Age | Commit message (Collapse) | Author |
|
It is now possible to more conveniently test WebExtension APIs code by wrapping it into a test WebExtension and temporarily installing in the driven browser.
|
|
|
|
|
|
|
|
Unit tests were moved to their own subdirectory.
Fixtures common to many unit tests were moved to test/unit/conftest.py.
A facility to execute scripts in page's global scope was added.
A workaround was employed to present information about errors in injected scripts.
Sample unit tests for regexes in common/patterns.js were added.
|
|
Haketilo's .js files can now be loaded together with their dependencies and
executed on a page opened in a selenium-driven Firefox instance.
|
|
|
|
|
|
Other files have been left, as no model notice is available
|
|
|
|
No template code ended up being drawn from JShelter.
|
|
|
|
through Hydrilla)
|
|
|
|
pages where CSP doesn't work
|
|
the import dialog
|
|
|
|
injected scripts
|
|
This commit includes:
* removal of page_info_server
* running of storage client in popup context
* extraction of some common CSS to a separate file
* extraction of scripts import view to a separate file
* addition of a facility to conveniently clone complex structures from DOM (in DOM_helpers.js)
* addition of hydrilla repo url to default settings
* other minor changes
and of course changes related to the actual installation of scripts from the repo
|
|
|
|
|
|
|
|
|
|
from the copyright file
|
|
Increase the power of URL-based smuggling by making it (effectively)
compulsory in all cases and adapting a <salt><unique value><JSON-encoded
settings> structure. While the details still need to be worked out, the
potential for future expansion is there.
|
|
|
|
Nonces are now randomly generated, either in the page (for non-HTTP(S) pages)
or by a background module which stores them by tab and frame IDs. In order to
support the increased variance in nonce-generating methods and allow them to
be loaded from the background, handle_page_actions is now invoked separately
according to (non-)blocking mechanism.
|
|
|
|
In-page blocking now works on Firefox, and JavaScript/data- URLs are properly
blocked to ensure no JavaScript leaks in through backdoors. Blocking of HTML/XML
data: urls should be refined (eventually) to align with current practice for
pages in general.
Also, script-blocking is now filtered by nonce, making it possible (albeit
perhaps not desirable) to inject scripts before the DOM is complete.
|
|
|
|
|
|
|