| Age | Commit message (Expand) | Author |
|---|
| 2021-08-14 | merge facility to install from Hydrilla | Wojtek Kosior |
| 2021-08-14 | Revert changes to content/main.js to commit 25817b68c*...It turns out modifying the CSP headers in meta tags has no effect.
| jahoti |
| 2021-08-06 | Facilitate installation of scripts from the repository...This commit includes:
* removal of page_info_server
* running of storage client in popup context
* extraction of some common CSS to a separate file
* extraction of scripts import view to a separate file
* addition of a facility to conveniently clone complex structures from DOM (in DOM_helpers.js)
* addition of hydrilla repo url to default settings
* other minor changes
and of course changes related to the actual installation of scripts from the repo
| Wojtek Kosior |
| 2021-08-02 | [UNTESTED- will test] Add filtering for http-equiv CSP headers | jahoti |
| 2021-07-26 | Remove unnecessary imports of url_item and add a CSP header-parsing function...The parsing function isn't used yet; however, it will eventually be as a less
destructive alternative to handling headers as indivisible units.
| jahoti |
| 2021-07-21 | add ability to query page content from repo and display it in the popup | Wojtek Kosior |
| 2021-07-20 | Merge rebranding to "Hachette" | Wojtek Kosior |
| 2021-07-20 | Merge commit 'ecb787046271de708b94da70240713e725299d86' | Wojtek Kosior |
| 2021-07-19 | Refer to the extension consistently as "Hachette" and remove TODOS.org...from the copyright file
| jahoti |
| 2021-07-18 | Streamline and harden unique values/settings...The base URL is now included in the settings. The unique value no longer uses
it directly, as it is included by virtue of the settings; however, the number
of full hours since the epoch (UTC) is now incorporated.
| jahoti |
| 2021-07-17 | Revamp signatures and break header caching on FF...Signatures, instead of consisting of the secure salt followed by the unique
value generated from the URL, are now the unique value generated from the
policy value (which will follow them) succeeded by the URL.
CSP headers are now _always_ cleared on FF, regardless of whether the page
is whitelisted or not. This means whitelisting takes effect on page reload,
rather than only when caching occurs. However, it obviously presents security
issues; refinment will occur in a future commit.
| jahoti |
| 2021-07-16 | Use URL-based policy smuggling...Increase the power of URL-based smuggling by making it (effectively)
compulsory in all cases and adapting a <salt><unique value><JSON-encoded
settings> structure. While the details still need to be worked out, the
potential for future expansion is there.
| jahoti |
| 2021-07-12 | merge jahoti into master | Wojtek Kosior |
| 2021-07-12 | Stop using the nonce consistently for a URL...Nonces are now randomly generated, either in the page (for non-HTTP(S) pages)
or by a background module which stores them by tab and frame IDs. In order to
support the increased variance in nonce-generating methods and allow them to
be loaded from the background, handle_page_actions is now invoked separately
according to (non-)blocking mechanism.
| jahoti |
| 2021-07-11 | Remove redundant nonce-based filtering in the script suppressor | jahoti |
| 2021-07-06 | show some settings of the current page in the popup | Wojtek Kosior |
| 2021-07-02 | move parsing of url with targets to misc.js | Wojtek Kosior |
| 2021-06-30 | refactor 3 miscellaneous fnctionalities to a their single own file | Wojtek Kosior |
| 2021-06-30 | emply an sh-based build system; make some changes to blocking | Wojtek Kosior |
| 2021-06-28 | Index two new files intended for the previous commit. | jahoti |
| 2021-06-28 | License script-blocking techniques from NoScript in machine-readable format....In-page blocking now works on Firefox, and JavaScript/data- URLs are properly
blocked to ensure no JavaScript leaks in through backdoors. Blocking of HTML/XML
data: urls should be refined (eventually) to align with current practice for
pages in general.
Also, script-blocking is now filtered by nonce, making it possible (albeit
perhaps not desirable) to inject scripts before the DOM is complete.
| jahoti |
| 2021-06-25 | gather all copyright info in 'copyright' file | Wojtek Kosior |
| 2021-06-18 | when possible inject CSP as http(s) header using webRequest instead of adding... | Wojtek Kosior |
| 2021-06-14 | change licenses | Wojtek Kosior |
| 2021-05-13 | utilize CSP for blocking | Wojtek Kosior |
| 2021-05-12 | use unique hashes when smuggling whitelist setting | Wojtek Kosior |
| 2021-05-12 | stop using js modules | Wojtek Kosior |
| 2021-05-10 | initial commit | Wojtek Kosior |
