Age | Commit message (Collapse) | Author | |
---|---|---|---|
2022-03-24 | serialize and deserialize entire Response object when relaying fetch() calls ↵ | Wojtek Kosior | |
to other contexts using sendMessage | |||
2022-03-11 | don't double-modify response headers retrieved from cache | Wojtek Kosior | |
2022-03-10 | fix application of default blocking rule under Chromium | Wojtek Kosior | |
2022-03-10 | fix chromium synchronous policy fetching for file:/// URLs | Wojtek Kosior | |
2022-03-10 | fix incorrect variable reference | Wojtek Kosior | |
2022-03-04 | prepend all generated console messages with 'Haketilo:' | Wojtek Kosior | |
2022-02-15 | change store names and data keys to singular | Wojtek Kosior | |
2022-02-14 | restore chromium support | Wojtek Kosior | |
2022-02-09 | make resource dependency specifier an object | Wojtek Kosior | |
2022-02-09 | adapt to changes in file path format | Wojtek Kosior | |
From now on we assume Hydrilla serves file contents at 'file/sha256/<hash>' instead of 'file/sha256-<hash>'. With this commit we also stop using the "hash_key" property internally. | |||
2022-01-29 | make Haketilo buildable again (for Mozilla) | Wojtek Kosior | |
How cool it is to throw away 5755 lines of code... | |||
2022-01-27 | facilitate querying IndexedDB for script files of resource and its dependencies | Wojtek Kosior | |
2022-01-26 | add new root content script | Wojtek Kosior | |
2022-01-22 | add a mapping/resources installation dialog | Wojtek Kosior | |
2022-01-18 | facilitate caching repository responses in content scripts | Wojtek Kosior | |
2022-01-18 | facilitate making CORS-agnostic requests through background script | Wojtek Kosior | |
2022-01-15 | make blocking rules queryable in pattern tree just as mappings are | Wojtek Kosior | |
2022-01-04 | fix license promise typo | Wojtek Kosior | |
2022-01-03 | improve and test the dafult policy dialog | Wojtek Kosior | |
This commit also fixes some bugs that manifested themselves spuriously. | |||
2021-12-31 | utilize Pattern Tree to decide the policy to use and modify HTTP response ↵ | Wojtek Kosior | |
headers according to that policy This commit also enhances the build script so that preprocessor conditionals can now use operators '&&' and '||'. The features being developed are not yet included in the actual Haketilo build. Some of the new source files contain similar functionality to other ones already existing in the source tree. At some point the latter will be removed. | |||
2021-12-27 | facilitate egistering dynamic content scripts with mappings data | Wojtek Kosior | |
2021-12-22 | reworked build system; added missing license notices | Wojtek Kosior | |
2021-12-14 | facilitate broadcasting messages to different execution contexts within the ↵ | Wojtek Kosior | |
webextension | |||
2021-12-08 | facilitate initialization of IndexedDB for use by Haketilo | Wojtek Kosior | |
2021-12-03 | merge `master` (license notices) and `koszko` (v1.0 development) | Wojtek Kosior | |
2021-12-01 | facilitate testing javascript functions | Wojtek Kosior | |
Haketilo's .js files can now be loaded together with their dependencies and executed on a page opened in a selenium-driven Firefox instance. | |||
2021-11-20 | replace cookies with synchronous XmlHttpRequest as policy smuggling method. | Wojtek Kosior | |
Note: this breaks Mozilla port of Haketilo. Synchronous XmlHttpRequest doesn't work as well there. This will be fixed with dynamically-registered content scripts later. | |||
2021-10-30 | Fix license notices on JS and SH files | jahoti | |
Other files have been left, as no model notice is available | |||
2021-09-13 | rename the extension to "Haketilo" | Wojtek Kosior | |
2021-09-10 | Make it impossible to check "Allow native scripts" for pages with payload. | Wojtek Kosior | |
2021-09-09 | simplify CSP handling | Wojtek Kosior | |
All page's CSP rules are now removed when a payload is to be injected. When there is no payload, CSP rules are not modified but only supplemented with Hachette's own. | |||
2021-09-04 | merge changes before version 0.1 | Wojtek Kosior | |
2021-09-03 | only apply stream filter modifications when reasonably necessary | Wojtek Kosior | |
2021-09-02 | enable toggling of global script blocking policy\n\nThis commit also ↵ | Wojtek Kosior | |
introduces `light_storage' module which is later going to replace the storage code we use right now.\nAlso included is a hack to properly display scrollbars under Mozilla (needs testing on newer Mozilla browsers). | |||
2021-08-27 | put simplest, asynchronous local storage operations in a separate file | Wojtek Kosior | |
2021-08-26 | filter HTTP request headers to remove Hachette cookies in case they slip through | Wojtek Kosior | |
2021-08-26 | improve signing\n\nSignature timestamp is now handled in a saner way. Sha256 ↵ | Wojtek Kosior | |
implementation is no longer pulled in contexts that don't require it. | |||
2021-08-23 | use StreamFilter under Mozilla to prevent csp <meta> tags from blocking our ↵ | Wojtek Kosior | |
injected scripts | |||
2021-08-20 | sanitize `<meta>' tags containing CSP rules under Chromium | Wojtek Kosior | |
This commit adds a mechanism of hijacking document when it loads and injecting sanitized nodes to the DOM from the level of content script. | |||
2021-08-18 | remove unneeded policy-related cosole messages; restore IceCat 60 compatibility | Wojtek Kosior | |
2021-08-18 | implement smuggling via cookies instead of URL | Wojtek Kosior | |
2021-08-14 | merge facility to install from Hydrilla | Wojtek Kosior | |
2021-08-06 | Facilitate installation of scripts from the repository | Wojtek Kosior | |
This commit includes: * removal of page_info_server * running of storage client in popup context * extraction of some common CSS to a separate file * extraction of scripts import view to a separate file * addition of a facility to conveniently clone complex structures from DOM (in DOM_helpers.js) * addition of hydrilla repo url to default settings * other minor changes and of course changes related to the actual installation of scripts from the repo | |||
2021-08-04 | make settings_query.js use storage object passed as an argument | Wojtek Kosior | |
2021-08-02 | [UNTESTED- will test] Add filtering for http-equiv CSP headers | jahoti | |
2021-07-28 | Rationalize CSP violation report blocking. | jahoti | |
Report blocking now applies iff scripts are blocked. | |||
2021-07-26 | code maintenance | Wojtek Kosior | |
2021-07-26 | Squash more CSP-filtering bugs | jahoti | |
On Firefox, original CSP headers are now smuggled (signed) in an x-orig-csp header to prevent re-processing issues with caching. Additionally, a default header is added for non-whitelisted domains in case there are no existing headers we can attach to. | |||
2021-07-26 | Fix some bugs in the refined CSP handling | jahoti | |
2021-07-26 | [UNTESTED- will test] Use more nuanced CSP filtering | jahoti | |
CSP headers are now parsed and processed, rather than treated as simple units. This allows us to ensure policies delivered as HTTP headers do not interfere with our script filtering, as well as to preserve useful protections while removing the ones that could be problematic. Additionally, prefetching should now be blocked on pages where native scripts aren't allowed, and all reporting of CSP violations has been stripped (is this appropriate?). |