aboutsummaryrefslogtreecommitdiff
path: root/copyright
AgeCommit message (Collapse)Author
2021-09-06re-enable sanitizing of data: URLs and also sanitize intrinsics on non-HTML ↵Wojtek Kosior
pages where CSP doesn't work
2021-09-01add styling for popup page\n\nThis does not include styling for contents of ↵Wojtek Kosior
the import dialog
2021-08-27reset CSS rulesWojtek Kosior
2021-08-23use StreamFilter under Mozilla to prevent csp <meta> tags from blocking our ↵Wojtek Kosior
injected scripts
2021-08-06Facilitate installation of scripts from the repositoryWojtek Kosior
This commit includes: * removal of page_info_server * running of storage client in popup context * extraction of some common CSS to a separate file * extraction of scripts import view to a separate file * addition of a facility to conveniently clone complex structures from DOM (in DOM_helpers.js) * addition of hydrilla repo url to default settings * other minor changes and of course changes related to the actual installation of scripts from the repo
2021-08-05enable modularization of html filesWojtek Kosior
2021-07-20Merge rebranding to "Hachette"Wojtek Kosior
2021-07-20Merge commit 'ecb787046271de708b94da70240713e725299d86'Wojtek Kosior
2021-07-19Change the iconjahoti
2021-07-19Refer to the extension consistently as "Hachette" and remove TODOS.orgjahoti
from the copyright file
2021-07-16Use URL-based policy smugglingjahoti
Increase the power of URL-based smuggling by making it (effectively) compulsory in all cases and adapting a <salt><unique value><JSON-encoded settings> structure. While the details still need to be worked out, the potential for future expansion is there.
2021-07-12merge jahoti into masterWojtek Kosior
2021-07-12Stop using the nonce consistently for a URLjahoti
Nonces are now randomly generated, either in the page (for non-HTTP(S) pages) or by a background module which stores them by tab and frame IDs. In order to support the increased variance in nonce-generating methods and allow them to be loaded from the background, handle_page_actions is now invoked separately according to (non-)blocking mechanism.
2021-06-30emply an sh-based build system; make some changes to blockingWojtek Kosior
2021-06-28License script-blocking techniques from NoScript in machine-readable format.jahoti
In-page blocking now works on Firefox, and JavaScript/data- URLs are properly blocked to ensure no JavaScript leaks in through backdoors. Blocking of HTML/XML data: urls should be refined (eventually) to align with current practice for pages in general. Also, script-blocking is now filtered by nonce, making it possible (albeit perhaps not desirable) to inject scripts before the DOM is complete.
2021-06-26remove mnetion of LGPL from javascript exception to the GPLWojtek Kosior
2021-06-25make it clear "A" license contains text from BSD license with its own copyrightWojtek Kosior
2021-06-25gather all copyright info in 'copyright' fileWojtek Kosior