| Age | Commit message (Expand) | Author |
|---|
| 2021-09-13 | rename the extension to "Haketilo" | Wojtek Kosior |
| 2021-09-10 | Make it impossible to check "Allow native scripts" for pages with payload. | Wojtek Kosior |
| 2021-09-09 | simplify CSP handling...All page's CSP rules are now removed when a payload is to be injected. When there is no payload, CSP rules are not modified but only supplemented with Hachette's own.
| Wojtek Kosior |
| 2021-09-04 | merge changes before version 0.1 | Wojtek Kosior |
| 2021-09-03 | only apply stream filter modifications when reasonably necessary | Wojtek Kosior |
| 2021-09-02 | enable toggling of global script blocking policy\n\nThis commit also introduc... | Wojtek Kosior |
| 2021-08-27 | put simplest, asynchronous local storage operations in a separate file | Wojtek Kosior |
| 2021-08-26 | filter HTTP request headers to remove Hachette cookies in case they slip through | Wojtek Kosior |
| 2021-08-26 | improve signing\n\nSignature timestamp is now handled in a saner way. Sha256 ... | Wojtek Kosior |
| 2021-08-23 | use StreamFilter under Mozilla to prevent csp <meta> tags from blocking our i... | Wojtek Kosior |
| 2021-08-20 | sanitize `<meta>' tags containing CSP rules under Chromium...This commit adds a mechanism of hijacking document when it loads and injecting sanitized nodes to the DOM from the level of content script.
| Wojtek Kosior |
| 2021-08-18 | remove unneeded policy-related cosole messages; restore IceCat 60 compatibility | Wojtek Kosior |
| 2021-08-18 | implement smuggling via cookies instead of URL | Wojtek Kosior |
| 2021-08-14 | merge facility to install from Hydrilla | Wojtek Kosior |
| 2021-08-06 | Facilitate installation of scripts from the repository...This commit includes:
* removal of page_info_server
* running of storage client in popup context
* extraction of some common CSS to a separate file
* extraction of scripts import view to a separate file
* addition of a facility to conveniently clone complex structures from DOM (in DOM_helpers.js)
* addition of hydrilla repo url to default settings
* other minor changes
and of course changes related to the actual installation of scripts from the repo
| Wojtek Kosior |
| 2021-08-04 | make settings_query.js use storage object passed as an argument | Wojtek Kosior |
| 2021-08-02 | [UNTESTED- will test] Add filtering for http-equiv CSP headers | jahoti |
| 2021-07-28 | Rationalize CSP violation report blocking....Report blocking now applies iff scripts are blocked.
| jahoti |
| 2021-07-26 | code maintenance | Wojtek Kosior |
| 2021-07-26 | Squash more CSP-filtering bugs...On Firefox, original CSP headers are now smuggled (signed) in an x-orig-csp
header to prevent re-processing issues with caching. Additionally, a default
header is added for non-whitelisted domains in case there are no existing
headers we can attach to.
| jahoti |
| 2021-07-26 | Fix some bugs in the refined CSP handling | jahoti |
| 2021-07-26 | [UNTESTED- will test] Use more nuanced CSP filtering...CSP headers are now parsed and processed, rather than treated as simple
units. This allows us to ensure policies delivered as HTTP headers do not
interfere with our script filtering, as well as to preserve useful protections
while removing the ones that could be problematic. Additionally, prefetching
should now be blocked on pages where native scripts aren't allowed, and
all reporting of CSP violations has been stripped (is this appropriate?).
| jahoti |
| 2021-07-26 | Remove unnecessary imports of url_item and add a CSP header-parsing function...The parsing function isn't used yet; however, it will eventually be as a less
destructive alternative to handling headers as indivisible units.
| jahoti |
| 2021-07-23 | extract observables implementation from storage.js | Wojtek Kosior |
| 2021-07-21 | add ability to query page content from repo and display it in the popup | Wojtek Kosior |
| 2021-07-21 | store repository URLs in settings | Wojtek Kosior |
| 2021-07-21 | remove unused variables | Wojtek Kosior |
| 2021-07-20 | Merge rebranding to "Hachette" | Wojtek Kosior |
| 2021-07-20 | fix page info server bugs | Wojtek Kosior |
| 2021-07-20 | Merge commit 'ecb787046271de708b94da70240713e725299d86' | Wojtek Kosior |
| 2021-07-19 | Refer to the extension consistently as "Hachette" and remove TODOS.org...from the copyright file
| jahoti |
| 2021-07-18 | Streamline and harden unique values/settings...The base URL is now included in the settings. The unique value no longer uses
it directly, as it is included by virtue of the settings; however, the number
of full hours since the epoch (UTC) is now incorporated.
| jahoti |
| 2021-07-17 | Revamp signatures and break header caching on FF...Signatures, instead of consisting of the secure salt followed by the unique
value generated from the URL, are now the unique value generated from the
policy value (which will follow them) succeeded by the URL.
CSP headers are now _always_ cleared on FF, regardless of whether the page
is whitelisted or not. This means whitelisting takes effect on page reload,
rather than only when caching occurs. However, it obviously presents security
issues; refinment will occur in a future commit.
| jahoti |
| 2021-07-16 | Use URL-based policy smuggling...Increase the power of URL-based smuggling by making it (effectively)
compulsory in all cases and adapting a <salt><unique value><JSON-encoded
settings> structure. While the details still need to be worked out, the
potential for future expansion is there.
| jahoti |
| 2021-07-12 | merge jahoti into master | Wojtek Kosior |
| 2021-07-12 | Stop using the nonce consistently for a URL...Nonces are now randomly generated, either in the page (for non-HTTP(S) pages)
or by a background module which stores them by tab and frame IDs. In order to
support the increased variance in nonce-generating methods and allow them to
be loaded from the background, handle_page_actions is now invoked separately
according to (non-)blocking mechanism.
| jahoti |
| 2021-07-06 | Merge popup display | Wojtek Kosior |
| 2021-07-06 | show some settings of the current page in the popup | Wojtek Kosior |
| 2021-07-04 | Revamp default settings...Default settings are now provided in the same format as data exported from the
extension, incorporating them into the main program as part of the build
process. Also, modify their contents; the apparently non-functional FSF stuff
is gone, replaced with fixes for BandCamp, WorldCat, and SumOfUs.
| jahoti |
| 2021-06-30 | fix whitelisting under Firefox | Wojtek Kosior |
| 2021-06-30 | refactor 3 miscellaneous fnctionalities to a their single own file | Wojtek Kosior |
| 2021-06-30 | emply an sh-based build system; make some changes to blocking | Wojtek Kosior |
| 2021-06-25 | gather all copyright info in 'copyright' file | Wojtek Kosior |
| 2021-06-23 | Fix storage initialization on Icecat 60...This patch fixes storage initialization on Gecko browsers by switching from
using a background page to using a list of scripts. It remains a mystery why
that should have any effect; the only hint is that browser.runtime.onInstalled
does not fire when called from a script loaded in a background page.
Signed-off-by: jahoti <jahoti@tilde.team>
| jahoti |
| 2021-06-18 | remove unused source files | Wojtek Kosior |
| 2021-06-18 | when possible inject CSP as http(s) header using webRequest instead of adding... | Wojtek Kosior |
| 2021-06-14 | change licenses | Wojtek Kosior |
| 2021-05-14 | support wildcard urls in settings | Wojtek Kosior |
| 2021-05-13 | only allow a single injection payload for page, rely on script bags for compl... | Wojtek Kosior |
| 2021-05-12 | rename "bundles" to "bags" | Wojtek Kosior |
