aboutsummaryrefslogtreecommitdiff
path: root/content
AgeCommit message (Collapse)Author
2022-08-24remove unneeded import in policy_enforcing.jsWojtek Kosior
2022-08-24force <noscript> tagsWojtek Kosior
2022-06-20prevent injected scripts from executing out of orderv2.0-beta1Wojtek Kosior
2022-03-28add more tests for CORS bypassing featureWojtek Kosior
2022-03-26allow injected scripts to bypass CORS using provided APIWojtek Kosior
2022-03-24prepare for exposing APIs to injected scriptsWojtek Kosior
2022-03-24serialize and deserialize entire Response object when relaying fetch() calls ↵Wojtek Kosior
to other contexts using sendMessage
2022-03-10improvement to also properly sanitize intrinsics in XML documents under ↵Wojtek Kosior
older browsers (IceCat 60)
2022-03-05improve script blocking in non-HTML documents (XML)Wojtek Kosior
2022-03-04fix setting of 'blocked-blocked<...>-<name>' attributes and add testsWojtek Kosior
2022-03-04for () loop stylingWojtek Kosior
2022-03-04fix setting of 'blocked-<name>' attributes when blocking intrinsic event ↵Wojtek Kosior
handlers
2022-03-04prepend all generated console messages with 'Haketilo:'Wojtek Kosior
2022-03-04fix comment typoWojtek Kosior
2022-02-21inject scripts to pages utilizing blob: URLsWojtek Kosior
2022-02-14restore chromium supportWojtek Kosior
2022-02-02support Parabola's Iceweasel in testsWojtek Kosior
2022-01-29make Haketilo buildable again (for Mozilla)Wojtek Kosior
How cool it is to throw away 5755 lines of code...
2022-01-27add actual payload injection functionality to new content scriptWojtek Kosior
2022-01-26add new root content scriptWojtek Kosior
2022-01-18facilitate caching repository responses in content scriptsWojtek Kosior
2022-01-17test script blocking with and without the CSP-based approach onWojtek Kosior
2022-01-17move policy enforcing code to a new file, include basic testWojtek Kosior
2022-01-04fix license promise typoWojtek Kosior
2021-12-31utilize Pattern Tree to decide the policy to use and modify HTTP response ↵Wojtek Kosior
headers according to that policy This commit also enhances the build script so that preprocessor conditionals can now use operators '&&' and '||'. The features being developed are not yet included in the actual Haketilo build. Some of the new source files contain similar functionality to other ones already existing in the source tree. At some point the latter will be removed.
2021-12-22reworked build system; added missing license noticesWojtek Kosior
2021-12-03merge `master` (license notices) and `koszko` (v1.0 development)Wojtek Kosior
2021-11-20replace cookies with synchronous XmlHttpRequest as policy smuggling method.Wojtek Kosior
Note: this breaks Mozilla port of Haketilo. Synchronous XmlHttpRequest doesn't work as well there. This will be fixed with dynamically-registered content scripts later.
2021-10-30Fix license notices on JS and SH filesjahoti
Other files have been left, as no model notice is available
2021-09-13rename the extension to "Haketilo"Wojtek Kosior
2021-09-10disable service workers when scripts are blockedWojtek Kosior
2021-09-09restore compatibility with IceCat 60Wojtek Kosior
2021-09-09simplify CSP handlingWojtek Kosior
All page's CSP rules are now removed when a payload is to be injected. When there is no payload, CSP rules are not modified but only supplemented with Hachette's own.
2021-09-08Fix sanitizing of non-HTML XMLDocument'sWojtek Kosior
2021-09-06re-enable sanitizing of data: URLs and also sanitize intrinsics on non-HTML ↵Wojtek Kosior
pages where CSP doesn't work
2021-09-04fix script blocking bug under ChromiumWojtek Kosior
2021-09-04merge changes before version 0.1Wojtek Kosior
2021-09-03disable payload injection on non-html pagesWojtek Kosior
2021-09-02implement rethinked <meta> tags sanitizing approachWojtek Kosior
This has not been tested yet. Additionally, functionality for blocking of `data:' urls needs to be re-enabled.
2021-09-02enable toggling of global script blocking policy\n\nThis commit also ↵Wojtek Kosior
introduces `light_storage' module which is later going to replace the storage code we use right now.\nAlso included is a hack to properly display scrollbars under Mozilla (needs testing on newer Mozilla browsers).
2021-08-27add support for `ftp://' protocolWojtek Kosior
2021-08-27enable whitelisting of `file://' protocol\n\nThis commit additionally also ↵Wojtek Kosior
changes the semantics of triple asterisk wildcard in URL path.
2021-08-26improve signing\n\nSignature timestamp is now handled in a saner way. Sha256 ↵Wojtek Kosior
implementation is no longer pulled in contexts that don't require it.
2021-08-23use StreamFilter under Mozilla to prevent csp <meta> tags from blocking our ↵Wojtek Kosior
injected scripts
2021-08-20sanitize `<meta>' tags containing CSP rules under ChromiumWojtek Kosior
This commit adds a mechanism of hijacking document when it loads and injecting sanitized nodes to the DOM from the level of content script.
2021-08-18remove unneeded policy-related cosole messages; restore IceCat 60 compatibilityWojtek Kosior
2021-08-18implement smuggling via cookies instead of URLWojtek Kosior
2021-08-14merge facility to install from HydrillaWojtek Kosior
2021-08-14Revert changes to content/main.js to commit 25817b68c*jahoti
It turns out modifying the CSP headers in meta tags has no effect.
2021-08-06Facilitate installation of scripts from the repositoryWojtek Kosior
This commit includes: * removal of page_info_server * running of storage client in popup context * extraction of some common CSS to a separate file * extraction of scripts import view to a separate file * addition of a facility to conveniently clone complex structures from DOM (in DOM_helpers.js) * addition of hydrilla repo url to default settings * other minor changes and of course changes related to the actual installation of scripts from the repo