahoti
2021-07-19Refer to the extension consistently as "Hachette" and remove TODOS.org...from the copyright file jahoti
2021-07-18Streamline and harden unique values/settings...The base URL is now included in the settings. The unique value no longer uses it directly, as it is included by virtue of the settings; however, the number of full hours since the epoch (UTC) is now incorporated. jahoti
2021-07-17Revamp signatures and break header caching on FF...Signatures, instead of consisting of the secure salt followed by the unique value generated from the URL, are now the unique value generated from the policy value (which will follow them) succeeded by the URL. CSP headers are now _always_ cleared on FF, regardless of whether the page is whitelisted or not. This means whitelisting takes effect on page reload, rather than only when caching occurs. However, it obviously presents security issues; refinment will occur in a future commit. jahoti
2021-07-16Use URL-based policy smuggling...Increase the power of URL-based smuggling by making it (effectively) compulsory in all cases and adapting a <salt><unique value><JSON-encoded settings> structure. While the details still need to be worked out, the potential for future expansion is there. jahoti
2021-07-12merge jahoti into masterWojtek Kosior
2021-07-12Stop using the nonce consistently for a URL...Nonces are now randomly generated, either in the page (for non-HTTP(S) pages) or by a background module which stores them by tab and frame IDs. In order to support the increased variance in nonce-generating methods and allow them to be loaded from the background, handle_page_actions is now invoked separately according to (non-)blocking mechanism. jahoti
2021-07-11Remove redundant nonce-based filtering in the script suppressorjahoti
2021-07-11Integrate browser.js into exports_init.js, and streamline the resultjahoti
2021-07-06Merge popup displayWojtek Kosior
2021-07-06show some settings of the current page in the popupWojtek Kosior
2021-07-04Revamp default settings...Default settings are now provided in the same format as data exported from the extension, incorporating them into the main program as part of the build process. Also, modify their contents; the apparently non-functional FSF stuff is gone, replaced with fixes for BandCamp, WorldCat, and SumOfUs. jahoti
2021-07-02enable opening settings page with certain item immediately in edit modeWojtek Kosior
2021-07-02move parsing of url with targets to misc.jsWojtek Kosior
2021-07-02ignore some special files (emacs automatic backups) when buildingWojtek Kosior
2021-07-01Employ issue trackerWojtek Kosior
2021-06-30fix whitelisting under FirefoxWojtek Kosior
2021-06-30remove trailing whitespaceWojtek Kosior
2021-06-30refactor 3 miscellaneous fnctionalities to a their single own fileWojtek Kosior
2021-06-30emply an sh-based build system; make some changes to blockingWojtek Kosior
2021-06-28Index two new files intended for the previous commit.jahoti
2021-06-28License script-blocking techniques from NoScript in machine-readable format....In-page blocking now works on Firefox, and JavaScript/data- URLs are properly blocked to ensure no JavaScript leaks in through backdoors. Blocking of HTML/XML data: urls should be refined (eventually) to align with current practice for pages in general. Also, script-blocking is now filtered by nonce, making it possible (albeit perhaps not desirable) to inject scripts before the DOM is complete. jahoti
2021-06-26remove mnetion of LGPL from javascript exception to the GPLWojtek Kosior
2021-06-25make it clear "A" license contains text from BSD license with its own copyrightWojtek Kosior
2021-06-25gather all copyright info in 'copyright' fileWojtek Kosior
2021-06-23Fix storage initialization on Icecat 60...This patch fixes storage initialization on Gecko browsers by switching from using a background page to using a list of scripts. It remains a mystery why that should have any effect; the only hint is that browser.runtime.onInstalled does not fire when called from a script loaded in a background page. Signed-off-by: jahoti <jahoti@tilde.team> jahoti
2021-06-21change horizontal line style to light greenNicholas Johnson
2021-06-20add button stylingNicholas Johnson
2021-06-19add import/export functionalityWojtek Kosior
2021-06-18remove unused source filesWojtek Kosior
2021-06-18update Asshole license textWojtek Kosior
2021-06-18when possible inject CSP as http(s) header using webRequest instead of adding...Wojtek Kosior
2021-06-14change licensesWojtek Kosior
2021-05-14react to few bugsWojtek Kosior
2021-05-14support wildcard urls in settingsWojtek Kosior
2021-05-13make extension work under IceCat 60Wojtek Kosior
2021-05-13utilize CSP for blockingWojtek Kosior
2021-05-13only allow a single injection payload for page, rely on script bags for compl...Wojtek Kosior
2021-05-12rename "bundles" to "bags"Wojtek Kosior
2021-05-12use unique hashes when smuggling whitelist settingWojtek Kosior
2021-05-12fix bug when saving page/bundleWojtek Kosior