From ed08ef1a6df1713a0e00ccd656f4bb4ed44647a4 Mon Sep 17 00:00:00 2001
From: Wojtek Kosior <koszko@koszko.org>
Date: Mon, 6 Sep 2021 16:45:36 +0200
Subject: generate Chromium unique key automatically in `build.sh'

---
 build.sh          | 25 +++++++++++++------------
 common/signing.js | 16 ++++++++--------
 manifest.json     |  4 ++--
 3 files changed, 23 insertions(+), 22 deletions(-)

diff --git a/build.sh b/build.sh
index 0659ed1..66f709c 100755
--- a/build.sh
+++ b/build.sh
@@ -200,19 +200,20 @@ main() {
     GECKO_APPLICATIONS=''
 
     if [ "$BROWSER" = "chromium" ]; then
+	CHROMIUM_KEY="$(dd if=/dev/urandom bs=32 count=1 2>/dev/null | base64)"
+	echo "chromium key is" $CHROMIUM_KEY
+	CHROMIUM_KEY="chromium-key-dummy-file-$CHROMIUM_KEY"
+	CHROMIUM_KEY=$(echo $CHROMIUM_KEY | tr / -);
+	touch $BUILDDIR/$CHROMIUM_KEY
+
 	CHROMIUM_KEY="\n\
-\n\
-    // WARNING!!!\n\
-    // EACH USER SHOULD REPLACE \"key\" WITH A UNIQUE VALUE!!!\n\
-    // OTHERWISE, SECURITY CAN BE TRIVIALLY COMPROMISED!\n\
-    //\n\
-    // A unique key can be generated with:\n\
-    // $ ssh-keygen -f /path/to/new/key.pem -t rsa -b 1024\n\
-    //\n\
-    // Only relevant to users of chrome-based browsers.\n\
-    // Users of Firefox forks are safe.\n\
-\n\
-    \"key\": \"b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAlwAAAAdzc2gtcnNhAAAAAwEAAQAAAIEA+0GT5WNmRRo8e5tL9+BmNtY6aBPwLIgbPnLShYBMSR40iYwLTsccrkwBXb3bs1o4p6q5WJugI8Lsia+GXZc/XHGFkq7D1aWiTxlJLs8z0JC2TQ2/yatYmBMchogYGeeUfP7aI7JJZwpATts+VhIvgga/4FYj+DijMIEpwdckqFEAAAII4Dh7HOA4exwAAAAHc3NoLXJzYQAAAIEA+0GT5WNmRRo8e5tL9+BmNtY6aBPwLIgbPnLShYBMSR40iYwLTsccrkwBXb3bs1o4p6q5WJugI8Lsia+GXZc/XHGFkq7D1aWiTxlJLs8z0JC2TQ2/yatYmBMchogYGeeUfP7aI7JJZwpATts+VhIvgga/4FYj+DijMIEpwdckqFEAAAADAQABAAAAgEHB5/MhEKMFOs8e1cMJ97ZiWubiUPlWpcqyQmauLUj1nspg3JTBh8AWJEVkaxuFgU5gYCHQmRjC6yUdywyziOEkFA4r/WpX4WmbIe+GQHRHhitLN0dgF8N6/fVNOoa5StTdfZqyl23pVXyepoDNjrJFKyupqPMmpwfH5lGr9RwBAAAAQG76HflB/5j8P2YgIYX6dQT4Ei0SqiIjNVy7jFJUQDKSJg/PYkedE02JZJBJPcMYxEJUxXtMgq+upamNILfkmY0AAABBAP4v0O5dqjy16xDDFzb4DPNAcw5Za9KJaXKVkUuKXMNZOKTR0RC/upjNTmttY980RKdIx5zA25dO8cx563bSDIsAAABBAP0MaOpBiai/eRmLqhlthHODa+Mur6W3uc9PyhWhgDBjLNMR/doaYeyfVKxtIiN3a+HkN++G+vbokRweQv++bhMAAAANdXJ6QGxvY2FsaG9zdAECAwQFBg==\","
+	// WARNING!!!\n\
+	// EACH USER SHOULD REPLACE DUMMY FILE's VALUE WITH A UNIQUE ONE!!!\n\
+	// OTHERWISE, SECURITY CAN BE TRIVIALLY COMPROMISED!\n\
+	// Only relevant to users of chrome-based browsers.\n\
+	// Users of Firefox forks are safe.\n\
+	\"$CHROMIUM_KEY\"\
+"
     else
 	GECKO_APPLICATIONS="\n\
     \"applications\": {\n\
diff --git a/common/signing.js b/common/signing.js
index 2171714..1904bcd 100644
--- a/common/signing.js
+++ b/common/signing.js
@@ -10,7 +10,7 @@
  * IMPORTS_START
  * IMPORT sha256
  * IMPORT browser
- * IMPORT is_chrome
+ * IMPORT is_mozilla
  * IMPORTS_END
  */
 
@@ -30,18 +30,18 @@
  *
  * The secret shared between execution contexts has to be available
  * synchronously. Under Mozilla, this is the extension's per-session id. Under
- * Chromium, this is the key that resides in the manifest.
- *
- * An idea to (under Chromium) instead store the secret in a file fetched
- * synchronously using XMLHttpRequest is being considered.
+ * Chromium, this is a dummy web-accessible-resource name that resides in the
+ * manifest and is supposed to be constructed by each user using a unique value
+ * (this is done automatically by `build.sh').
  */
 
 function get_secret()
 {
-    if (is_chrome)
-	return browser.runtime.getManifest().key.substring(0, 50);
-    else
+    if (is_mozilla)
 	return browser.runtime.getURL("dummy");
+
+    return chrome.runtime.getManifest().web_accessible_resources
+	.map(r => /^chromium-key-dummy-file-(.*)/.exec(r)).filter(r => r)[0][1];
 }
 
 function extract_signed(signature, signed_data)
diff --git a/manifest.json b/manifest.json
index bd963fe..ce2577e 100644
--- a/manifest.json
+++ b/manifest.json
@@ -4,7 +4,7 @@
     "manifest_version": 2,
     "name": "Hachette",
     "short_name": "Hachette",
-    "version": "0.0.1",_CHROMIUM_KEY_
+    "version": "0.0.1",
     "author": "various",
     "description": "Control your \"Web\" browsing.",_GECKO_APPLICATIONS_
     "icons":{
@@ -42,7 +42,7 @@
 	"page": "html/options.html",
 	"open_in_tab": true
     },
-    "web_accessible_resources": [
+    "web_accessible_resources": [_CHROMIUM_KEY_
     ],
     "background": {
 	"persistent": true,
-- 
cgit v1.2.3


From 704f2da0673dc714f72b9bb82f6bf648795d4335 Mon Sep 17 00:00:00 2001
From: Wojtek Kosior <koszko@koszko.org>
Date: Mon, 6 Sep 2021 20:45:50 +0200
Subject: re-enable sanitizing of data: URLs and also sanitize intrinsics on
 non-HTML pages where CSP doesn't work

---
 content/freezer.js | 64 --------------------------------------------
 content/main.js    | 78 +++++++++++++++++++++++++++++++++++++++++++++---------
 copyright          |  5 ----
 3 files changed, 65 insertions(+), 82 deletions(-)
 delete mode 100644 content/freezer.js

diff --git a/content/freezer.js b/content/freezer.js
deleted file mode 100644
index 0ea362e..0000000
--- a/content/freezer.js
+++ /dev/null
@@ -1,64 +0,0 @@
-/**
- * Helper functions for blocking scripts in pages, based off NoScript's lib/DocumentFreezer.js
- *
- * Copyright (C) 2005-2021 Giorgio Maone - https://maone.net
- * Copyright (C) 2021 jahoti
- * Redistribution terms are gathered in the `copyright' file.
- */
-
-const loaderAttributes = ["href", "src", "data"];
-const jsOrDataUrlRx = /^(?:data:(?:[^,;]*ml|unknown-content-type)|javascript:)/i;
-
-function sanitize_attributes(element) {
-    if (element._frozen)
-	return;
-    let fa = [];
-    let loaders = [];
-    let attributes = element.attributes || [];
-
-    for (let a of attributes) {
-	let name = a.localName.toLowerCase();
-	if (loaderAttributes.includes(name))
-	    if (jsOrDataUrlRx.test(a.value))
-		loaders.push(a);
-
-	else if (name.startsWith("on")) {
-	    console.debug("Removing", a, element.outerHTML);
-	    fa.push(a.cloneNode());
-	    a.value = "";
-	    element[name] = null;
-	}
-    }
-    if (loaders.length) {
-	for (let a of loaders) {
-	    fa.push(a.cloneNode());
-	    a.value = "javascript://frozen";
-	}
-	if ("contentWindow" in element)
-	    element.replaceWith(element = element.cloneNode(true));
-
-    }
-    if (fa.length)
-	element._frozenAttributes = fa;
-    element._frozen = true;
-}
-
-function mozilla_suppress_scripts(e) {
-    if (document.readyState === 'complete') {
-	removeEventListener('beforescriptexecute', blockExecute, true);
-	console.log('Script suppressor has detached.');
-	return;
-    }
-    console.log("script event", e);
-    if (e.isTrusted && !e.target._hachette_payload) {
-	e.preventDefault();
-	console.log('Suppressed script', e.target);
-    }
-};
-
-/*
- * EXPORTS_START
- * EXPORT mozilla_suppress_scripts
- * EXPORT sanitize_attributes
- * EXPORTS_END
- */
diff --git a/content/main.js b/content/main.js
index b2cc9ed..a183913 100644
--- a/content/main.js
+++ b/content/main.js
@@ -13,7 +13,6 @@
  * IMPORT sign_data
  * IMPORT gen_nonce
  * IMPORT is_privileged_url
- * IMPORT mozilla_suppress_scripts
  * IMPORT is_chrome
  * IMPORT is_mozilla
  * IMPORT start_activity_info_server
@@ -132,10 +131,18 @@ function finish_waiting(waiting)
 function _wait_for_head(doc, detached_html, callback)
 {
     const waiting = {doc, detached_html, callback, observers: []};
-    if (try_body_started(waiting))
-	return;
 
-    waiting.observers = [make_body_start_observer(detached_html, waiting)];
+    /*
+     * For XML and SVG documents, instead of waiting for `<head>', we wait
+     * for the entire document to finish loading.
+     */
+    if (doc instanceof HTMLDocument) {
+	if (try_body_started(waiting))
+	    return;
+
+	waiting.observers = [make_body_start_observer(detached_html, waiting)];
+    }
+
     waiting.loaded_cb = () => finish_waiting(waiting);
     doc.addEventListener("DOMContentLoaded", waiting.loaded_cb);
 }
@@ -200,32 +207,72 @@ function desanitize_script(script, policy)
     delete script.hachette_blocked_type;
 }
 
-function apply_hachette_csp_rules(doc, policy)
+function apply_hachette_csp_rules(doc, head, policy)
 {
     const meta = doc.createElement("meta");
     meta.setAttribute("http-equiv", "Content-Security-Policy");
     meta.setAttribute("content", csp_rule(policy.nonce));
-    doc.head.append(meta);
+    head.append(meta);
     /* CSP is already in effect, we can remove the <meta> now. */
     meta.remove();
 }
 
+function sanitize_urls(element)
+{
+    for (const attribute of [...element.attributes]) {
+	if (/^(href|src|data)$/i.test(attribute.localName) &&
+	    /^data:([^,;]*ml|unknown-content-type)/i.test(attribute.value))
+	    block_attribute(element, attribute.localName);
+    }
+}
+
+function start_data_urls_sanitizing(doc)
+{
+    doc.querySelectorAll("*[href], *[src], *[data]").forEach(sanitize_urls);
+    const mutation_handler = m => m.addedNodes.forEach(sanitize_urls);
+    const mo = new MutationObserver(ms => ms.forEach(mutation_handler));
+    mo.observe(doc, {childList: true, subtree: true});
+}
+
+function apply_intrinsics_sanitizing(root_element)
+{
+    for (const subelem of root_element.querySelectorAll("*")) {
+	[...subelem.attributes]
+	    .filter(a => /^on/i.test(a.localName))
+	    .filter(a => /^javascript:/i.test(a.value))
+	    .forEach(a => block_attribute(subelem, a.localName));
+    }
+}
+
 async function sanitize_document(doc, policy)
 {
+    /*
+     * Blocking of scripts that are in the DOM from the beginning. Needed for
+     * Mozilla, harmless on Chromium.
+     * Note that at least in SVG documents the `src' attr on `<script>'s seems
+     * to be ignored by Firefox, so we don't need to sanitize it.
+     */
+    for (const script of document.getElementsByTagName("script")) {
+	const old_children = [...script.childNodes];
+	script.innerHTML = "";
+	setTimeout(() => old_children.forEach(c => script.append(c)), 0);
+    }
+
     /*
      * Ensure our CSP rules are employed from the beginning. This CSP injection
      * method is, when possible, going to be applied together with CSP rules
      * injected using webRequest.
+     * For non-HTML documents this is just a dummy operation of adding and
+     * removing `head'.
      */
-    const has_own_head = doc.head;
-    if (!has_own_head)
-	doc.documentElement.prepend(doc.createElement("head"));
+    let added_head = doc.createElement("head");
+    if (!doc.head)
+	doc.documentElement.prepend(added_head);
 
-    apply_hachette_csp_rules(doc, policy);
+    apply_hachette_csp_rules(doc, added_head, policy);
 
-    /* Probably not needed, but...: proceed with DOM in its initial state. */
-    if (!has_own_head)
-	doc.head.remove();
+    /* Proceed with DOM in its initial state. */
+    added_head.remove();
 
     /*
      * <html> node gets hijacked now, to be re-attached after <head> is loaded
@@ -243,10 +290,15 @@ async function sanitize_document(doc, policy)
     for (const script of old_html.querySelectorAll("script"))
 	sanitize_script(script, policy);
 
+    if (!(doc instanceof HTMLDocument))
+	apply_intrinsics_sanitizing(old_html);
+
     new_html.replaceWith(old_html);
 
     for (const script of old_html.querySelectorAll("script"))
 	desanitize_script(script, policy);
+
+    start_data_urls_sanitizing(doc);
 }
 
 if (!is_privileged_url(document.URL)) {
diff --git a/copyright b/copyright
index 58993a6..4c37eb3 100644
--- a/copyright
+++ b/copyright
@@ -67,11 +67,6 @@ License: Expat
  OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
  WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 
-Files: content/freezer.js
-Copyright: 2005-2021 Giorgio Maone - https://maone.net
-   2021 jahoti <jahoti@tilde.team>
-License: GPL-2+
-
 Files: licenses/*
 Copyright: 2001, 2002, 2011-2013 Creative Commons
 License: CC-BY-4.0
-- 
cgit v1.2.3


From e2d26bad35bbe3876862b482f7963d713238313b Mon Sep 17 00:00:00 2001
From: Wojtek Kosior <koszko@koszko.org>
Date: Wed, 8 Sep 2021 19:55:33 +0200
Subject: Fix sanitizing of non-HTML XMLDocument's

---
 build.sh                        |   4 +-
 common/misc.js                  |   4 +-
 content/activity_info_server.js |   6 +-
 content/main.js                 | 195 ++++++++++++++++++++--------------------
 content/page_actions.js         |   6 +-
 html/display-panel.js           |   4 +-
 6 files changed, 109 insertions(+), 110 deletions(-)

diff --git a/build.sh b/build.sh
index 66f709c..478ca04 100755
--- a/build.sh
+++ b/build.sh
@@ -201,9 +201,7 @@ main() {
 
     if [ "$BROWSER" = "chromium" ]; then
 	CHROMIUM_KEY="$(dd if=/dev/urandom bs=32 count=1 2>/dev/null | base64)"
-	echo "chromium key is" $CHROMIUM_KEY
-	CHROMIUM_KEY="chromium-key-dummy-file-$CHROMIUM_KEY"
-	CHROMIUM_KEY=$(echo $CHROMIUM_KEY | tr / -);
+	CHROMIUM_KEY=$(echo chromium-key-dummy-file-$CHROMIUM_KEY | tr / -)
 	touch $BUILDDIR/$CHROMIUM_KEY
 
 	CHROMIUM_KEY="\n\
diff --git a/common/misc.js b/common/misc.js
index 91d60d2..6adaf1e 100644
--- a/common/misc.js
+++ b/common/misc.js
@@ -36,9 +36,9 @@ function Uint8toHex(data)
     return returnValue;
 }
 
-function gen_nonce(length) // Default 16
+function gen_nonce(length=16)
 {
-    let randomData = new Uint8Array(length || 16);
+    let randomData = new Uint8Array(length);
     crypto.getRandomValues(randomData);
     return Uint8toHex(randomData);
 }
diff --git a/content/activity_info_server.js b/content/activity_info_server.js
index beecb1a..1b69703 100644
--- a/content/activity_info_server.js
+++ b/content/activity_info_server.js
@@ -44,9 +44,9 @@ function report_settings(settings)
     report_activity("settings", settings);
 }
 
-function report_content_type(content_type)
+function report_document_type(is_html)
 {
-    report_activity("content_type", content_type);
+    report_activity("is_html", is_html);
 }
 
 function report_repo_query_action(update, port)
@@ -96,6 +96,6 @@ function start_activity_info_server()
  * EXPORT start_activity_info_server
  * EXPORT report_script
  * EXPORT report_settings
- * EXPORT report_content_type
+ * EXPORT report_document_type
  * EXPORTS_END
  */
diff --git a/content/main.js b/content/main.js
index a183913..fb334dd 100644
--- a/content/main.js
+++ b/content/main.js
@@ -22,6 +22,12 @@
  * IMPORTS_END
  */
 
+document.content_loaded = document.readyState === "complete";
+const wait_loaded = e => e.content_loaded ? Promise.resolve() :
+      new Promise(c => e.addEventListener("DOMContentLoaded", c, {once: true}));
+
+wait_loaded(document).then(() => document.content_loaded = true);
+
 function extract_cookie_policy(cookie, min_time)
 {
     let best_result = {time: -1};
@@ -86,18 +92,17 @@ function employ_nonhttp_policy(policy)
 }
 
 /*
+ * In the case of HTML documents:
  * 1. When injecting some payload we need to sanitize <meta> CSP tags before
  *    they reach the document.
  * 2. Only <meta> tags inside <head> are considered valid by the browser and
  *    need to be considered.
  * 3. We want to detach <html> from document, wait until its <head> completes
  *    loading, sanitize it and re-attach <html>.
- * 4. Browsers are eager to add <meta>'s that appear after `</head>' but before
- *    `<body>'. Due to this behavior the `DOMContentLoaded' event is considered
- *    unreliable (although it could still work properly, it is just problematic
- *    to verify).
- * 5. We shall wait for anything to appear in or after <body> and take that as
- *    a sign <head> has _really_ finished loading.
+ * 4. We shall wait for anything to appear in or after <body> and take that as
+ *    a sign <head> has finished loading.
+ * 5. Otherwise, getting the `DOMContentLoaded' event on the document shall also
+ *    be a sign that <head> is fully loaded.
  */
 
 function make_body_start_observer(DOM_element, waiting)
@@ -123,8 +128,10 @@ function try_body_started(waiting)
 
 function finish_waiting(waiting)
 {
+    if (waiting.finished)
+	return;
+    waiting.finished = true;
     waiting.observers.forEach(observer => observer.disconnect());
-    waiting.doc.removeEventListener("DOMContentLoaded", waiting.loaded_cb);
     setTimeout(waiting.callback, 0);
 }
 
@@ -132,19 +139,12 @@ function _wait_for_head(doc, detached_html, callback)
 {
     const waiting = {doc, detached_html, callback, observers: []};
 
-    /*
-     * For XML and SVG documents, instead of waiting for `<head>', we wait
-     * for the entire document to finish loading.
-     */
-    if (doc instanceof HTMLDocument) {
-	if (try_body_started(waiting))
-	    return;
+    if (try_body_started(waiting))
+	return;
 
-	waiting.observers = [make_body_start_observer(detached_html, waiting)];
-    }
+    waiting.observers = [make_body_start_observer(detached_html, waiting)];
 
-    waiting.loaded_cb = () => finish_waiting(waiting);
-    doc.addEventListener("DOMContentLoaded", waiting.loaded_cb);
+    wait_loaded(doc).then(() => finish_waiting(waiting));
 }
 
 function wait_for_head(doc, detached_html)
@@ -154,42 +154,43 @@ function wait_for_head(doc, detached_html)
 
 const blocked_str = "blocked";
 
-function block_attribute(node, attr)
+function block_attribute(node, attr, ns=null)
 {
+    const [hasa, geta, seta, rema] = ["has", "get", "set", "remove"]
+	  .map(m => (n, ...args) => typeof ns === "string" ?
+	       n[`${m}AttributeNS`](ns, ...args) : n[`${m}Attribute`](...args));
     /*
-     * Disabling attributes this way allows them to still be relatively
-     * easily accessed in case they contain some useful data.
+     * Disabling attributes by prepending `-blocked' allows them to still be
+     * relatively easily accessed in case they contain some useful data.
      */
     const construct_name = [attr];
-    while (node.hasAttribute(construct_name.join("")))
+    while (hasa(node, construct_name.join("")))
 	construct_name.unshift(blocked_str);
 
     while (construct_name.length > 1) {
 	construct_name.shift();
 	const name = construct_name.join("");
-	node.setAttribute(`${blocked_str}-${name}`, node.getAttribute(name));
+	seta(node, `${blocked_str}-${name}`, geta(node, name));
     }
-
-    node.removeAttribute(attr);
 }
 
 function sanitize_meta(meta, policy)
 {
-    const http_equiv = meta.getAttribute("http-equiv");
-    const value = meta.content;
+    const value = meta.content || "";
 
-    if (!value || !is_csp_header_name(http_equiv, true))
+    if (!value || !is_csp_header_name(meta.httpEquiv || "", true))
 	return;
 
     block_attribute(meta, "content");
-
-    if (is_csp_header_name(http_equiv, false))
-	meta.content = sanitize_csp_header({value}, policy).value;
 }
 
+/*
+ * Used to disable <script> that has not yet been added to live DOM (doesn't
+ * work for those already added).
+ */
 function sanitize_script(script)
 {
-    script.hachette_blocked_type = script.type;
+    script.hachette_blocked_type = script.getAttribute("type");
     script.type = "text/plain";
 }
 
@@ -201,102 +202,101 @@ function desanitize_script(script, policy)
 {
     script.setAttribute("type", script.hachette_blocked_type);
 
-    if (script.hachette_blocked_type === undefined)
+    if (script.hachette_blocked_type === null)
 	script.removeAttribute("type");
 
     delete script.hachette_blocked_type;
 }
 
-function apply_hachette_csp_rules(doc, head, policy)
-{
-    const meta = doc.createElement("meta");
-    meta.setAttribute("http-equiv", "Content-Security-Policy");
-    meta.setAttribute("content", csp_rule(policy.nonce));
-    head.append(meta);
-    /* CSP is already in effect, we can remove the <meta> now. */
-    meta.remove();
-}
-
+const bad_url_reg = /^data:([^,;]*ml|unknown-content-type)/i;
 function sanitize_urls(element)
 {
-    for (const attribute of [...element.attributes]) {
-	if (/^(href|src|data)$/i.test(attribute.localName) &&
-	    /^data:([^,;]*ml|unknown-content-type)/i.test(attribute.value))
-	    block_attribute(element, attribute.localName);
-    }
+    for (const attr of [...element.attributes || []]
+	       .filter(attr => /^(href|src|data)$/i.test(attr.localName))
+	       .filter(attr => bad_url_reg.test(attr.value)))
+	block_attribute(element, attr.localName, attr.namespaceURI);
 }
 
 function start_data_urls_sanitizing(doc)
 {
     doc.querySelectorAll("*[href], *[src], *[data]").forEach(sanitize_urls);
-    const mutation_handler = m => m.addedNodes.forEach(sanitize_urls);
-    const mo = new MutationObserver(ms => ms.forEach(mutation_handler));
-    mo.observe(doc, {childList: true, subtree: true});
+    if (!doc.content_loaded) {
+	const mutation_handler = m => m.addedNodes.forEach(sanitize_urls);
+	const mo = new MutationObserver(ms => ms.forEach(mutation_handler));
+	mo.observe(doc, {childList: true, subtree: true});
+	wait_loaded(doc).then(() => mo.disconnect());
+    }
 }
 
-function apply_intrinsics_sanitizing(root_element)
+/*
+ * Normally, we block scripts with CSP. However, Mozilla does optimizations that
+ * cause part of the DOM to be loaded when our content scripts get to run. Thus,
+ * before the CSP rules we inject (for non-HTTP pages) become effective, we need
+ * to somehow block the execution of `<script>'s and intrinsics that were
+ * already there.
+ */
+function mozilla_initial_block(doc)
 {
-    for (const subelem of root_element.querySelectorAll("*")) {
-	[...subelem.attributes]
-	    .filter(a => /^on/i.test(a.localName))
-	    .filter(a => /^javascript:/i.test(a.value))
-	    .forEach(a => block_attribute(subelem, a.localName));
-    }
+    const blocker = e => e.preventDefault();
+    doc.addEventListener("beforescriptexecute", blocker);
+    setTimeout(() => doc.removeEventListener("beforescriptexecute", blocker));
+
+    [...doc.all].flatMap(ele => [...ele.attributes].map(attr => [ele, attr]))
+	.map(([ele, attr]) => [ele, attr.localName])
+	.filter(([ele, attr]) => /^on/.test(attr) && ele.wrappedJSObject[attr])
+	.forEach(([ele, attr]) => ele.wrappedJSObject[attr] = null);
 }
 
+/*
+ * Here we block all scripts of a document which might be either and
+ * HTMLDocument or an XMLDocument. Modifying an XML document might disrupt
+ * Mozilla's XML preview. This is an unfortunate thing we have to accept for
+ * now. XML documents *have to* be sanitized as well because they might
+ * contain `<script>' tags (or on* attributes) with namespace declared as
+ * "http://www.w3.org/1999/xhtml" or "http://www.w3.org/2000/svg" which allows
+ * javascript execution.
+ */
 async function sanitize_document(doc, policy)
 {
     /*
      * Blocking of scripts that are in the DOM from the beginning. Needed for
-     * Mozilla, harmless on Chromium.
-     * Note that at least in SVG documents the `src' attr on `<script>'s seems
-     * to be ignored by Firefox, so we don't need to sanitize it.
+     * Mozilla.
      */
-    for (const script of document.getElementsByTagName("script")) {
-	const old_children = [...script.childNodes];
-	script.innerHTML = "";
-	setTimeout(() => old_children.forEach(c => script.append(c)), 0);
-    }
+    if (is_mozilla)
+	mozilla_initial_block(doc);
 
     /*
      * Ensure our CSP rules are employed from the beginning. This CSP injection
      * method is, when possible, going to be applied together with CSP rules
      * injected using webRequest.
-     * For non-HTML documents this is just a dummy operation of adding and
-     * removing `head'.
+     * Using elements namespaced as HTML makes this CSP injection also work for
+     * non-HTML documents.
      */
-    let added_head = doc.createElement("head");
-    if (!doc.head)
-	doc.documentElement.prepend(added_head);
-
-    apply_hachette_csp_rules(doc, added_head, policy);
-
-    /* Proceed with DOM in its initial state. */
-    added_head.remove();
+    const html = new DOMParser().parseFromString(`<html><head><meta \
+http-equiv="Content-Security-Policy" content="${csp_rule(policy.nonce)}"\
+/></head><body>Loading...</body></html>`, "text/html").documentElement;
 
     /*
-     * <html> node gets hijacked now, to be re-attached after <head> is loaded
+     * Root node gets hijacked now, to be re-attached after <head> is loaded
      * and sanitized.
      */
-    const old_html = doc.documentElement;
-    const new_html = doc.createElement("html");
-    old_html.replaceWith(new_html);
+    const root = doc.documentElement;
+    root.replaceWith(html);
 
-    await wait_for_head(doc, old_html);
-
-    for (const meta of old_html.querySelectorAll("head meta"))
-	sanitize_meta(meta, policy);
-
-    for (const script of old_html.querySelectorAll("script"))
-	sanitize_script(script, policy);
-
-    if (!(doc instanceof HTMLDocument))
-	apply_intrinsics_sanitizing(old_html);
+    /*
+     * For XML documents, we don't intend to inject payload, so we neither block
+     * document's CSP `<meta>' tags nor wait for `<head>' to be parsed.
+     */
+    if (document instanceof HTMLDocument) {
+	await wait_for_head(doc, root);
 
-    new_html.replaceWith(old_html);
+	root.querySelectorAll("head meta")
+	    .forEach(m => sanitize_meta(m, policy));
+    }
 
-    for (const script of old_html.querySelectorAll("script"))
-	desanitize_script(script, policy);
+    root.querySelectorAll("script").forEach(s => sanitize_script(s, policy));
+    html.replaceWith(root);
+    root.querySelectorAll("script").forEach(s => desanitize_script(s, policy));
 
     start_data_urls_sanitizing(doc);
 }
@@ -329,14 +329,15 @@ if (!is_privileged_url(document.URL)) {
     }
 
     if (!policy) {
-	console.warn("Using fallback policy!");
+	console.debug("Using fallback policy!");
 	policy = {allow: false, nonce: gen_nonce()};
     }
 
+    console.debug("current policy", policy);
+
     const doc_ready = Promise.all([
-	policy.allow ? Promise.resolve : sanitize_document(document, policy),
-	new Promise(cb => document.addEventListener("DOMContentLoaded",
-						    cb, {once: true}))
+	policy.allow ? Promise.resolve() : sanitize_document(document, policy),
+	wait_loaded(document)
     ]);
 
     handle_page_actions(policy.nonce, policy_received_callback, doc_ready);
diff --git a/content/page_actions.js b/content/page_actions.js
index 8057541..040b4ab 100644
--- a/content/page_actions.js
+++ b/content/page_actions.js
@@ -11,7 +11,7 @@
  * IMPORT browser
  * IMPORT report_script
  * IMPORT report_settings
- * IMPORT report_content_type
+ * IMPORT report_document_type
  * IMPORTS_END
  */
 
@@ -70,8 +70,8 @@ function handle_page_actions(script_nonce, policy_received_cb,
 			     doc_ready_promise) {
     policy_received_callback = policy_received_cb;
     url = document.URL;
-    is_html = /html/.test(document.contentType);
-    report_content_type(document.contentType);
+    is_html = document instanceof HTMLDocument;
+    report_document_type(is_html);
 
     doc_ready_promise.then(document_ready);
 
diff --git a/html/display-panel.js b/html/display-panel.js
index 7d801c9..623ff36 100644
--- a/html/display-panel.js
+++ b/html/display-panel.js
@@ -276,8 +276,8 @@ function handle_activity_report(message)
 	template.script_contents.textContent = data;
 	container_for_injected.appendChild(template.div);
     }
-    if (type === "content_type") {
-	if (!/html/.test(data))
+    if (type === "is_html") {
+	if (!data)
 	    content_type_cell.classList.remove("hide");
     }
     if (type === "repo_query_action") {
-- 
cgit v1.2.3


From 44e89d8ec71b441a431c848567f34b9a36f6b982 Mon Sep 17 00:00:00 2001
From: Wojtek Kosior <koszko@koszko.org>
Date: Thu, 9 Sep 2021 17:47:51 +0200
Subject: simplify CSP handling

All page's CSP rules are now removed when a payload is to be injected. When there is no payload, CSP rules are not modified but only supplemented with Hachette's own.
---
 background/policy_injector.js | 30 ++++++++++---------
 background/stream_filter.js   |  5 ++--
 common/misc.js                | 68 +++++++------------------------------------
 content/main.js               | 57 +++++++++++++++++++-----------------
 4 files changed, 60 insertions(+), 100 deletions(-)

diff --git a/background/policy_injector.js b/background/policy_injector.js
index 72318d4..e5af055 100644
--- a/background/policy_injector.js
+++ b/background/policy_injector.js
@@ -10,9 +10,8 @@
  * IMPORTS_START
  * IMPORT sign_data
  * IMPORT extract_signed
- * IMPORT sanitize_csp_header
- * IMPORT csp_rule
- * IMPORT is_csp_header_name
+ * IMPORT make_csp_rule
+ * IMPORT csp_header_regex
  * IMPORTS_END
  */
 
@@ -43,22 +42,25 @@ function inject_csp_headers(headers, policy)
 	break;
     }
 
+    if (policy.has_payload) {
+	csp_headers = [];
+	const non_csp_headers = [];
+	const header_list =
+	      h => csp_header_regex.test(h) ? csp_headers : non_csp_headers;
+	headers.forEach(h => header_list(h.name).push(h));
+	headers = non_csp_headers;
+    } else {
+	headers.push(...csp_headers || []);
+    }
+
     if (!hachette_header) {
 	hachette_header = {name: "x-hachette"};
 	headers.push(hachette_header);
     }
 
-    csp_headers = csp_headers ||
-	headers.filter(h => is_csp_header_name(h.name));
-
-    /* When blocking remove report-only CSP headers that snitch on us. */
-    headers = headers.filter(h => !is_csp_header_name(h.name, !policy.allow));
-
     if (old_signature)
 	headers = headers.filter(h => h.value.search(old_signature) === -1);
 
-    headers.push(...csp_headers.map(h => sanitize_csp_header(h, policy)));
-
     const policy_str = encodeURIComponent(JSON.stringify(policy));
     const signed_policy = sign_data(policy_str, new Date().getTime());
     const later_30sec = new Date(new Date().getTime() + 30000).toGMTString();
@@ -76,12 +78,12 @@ function inject_csp_headers(headers, policy)
     hachette_data = encodeURIComponent(JSON.stringify(hachette_data));
     hachette_header.value = sign_data(hachette_data, 0).join("_");
 
-    /* To ensure there is a CSP header if required */
-    if (!policy.allow)
+    if (!policy.allow) {
 	headers.push({
 	    name: "content-security-policy",
-	    value: csp_rule(policy.nonce)
+	    value: make_csp_rule(policy)
 	});
+    }
 
     return headers;
 }
diff --git a/background/stream_filter.js b/background/stream_filter.js
index 96b6132..3e30a4b 100644
--- a/background/stream_filter.js
+++ b/background/stream_filter.js
@@ -12,7 +12,7 @@
 /*
  * IMPORTS_START
  * IMPORT browser
- * IMPORT is_csp_header_name
+ * IMPORT csp_header_regex
  * IMPORTS_END
  */
 
@@ -116,8 +116,7 @@ function may_define_csp_rules(html)
     const doc = new DOMParser().parseFromString(html, "text/html");
 
     for (const meta of doc.querySelectorAll("head>meta[http-equiv]")) {
-	if (is_csp_header_name(meta.getAttribute("http-equiv"), true) &&
-	    meta.content)
+	if (csp_header_regex.test(meta.httpEquiv) && meta.content)
 	    return true;
     }
 
diff --git a/common/misc.js b/common/misc.js
index 6adaf1e..6cded84 100644
--- a/common/misc.js
+++ b/common/misc.js
@@ -43,29 +43,19 @@ function gen_nonce(length=16)
     return Uint8toHex(randomData);
 }
 
-/* csp rule that blocks all scripts except for those injected by us */
-function csp_rule(nonce)
+/* CSP rule that blocks scripts according to policy's needs. */
+function make_csp_rule(policy)
 {
-    const rule = `'nonce-${nonce}'`;
-    return `script-src ${rule}; script-src-elem ${rule}; script-src-attr 'none'; prefetch-src 'none';`;
+    let rule = "prefetch-src 'none'; script-src-attr 'none';";
+    const script_src = policy.has_payload ?
+	  `'nonce-${policy.nonce}'` : "'none'";
+    rule += ` script-src ${script_src}; script-src-elem ${script_src};`;
+    return rule;
 }
 
 /* Check if some HTTP header might define CSP rules. */
-const csp_header_names = new Set([
-    "content-security-policy",
-    "x-webkit-csp",
-    "x-content-security-policy"
-]);
-
-const report_only_header_name = "content-security-policy-report-only";
-
-function is_csp_header_name(string, include_report_only)
-{
-    string = string && string.toLowerCase().trim() || "";
-
-    return (include_report_only && string === report_only_header_name) ||
-	csp_header_names.has(string);
-}
+const csp_header_regex =
+      /^\s*(content-security-policy|x-webkit-csp|x-content-security-policy)/i;
 
 /*
  * Print item together with type, e.g.
@@ -111,41 +101,6 @@ function parse_csp(csp) {
     return directives;
 }
 
-/* Make CSP headers do our bidding, not interfere */
-function sanitize_csp_header(header, policy)
-{
-    const rule = `'nonce-${policy.nonce}'`;
-    const csp = parse_csp(header.value);
-
-    if (!policy.allow) {
-	/* No snitching */
-	delete csp['report-to'];
-	delete csp['report-uri'];
-
-	delete csp['script-src'];
-	delete csp['script-src-elem'];
-
-	csp['script-src-attr'] = ["'none'"];
-	csp['prefetch-src'] = ["'none'"];
-    }
-
-    if ('script-src' in csp)
-	csp['script-src'].push(rule);
-    else
-	csp['script-src'] = [rule];
-
-    if ('script-src-elem' in csp)
-	csp['script-src-elem'].push(rule);
-    else
-	csp['script-src-elem'] = [rule];
-
-    const new_csp = Object.entries(csp).map(
-	i => `${i[0]} ${i[1].join(' ')};`
-    );
-
-    return {name: header.name, value: new_csp.join('')};
-}
-
 /* Regexes and objects to use as/in schemas for parse_json_with_schema(). */
 const nonempty_string_matcher = /.+/;
 
@@ -161,12 +116,11 @@ const matchers = {
 /*
  * EXPORTS_START
  * EXPORT gen_nonce
- * EXPORT csp_rule
- * EXPORT is_csp_header_name
+ * EXPORT make_csp_rule
+ * EXPORT csp_header_regex
  * EXPORT nice_name
  * EXPORT open_in_settings
  * EXPORT is_privileged_url
- * EXPORT sanitize_csp_header
  * EXPORT matchers
  * EXPORTS_END
  */
diff --git a/content/main.js b/content/main.js
index fb334dd..a26f72d 100644
--- a/content/main.js
+++ b/content/main.js
@@ -16,9 +16,8 @@
  * IMPORT is_chrome
  * IMPORT is_mozilla
  * IMPORT start_activity_info_server
- * IMPORT csp_rule
- * IMPORT is_csp_header_name
- * IMPORT sanitize_csp_header
+ * IMPORT make_csp_rule
+ * IMPORT csp_header_regex
  * IMPORTS_END
  */
 
@@ -172,22 +171,20 @@ function block_attribute(node, attr, ns=null)
 	const name = construct_name.join("");
 	seta(node, `${blocked_str}-${name}`, geta(node, name));
     }
-}
-
-function sanitize_meta(meta, policy)
-{
-    const value = meta.content || "";
 
-    if (!value || !is_csp_header_name(meta.httpEquiv || "", true))
-	return;
-
-    block_attribute(meta, "content");
+    rema(node, attr);
 }
 
 /*
- * Used to disable <script> that has not yet been added to live DOM (doesn't
- * work for those already added).
+ * Used to disable `<script>'s and `<meta>'s that have not yet been added to
+ * live DOM (doesn't work for those already added).
  */
+function sanitize_meta(meta)
+{
+    if (csp_header_regex.test(meta.httpEquiv) && meta.content)
+	block_attribute(meta, "content");
+}
+
 function sanitize_script(script)
 {
     script.hachette_blocked_type = script.getAttribute("type");
@@ -195,14 +192,14 @@ function sanitize_script(script)
 }
 
 /*
- * Executed after script has been connected to the DOM, when it is no longer
- * eligible for being executed by the browser
+ * Executed after `<script>' has been connected to the DOM, when it is no longer
+ * eligible for being executed by the browser.
  */
-function desanitize_script(script, policy)
+function desanitize_script(script)
 {
     script.setAttribute("type", script.hachette_blocked_type);
 
-    if (script.hachette_blocked_type === null)
+    if ([null, undefined].includes(script.hachette_blocked_type))
 	script.removeAttribute("type");
 
     delete script.hachette_blocked_type;
@@ -233,13 +230,18 @@ function start_data_urls_sanitizing(doc)
  * cause part of the DOM to be loaded when our content scripts get to run. Thus,
  * before the CSP rules we inject (for non-HTTP pages) become effective, we need
  * to somehow block the execution of `<script>'s and intrinsics that were
- * already there.
+ * already there. Additionally, some browsers (IceCat 60) seem to have problems
+ * applying this CSP to non-inline `<scripts>' in certain scenarios.
  */
+function prevent_script_execution(event)
+{
+    if (!event.target._hachette_payload)
+	event.preventDefault();
+}
+
 function mozilla_initial_block(doc)
 {
-    const blocker = e => e.preventDefault();
-    doc.addEventListener("beforescriptexecute", blocker);
-    setTimeout(() => doc.removeEventListener("beforescriptexecute", blocker));
+    doc.addEventListener("beforescriptexecute", prevent_script_execution);
 
     [...doc.all].flatMap(ele => [...ele.attributes].map(attr => [ele, attr]))
 	.map(([ele, attr]) => [ele, attr.localName])
@@ -273,7 +275,7 @@ async function sanitize_document(doc, policy)
      * non-HTML documents.
      */
     const html = new DOMParser().parseFromString(`<html><head><meta \
-http-equiv="Content-Security-Policy" content="${csp_rule(policy.nonce)}"\
+http-equiv="Content-Security-Policy" content="${make_csp_rule(policy)}"\
 /></head><body>Loading...</body></html>`, "text/html").documentElement;
 
     /*
@@ -284,10 +286,10 @@ http-equiv="Content-Security-Policy" content="${csp_rule(policy.nonce)}"\
     root.replaceWith(html);
 
     /*
-     * For XML documents, we don't intend to inject payload, so we neither block
-     * document's CSP `<meta>' tags nor wait for `<head>' to be parsed.
+     * When we don't inject payload, we neither block document's CSP `<meta>'
+     * tags nor wait for `<head>' to be parsed.
      */
-    if (document instanceof HTMLDocument) {
+    if (policy.has_payload) {
 	await wait_for_head(doc, root);
 
 	root.querySelectorAll("head meta")
@@ -333,6 +335,9 @@ if (!is_privileged_url(document.URL)) {
 	policy = {allow: false, nonce: gen_nonce()};
     }
 
+    if (!(document instanceof HTMLDocument))
+	policy.has_payload = false;
+
     console.debug("current policy", policy);
 
     const doc_ready = Promise.all([
-- 
cgit v1.2.3


From ed9cc030ec7992b3f59d155067a3ebff6c9e1faa Mon Sep 17 00:00:00 2001
From: Wojtek Kosior <koszko@koszko.org>
Date: Thu, 9 Sep 2021 18:51:38 +0200
Subject: restore compatibility with IceCat 60

---
 content/main.js | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/content/main.js b/content/main.js
index a26f72d..cc7692a 100644
--- a/content/main.js
+++ b/content/main.js
@@ -243,10 +243,11 @@ function mozilla_initial_block(doc)
 {
     doc.addEventListener("beforescriptexecute", prevent_script_execution);
 
-    [...doc.all].flatMap(ele => [...ele.attributes].map(attr => [ele, attr]))
-	.map(([ele, attr]) => [ele, attr.localName])
-	.filter(([ele, attr]) => /^on/.test(attr) && ele.wrappedJSObject[attr])
-	.forEach(([ele, attr]) => ele.wrappedJSObject[attr] = null);
+    for (const elem of doc.querySelectorAll("*")) {
+	[...elem.attributes].map(attr => attr.localName)
+	    .filter(attr => /^on/.test(attr) && elem.wrappedJSObject[attr])
+	    .forEach(attr => elem.wrappedJSObject[attr] = null);
+    }
 }
 
 /*
-- 
cgit v1.2.3


From 72cbfa74f7f30fdf60fc6ad73182ed1cca3d3712 Mon Sep 17 00:00:00 2001
From: Wojtek Kosior <koszko@koszko.org>
Date: Thu, 9 Sep 2021 20:18:01 +0200
Subject: limit allowed pattern lengths

---
 common/patterns.js    | 141 +++++++++++++++++---------------------------------
 html/display-panel.js |  28 +++-------
 2 files changed, 53 insertions(+), 116 deletions(-)

diff --git a/common/patterns.js b/common/patterns.js
index ebb55ab..ae29fcd 100644
--- a/common/patterns.js
+++ b/common/patterns.js
@@ -5,6 +5,11 @@
  * Redistribution terms are gathered in the `copyright' file.
  */
 
+const MAX_URL_PATH_LEN = 12;
+const MAX_URL_PATH_CHARS = 255;
+const MAX_DOMAIN_LEN = 7;
+const MAX_DOMAIN_CHARS = 100;
+
 const proto_regex = /^(\w+):\/\/(.*)$/;
 
 const user_re = "[^/?#@]+@"
@@ -37,103 +42,51 @@ function deconstruct_url(url)
 	[deco.domain, deco.path, deco.query] = http_match.slice(1, 4);
     }
 
-    if (deco.domain)
-	deco.domain = deco.domain.split(".");
-
     const leading_dash = deco.path[0] === "/";
     deco.trailing_dash = deco.path[deco.path.length - 1] === "/";
-    deco.path = deco.path.split("/").filter(s => s !== "");
-    if (leading_dash || deco.path.length === 0)
-	deco.path.unshift("");
 
-    return deco;
-}
+    if (deco.domain) {
+	if (deco.domain.length > MAX_DOMAIN_CHARS) {
+	    const idx = deco.domain.indexOf(".", deco.domain.length -
+					    MAX_DOMAIN_CHARS);
+	    if (idx === -1)
+		deco.domain = [];
+	    else
+		deco.domain = deco.domain.substring(idx + 1);
 
-/* Be sane: both arguments should be arrays of length >= 2 */
-function domain_matches(url_domain, pattern_domain)
-{
-    const length_difference = url_domain.length - pattern_domain.length;
-
-    for (let i = 1; i <= url_domain.length; i++) {
-	const url_part = url_domain[url_domain.length - i];
-	const pattern_part = pattern_domain[pattern_domain.length - i];
-
-	if (pattern_domain.length === i) {
-	    if (pattern_part === "*")
-		return length_difference === 0;
-	    if (pattern_part === "**")
-		return length_difference > 0;
-	    if (pattern_part === "***")
-		return true;
-	    return length_difference === 0 && pattern_part === url_part;
+	    deco.domain_truncated = true;
 	}
 
-	if (pattern_part !== url_part)
-	    return false;
-    }
-
-    return pattern_domain.length === url_domain.length + 1 &&
-	pattern_domain[0] === "***";
-}
-
-function path_matches(url_path, url_trailing_dash,
-		      pattern_path, pattern_trailing_dash)
-{
-    const dashes_ok = !(pattern_trailing_dash && !url_trailing_dash);
-
-    if (pattern_path.length === 0)
-	return url_path.length === 0 && dashes_ok;
-
-    const length_difference = url_path.length - pattern_path.length;
-
-    for (let i = 0; i < url_path.length; i++) {
-	if (pattern_path.length === i + 1) {
-	    if (pattern_path[i] === "*")
-		return length_difference === 0;
-	    if (pattern_path[i] === "**") {
-		return length_difference > 0 ||
-		    (url_path[i] === "**" && dashes_ok);
-	    }
-	    if (pattern_path[i] === "***")
-		return length_difference >= 0;
-	    return length_difference === 0 &&
-		pattern_path[i] === url_path[i] && dashes_ok;
+	if (deco.path.length > MAX_URL_PATH_CHARS) {
+	    deco.path = deco.path.substring(0, deco.path.lastIndexOf("/"));
+	    deco.path_truncated = true;
 	}
-
-	if (pattern_path[i] !== url_path[i])
-	    return false;
     }
 
-    return false;
-}
-
-function url_matches(url, pattern)
-{
-    const url_deco = deconstruct_url(url);
-    const pattern_deco = deconstruct_url(pattern);
-
-    if (url_deco === undefined || pattern_deco === undefined) {
-	console.log(`bad comparison: ${url} and ${pattern}`);
-	return false
+    if (typeof deco.domain === "string") {
+	deco.domain = deco.domain.split(".");
+	if (deco.domain.splice(0, deco.domain.length - MAX_DOMAIN_LEN).length
+	    > 0)
+	    deco.domain_truncated = true;
     }
 
-    return pattern_deco.proto === url_deco.proto &&
-	!(pattern_deco.proto === "file" && pattern_deco.trailing_dash) &&
-	!!url_deco.domain === !!pattern_deco.domain &&
-	(!url_deco.domain ||
-	 domain_matches(url_deco.domain, pattern_deco.domain)) &&
-	path_matches(url_deco.path, url_deco.trailing_dash,
-		     pattern_deco.path, pattern_deco.trailing_dash);
+    deco.path = deco.path.split("/").filter(s => s !== "");
+    if (deco.domain && deco.path.splice(MAX_URL_PATH_LEN).length > 0)
+	deco.path_truncated = true;
+    if (leading_dash || deco.path.length === 0)
+	deco.path.unshift("");
+
+    return deco;
 }
 
-function* each_domain_pattern(domain_segments)
+function* each_domain_pattern(deco)
 {
-    for (let slice = 0; slice < domain_segments.length; slice++) {
-	const domain_part = domain_segments.slice(slice).join(".");
+    for (let slice = 0; slice < deco.domain.length - 1; slice++) {
+	const domain_part = deco.domain.slice(slice).join(".");
 	const domain_wildcards = [];
-	if (slice === 0)
+	if (slice === 0 && !deco.domain_truncated)
 	    yield domain_part;
-	if (slice === 1)
+	if (slice === 1 && !deco.domain_truncated)
 	    yield "*." + domain_part;
 	if (slice > 1)
 	    yield "**." + domain_part;
@@ -141,22 +94,23 @@ function* each_domain_pattern(domain_segments)
     }
 }
 
-function* each_path_pattern(path_segments, trailing_dash)
+function* each_path_pattern(deco)
 {
-    for (let slice = path_segments.length; slice > 0; slice--) {
-	const path_part = path_segments.slice(0, slice).join("/");
+    for (let slice = deco.path.length; slice > 0; slice--) {
+	const path_part = deco.path.slice(0, slice).join("/");
 	const path_wildcards = [];
-	if (slice === path_segments.length) {
-	    if (trailing_dash)
+	if (slice === deco.path.length && !deco.path_truncated) {
+	    if (deco.trailing_dash)
 		yield path_part + "/";
 	    yield path_part;
 	}
-	if (slice === path_segments.length - 1 && path_segments[slice] !== "*")
+	if (slice === deco.path.length - 1 && !deco.path_truncated &&
+	    deco.path[slice] !== "*")
 	    yield path_part + "/*";
-	if (slice < path_segments.length - 1)
+	if (slice < deco.path.length - 1)
 	    yield path_part + "/**";
-	if (slice < path_segments.length - 1 ||
-	    path_segments[path_segments.length - 1] !== "***")
+	if (slice !== deco.path.length - 1 || deco.path_truncated ||
+	    deco.path[slice] !== "***")
 	    yield path_part + "/***";
     }
 }
@@ -167,20 +121,19 @@ function* each_url_pattern(url)
     const deco = deconstruct_url(url);
 
     if (deco === undefined) {
-	console.log("bad url format", url);
+	console.error("bad url format", url);
 	return false;
     }
 
-    const all_domains = deco.domain ? each_domain_pattern(deco.domain) : [""];
+    const all_domains = deco.domain ? each_domain_pattern(deco) : [""];
     for (const domain of all_domains) {
-	for (const path of each_path_pattern(deco.path, deco.trailing_dash))
+	for (const path of each_path_pattern(deco))
 	    yield `${deco.proto}://${domain}${path}`;
     }
 }
 
 /*
  * EXPORTS_START
- * EXPORT url_matches
  * EXPORT each_url_pattern
  * EXPORTS_END
  */
diff --git a/html/display-panel.js b/html/display-panel.js
index 623ff36..84c922f 100644
--- a/html/display-panel.js
+++ b/html/display-panel.js
@@ -21,7 +21,6 @@
  * IMPORT TYPE_PREFIX
  * IMPORT nice_name
  * IMPORT open_in_settings
- * IMPORT url_matches
  * IMPORT each_url_pattern
  * IMPORT by_id
  * IMPORT clone_template
@@ -114,36 +113,21 @@ function add_pattern_to_list(pattern)
     return template;
 }
 
-function ensure_pattern_exists(pattern)
-{
-    let entry_object = known_patterns.get(pattern);
-    /*
-     * As long as pattern computation works well, we should never get into this
-     * conditional block. This is just a safety measure. To be removed as part
-     * of a bigger rework when we start taking iframes into account.
-     */
-    if (entry_object === undefined) {
-	console.log(`unknown pattern: ${pattern}`);
-	entry_object = add_pattern_to_list(pattern);
-    }
-
-    return entry_object;
-}
-
 function style_possible_pattern_entry(pattern, exists_in_settings)
 {
     const [text, class_action] = exists_in_settings ?
 	  ["Edit", "add"] : ["Add", "remove"];
-    const entry_object = ensure_pattern_exists(pattern);
+    const entry_object = known_patterns.get(pattern);
 
-    entry_object.button.textContent = `${text} setting`;
-    entry_object.entry.classList[class_action]("matched_pattern");
+    if (entry_object) {
+	entry_object.button.textContent = `${text} setting`;
+	entry_object.entry.classList[class_action]("matched_pattern");
+    }
 }
 
 function handle_page_change(change)
 {
-    if (url_matches(tab_url, change.item))
-        style_possible_pattern_entry(change.item, change.new_val !== undefined);
+    style_possible_pattern_entry(change.item, change.new_val !== undefined);
 }
 
 function populate_possible_patterns_list(url)
-- 
cgit v1.2.3


From 5c75d7446187a01409eff1a1e5946f66267f61fb Mon Sep 17 00:00:00 2001
From: Wojtek Kosior <koszko@koszko.org>
Date: Fri, 10 Sep 2021 16:50:56 +0200
Subject: Make it impossible to check "Allow native scripts" for pages with
 payload.

---
 background/page_actions_server.js | 14 +++++++++-----
 html/options.html                 | 23 +++++++++++++++++++++--
 html/options_main.js              |  3 +++
 3 files changed, 33 insertions(+), 7 deletions(-)

diff --git a/background/page_actions_server.js b/background/page_actions_server.js
index b0db5f5..e21ca6e 100644
--- a/background/page_actions_server.js
+++ b/background/page_actions_server.js
@@ -25,15 +25,19 @@ let policy_observable;
 
 function send_actions(url, port)
 {
-    let [pattern, settings] = query_best(storage, url);
-    if (!settings)
-	settings = {allow: policy_observable && policy_observable.value};
+    const [pattern, queried_settings] = query_best(storage, url);
+
+    const settings = {allow: policy_observable && policy_observable.value};
+    Object.assign(settings, queried_settings);
+    if (settings.components)
+	settings.allow = false;
+
     const repos = storage.get_all(TYPE_PREFIX.REPO);
 
     port.postMessage(["settings", [pattern, settings, repos]]);
 
-    let components = settings.components;
-    let processed_bags = new Set();
+    const components = settings.components;
+    const processed_bags = new Set();
 
     if (components !== undefined)
 	send_scripts([components], port, processed_bags);
diff --git a/html/options.html b/html/options.html
index f2a75e1..01b1061 100644
--- a/html/options.html
+++ b/html/options.html
@@ -152,6 +152,22 @@
 	  min-width: 70vw;
 	  resize: none;
       }
+
+      .form_disabled>* {
+	  opacity: 0.5;
+	  pointer-events: none;
+      }
+
+      .form_disabled_msg {
+	  display: none;
+	  font-style: italic;
+      }
+
+      .form_disabled .form_disabled_msg {
+	  opacity: initial;
+	  pointer-events: initial;
+	  display: initial;
+      }
     </style>
   </head>
   <body>
@@ -226,15 +242,18 @@
 		    <label for="page_url_field">URL: </label>
 		    <input id="page_url_field"></input>
 		    <label>Payload: </label>
-		    <span>
+		    <span class="nowrap">
 		      <span id="page_payload"></span>
 		      <button id="select_page_components_but">
 			Choose payload
 		      </button>
 		    </span>
-		    <div>
+		    <div id="allow_native_scripts_container" class="nowrap">
 		      <input id="page_allow_chbx" type="checkbox" style="display: inline;"></input>
 		      <label for="page_allow_chbx">Allow native scripts</label>
+		      <span class="form_disabled_msg">
+			(only possible when no payload is used)
+		      </span>
 		    </div>
 		    <div>
 		      <button id="save_page_but" type="button"> Save </button>
diff --git a/html/options_main.js b/html/options_main.js
index 2f4f154..27ab0ec 100644
--- a/html/options_main.js
+++ b/html/options_main.js
@@ -157,6 +157,7 @@ function work_repo_li_data(ul)
     return [ul.work_name_input.value, {}];
 }
 
+const allow_native_scripts_container = by_id("allow_native_scripts_container");
 const page_payload_span = by_id("page_payload");
 
 function set_page_components(components)
@@ -164,12 +165,14 @@ function set_page_components(components)
     if (components === undefined) {
 	page_payload_span.setAttribute("data-payload", "no");
 	page_payload_span.textContent = "(None)";
+	allow_native_scripts_container.classList.remove("form_disabled");
     } else {
 	page_payload_span.setAttribute("data-payload", "yes");
 	let [prefix, name] = components;
 	page_payload_span.setAttribute("data-prefix", prefix);
 	page_payload_span.setAttribute("data-name", name);
 	page_payload_span.textContent = nice_name(prefix, name);
+	allow_native_scripts_container.classList.add("form_disabled");
     }
 }
 
-- 
cgit v1.2.3


From d658cadf5184b127ec6ae6d6d8900f5e428095b0 Mon Sep 17 00:00:00 2001
From: Wojtek Kosior <koszko@koszko.org>
Date: Fri, 10 Sep 2021 17:46:24 +0200
Subject: disable service workers when scripts are blocked

---
 content/main.js | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)

diff --git a/content/main.js b/content/main.js
index cc7692a..6478ea0 100644
--- a/content/main.js
+++ b/content/main.js
@@ -304,6 +304,27 @@ http-equiv="Content-Security-Policy" content="${make_csp_rule(policy)}"\
     start_data_urls_sanitizing(doc);
 }
 
+async function disable_service_workers()
+{
+    if (!navigator.serviceWorker)
+	return;
+
+    const registrations = await navigator.serviceWorker.getRegistrations();
+    if (registrations.length === 0)
+	return;
+
+    console.warn("Service Workers detected on this page! Unregistering and reloading");
+
+    try {
+	await Promise.all(registrations.map(r => r.unregister()));
+    } finally {
+	location.reload();
+    }
+
+    /* Never actually return! */
+    return new Promise(() => 0);
+}
+
 if (!is_privileged_url(document.URL)) {
     let policy_received_callback = () => undefined;
     let policy;
@@ -343,6 +364,7 @@ if (!is_privileged_url(document.URL)) {
 
     const doc_ready = Promise.all([
 	policy.allow ? Promise.resolve() : sanitize_document(document, policy),
+	policy.allow ? Promise.resolve() : disable_service_workers(),
 	wait_loaded(document)
     ]);
 
-- 
cgit v1.2.3


From 947fbdefffe0f6010e32abbfdce2f4b388d3f7f7 Mon Sep 17 00:00:00 2001
From: Wojtek Kosior <koszko@koszko.org>
Date: Sat, 11 Sep 2021 13:56:50 +0200
Subject: added missing line break in options page

---
 html/options.html | 1 +
 1 file changed, 1 insertion(+)

diff --git a/html/options.html b/html/options.html
index 01b1061..54ab9e8 100644
--- a/html/options.html
+++ b/html/options.html
@@ -267,6 +267,7 @@
 	</div>
       </div>
       <button id="add_page_but" type="button"> Add page </button>
+      <br/>
       <IMPORT html/default_blocking_policy.html />
     </div>
     <div id="bags" class="tab">
-- 
cgit v1.2.3


From 2bd35bc4b0d32b70320b06d932db90e75e89373e Mon Sep 17 00:00:00 2001
From: Wojtek Kosior <koszko@koszko.org>
Date: Mon, 13 Sep 2021 16:56:44 +0200
Subject: rename the extension to "Haketilo"

---
 README.txt                        |   6 +-
 background/cookie_filter.js       |  17 ++---
 background/main.js                |   4 +-
 background/page_actions_server.js |   4 +-
 background/policy_injector.js     |  26 ++++----
 background/storage.js             |   4 +-
 background/storage_server.js      |   4 +-
 background/stream_filter.js       |   6 +-
 common/ajax.js                    |   5 +-
 common/connection_types.js        |   4 +-
 common/lock.js                    |   4 +-
 common/message_server.js          |   4 +-
 common/misc.js                    |   4 +-
 common/observable.js              |   5 +-
 common/once.js                    |   5 +-
 common/patterns.js                |   4 +-
 common/sanitize_JSON.js           |   5 +-
 common/settings_query.js          |   4 +-
 common/signing.js                 |   7 ++-
 common/storage_client.js          |   4 +-
 common/storage_light.js           |   5 +-
 common/storage_raw.js             |   5 +-
 common/stored_types.js            |   4 +-
 content/activity_info_server.js   |   7 ++-
 content/main.js                   |  22 ++++---
 content/page_actions.js           |   6 +-
 content/repo_query.js             |   5 +-
 copyright                         |   2 +-
 html/DOM_helpers.js               |   4 +-
 html/MOZILLA_scrollbar_fix.css    |   6 +-
 html/back_button.css              |   5 +-
 html/base.css                     |   4 +-
 html/default_blocking_policy.js   |   5 +-
 html/display-panel.html           |   8 ++-
 html/display-panel.js             |   4 +-
 html/import_frame.js              |   4 +-
 html/options.html                 |   6 +-
 html/options_main.js              |   4 +-
 icons/hachette.svg                | 127 --------------------------------------
 icons/hachette128.png             | Bin 6031 -> 0 bytes
 icons/hachette16.png              | Bin 752 -> 0 bytes
 icons/hachette32.png              | Bin 1358 -> 0 bytes
 icons/hachette48.png              | Bin 2154 -> 0 bytes
 icons/hachette64.png              | Bin 2908 -> 0 bytes
 icons/haketilo.svg                | 127 ++++++++++++++++++++++++++++++++++++++
 icons/haketilo128.png             | Bin 0 -> 6031 bytes
 icons/haketilo16.png              | Bin 0 -> 752 bytes
 icons/haketilo32.png              | Bin 0 -> 1358 bytes
 icons/haketilo48.png              | Bin 0 -> 2154 bytes
 icons/haketilo64.png              | Bin 0 -> 2908 bytes
 manifest.json                     |  28 +++++----
 re-generate_icons.sh              |   2 +-
 52 files changed, 292 insertions(+), 224 deletions(-)
 delete mode 100644 icons/hachette.svg
 delete mode 100644 icons/hachette128.png
 delete mode 100644 icons/hachette16.png
 delete mode 100644 icons/hachette32.png
 delete mode 100644 icons/hachette48.png
 delete mode 100644 icons/hachette64.png
 create mode 100644 icons/haketilo.svg
 create mode 100644 icons/haketilo128.png
 create mode 100644 icons/haketilo16.png
 create mode 100644 icons/haketilo32.png
 create mode 100644 icons/haketilo48.png
 create mode 100644 icons/haketilo64.png

diff --git a/README.txt b/README.txt
index ad640b0..1aec0ba 100644
--- a/README.txt
+++ b/README.txt
@@ -1,4 +1,4 @@
-# Hachette - Make The Web Great Again! #
+# Haketilo - Make The Web Great Again! #
 
 This extension's goal is to allow replacing javascript served by websites
 with scripts specified by user. Something like NoScript and Greasemonkey
@@ -9,7 +9,7 @@ Currently, the target browsers for this extension are Ungoogled Chromium
 and various forks of Firefox (version 60+).
 
 This extension is still in an early stage. Also see
-`https://hachettebugs.koszko.org/projects/hachette/wiki/' for documentation in
+`https://hydrillabugs.koszko.org/projects/haketilo/wiki/' for documentation in
 development.
 
 ## Installation ##
@@ -28,6 +28,6 @@ various additional licenses and permissions for particular files.
 
 ## Contributing ##
 Get the code from: https://git.koszko.org/browser-extension/
-Come to: https://hachettebugs.koszko.org/projects/hachette
+Come to: https://hydrillabugs.koszko.org/projects/haketilo
 
 Optionally, write to $(echo a29zemtvQGtvc3prby5vcmcK | base64 -d)
diff --git a/background/cookie_filter.js b/background/cookie_filter.js
index fea2d23..64d18b2 100644
--- a/background/cookie_filter.js
+++ b/background/cookie_filter.js
@@ -1,7 +1,8 @@
 /**
- * part of Hachette
- * Filtering request headers to remove hachette cookies that might have slipped
- * through.
+ * This file is part of Haketilo.
+ *
+ * Function: Filtering request headers to remove haketilo cookies that might
+ *     have slipped through.
  *
  * Copyright (C) 2021 Wojtek Kosior
  * Redistribution terms are gathered in the `copyright' file.
@@ -13,29 +14,29 @@
  * IMPORTS_END
  */
 
-function is_valid_hachette_cookie(cookie)
+function is_valid_haketilo_cookie(cookie)
 {
-    const match = /^hachette-(\w*)=(.*)$/.exec(cookie);
+    const match = /^haketilo-(\w*)=(.*)$/.exec(cookie);
     if (!match)
 	return false;
 
     return !extract_signed(match.slice(1, 3)).fail;
 }
 
-function remove_hachette_cookies(header)
+function remove_haketilo_cookies(header)
 {
     if (header.name !== "Cookie")
 	return header;
 
     const cookies = header.value.split("; ");
-    const value = cookies.filter(c => !is_valid_hachette_cookie(c)).join("; ");
+    const value = cookies.filter(c => !is_valid_haketilo_cookie(c)).join("; ");
 
     return value ? {name: "Cookie", value} : null;
 }
 
 function filter_cookie_headers(headers)
 {
-    return headers.map(remove_hachette_cookies).filter(h => h);
+    return headers.map(remove_haketilo_cookies).filter(h => h);
 }
 
 /*
diff --git a/background/main.js b/background/main.js
index 03cd5d7..40b3a9e 100644
--- a/background/main.js
+++ b/background/main.js
@@ -1,5 +1,7 @@
 /**
- * Hachette main background script
+ * This file is part of Haketilo.
+ *
+ * Function: Main background script.
  *
  * Copyright (C) 2021 Wojtek Kosior
  * Redistribution terms are gathered in the `copyright' file.
diff --git a/background/page_actions_server.js b/background/page_actions_server.js
index e21ca6e..156a79f 100644
--- a/background/page_actions_server.js
+++ b/background/page_actions_server.js
@@ -1,5 +1,7 @@
 /**
- * Hachette serving of page actions to content scripts
+ * This file is part of Haketilo.
+ *
+ * Function: Serving page actions to content scripts.
  *
  * Copyright (C) 2021 Wojtek Kosior
  * Redistribution terms are gathered in the `copyright' file.
diff --git a/background/policy_injector.js b/background/policy_injector.js
index e5af055..881595b 100644
--- a/background/policy_injector.js
+++ b/background/policy_injector.js
@@ -1,5 +1,7 @@
 /**
- * Hachette injecting policy to page using webRequest
+ * This file is part of Haketilo.
+ *
+ * Function: Injecting policy to page by modifying HTTP headers.
  *
  * Copyright (C) 2021 Wojtek Kosior
  * Copyright (C) 2021 jahoti
@@ -19,10 +21,10 @@ function inject_csp_headers(headers, policy)
 {
     let csp_headers;
     let old_signature;
-    let hachette_header;
+    let haketilo_header;
 
-    for (const header of headers.filter(h => h.name === "x-hachette")) {
-	/* x-hachette header has format: <signature>_0_<data> */
+    for (const header of headers.filter(h => h.name === "x-haketilo")) {
+	/* x-haketilo header has format: <signature>_0_<data> */
 	const match = /^([^_]+)_(0_.*)$/.exec(header.value);
 	if (!match)
 	    continue;
@@ -38,7 +40,7 @@ function inject_csp_headers(headers, policy)
 	csp_headers = old_data.csp_headers;
 	old_signature = old_data.policy_sig;
 
-	hachette_header = header;
+	haketilo_header = header;
 	break;
     }
 
@@ -53,9 +55,9 @@ function inject_csp_headers(headers, policy)
 	headers.push(...csp_headers || []);
     }
 
-    if (!hachette_header) {
-	hachette_header = {name: "x-hachette"};
-	headers.push(hachette_header);
+    if (!haketilo_header) {
+	haketilo_header = {name: "x-haketilo"};
+	headers.push(haketilo_header);
     }
 
     if (old_signature)
@@ -66,7 +68,7 @@ function inject_csp_headers(headers, policy)
     const later_30sec = new Date(new Date().getTime() + 30000).toGMTString();
     headers.push({
 	name: "Set-Cookie",
-	value: `hachette-${signed_policy.join("=")}; Expires=${later_30sec};`
+	value: `haketilo-${signed_policy.join("=")}; Expires=${later_30sec};`
     });
 
     /*
@@ -74,9 +76,9 @@ function inject_csp_headers(headers, policy)
      * These are signed with a time of 0, as it's not clear there is a limit on
      * how long Firefox might retain headers in the cache.
      */
-    let hachette_data = {csp_headers, policy_sig: signed_policy[0]};
-    hachette_data = encodeURIComponent(JSON.stringify(hachette_data));
-    hachette_header.value = sign_data(hachette_data, 0).join("_");
+    let haketilo_data = {csp_headers, policy_sig: signed_policy[0]};
+    haketilo_data = encodeURIComponent(JSON.stringify(haketilo_data));
+    haketilo_header.value = sign_data(haketilo_data, 0).join("_");
 
     if (!policy.allow) {
 	headers.push({
diff --git a/background/storage.js b/background/storage.js
index 12c0c61..a4e626a 100644
--- a/background/storage.js
+++ b/background/storage.js
@@ -1,5 +1,7 @@
 /**
- * Hachette storage manager
+ * This file is part of Haketilo.
+ *
+ * Function: Storage manager.
  *
  * Copyright (C) 2021 Wojtek Kosior
  * Redistribution terms are gathered in the `copyright' file.
diff --git a/background/storage_server.js b/background/storage_server.js
index 2252eb5..73126d4 100644
--- a/background/storage_server.js
+++ b/background/storage_server.js
@@ -1,5 +1,7 @@
 /**
- * Hachette storage through connection (server side)
+ * This file is part of Haketilo.
+ *
+ * Function: Storage through messages (server side).
  *
  * Copyright (C) 2021 Wojtek Kosior
  * Redistribution terms are gathered in the `copyright' file.
diff --git a/background/stream_filter.js b/background/stream_filter.js
index 3e30a4b..e5e0827 100644
--- a/background/stream_filter.js
+++ b/background/stream_filter.js
@@ -1,5 +1,7 @@
 /**
- * Hachette modifying a web page using the StreamFilter API
+ * This file is part of Haketilo.
+ *
+ * Function: Modifying a web page using the StreamFilter API.
  *
  * Copyright (C) 2018 Giorgio Maone <giorgio@maone.net>
  * Copyright (C) 2021 Wojtek Kosior
@@ -173,7 +175,7 @@ function filter_data(properties, event)
 	 */
 
 	const dummy_script =
-	      `<script data-hachette-deleteme="${properties.policy.nonce}" nonce="${properties.policy.nonce}">null</script>`;
+	      `<script data-haketilo-deleteme="${properties.policy.nonce}" nonce="${properties.policy.nonce}">null</script>`;
 	const doctype_decl = /^(\s*<!doctype[^<>"']*>)?/i.exec(decoded)[0];
 	decoded = doctype_decl + dummy_script +
 	    decoded.substring(doctype_decl.length);
diff --git a/common/ajax.js b/common/ajax.js
index 8082bbe..7269a8a 100644
--- a/common/ajax.js
+++ b/common/ajax.js
@@ -1,6 +1,7 @@
 /**
- * part of Hachette
- * Wrapping XMLHttpRequest into a Promise.
+ * This file is part of Haketilo.
+ *
+ * Function: Wrapping XMLHttpRequest into a Promise.
  *
  * Copyright (C) 2021 Wojtek Kosior
  * Redistribution terms are gathered in the `copyright' file.
diff --git a/common/connection_types.js b/common/connection_types.js
index 88c6964..3e9df56 100644
--- a/common/connection_types.js
+++ b/common/connection_types.js
@@ -1,5 +1,7 @@
 /**
- * Hachette background scripts message connection types "enum"
+ * This file is part of Haketilo.
+ *
+ * Function: Define an "enum" of message connection types.
  *
  * Copyright (C) 2021 Wojtek Kosior
  * Redistribution terms are gathered in the `copyright' file.
diff --git a/common/lock.js b/common/lock.js
index 822ad1b..6cf0835 100644
--- a/common/lock.js
+++ b/common/lock.js
@@ -1,5 +1,7 @@
 /**
- * Hachette lock (aka binary semaphore aka mutex)
+ * This file is part of Haketilo.
+ *
+ * Function: Implement a lock (aka binary semaphore aka mutex).
  *
  * Copyright (C) 2021 Wojtek Kosior
  * Redistribution terms are gathered in the `copyright' file.
diff --git a/common/message_server.js b/common/message_server.js
index ea40487..c8c6696 100644
--- a/common/message_server.js
+++ b/common/message_server.js
@@ -1,5 +1,7 @@
 /**
- * Hachette message server
+ * This file is part of Haketilo.
+ *
+ * Function: Message server.
  *
  * Copyright (C) 2021 Wojtek Kosior
  * Redistribution terms are gathered in the `copyright' file.
diff --git a/common/misc.js b/common/misc.js
index 6cded84..9ffb7ff 100644
--- a/common/misc.js
+++ b/common/misc.js
@@ -1,5 +1,7 @@
 /**
- * Hachette miscellaneous operations refactored to a separate file
+ * This file is part of Haketilo.
+ *
+ * Function: Miscellaneous operations refactored to a separate file.
  *
  * Copyright (C) 2021 Wojtek Kosior
  * Copyright (C) 2021 jahoti
diff --git a/common/observable.js b/common/observable.js
index 02f1c1b..ab3b444 100644
--- a/common/observable.js
+++ b/common/observable.js
@@ -1,6 +1,7 @@
 /**
- * part of Hachette
- * Facilitate listening to events
+ * This file is part of Haketilo.
+ *
+ * Function: Facilitate listening to (internal, self-generated) events.
  *
  * Copyright (C) 2021 Wojtek Kosior
  * Redistribution terms are gathered in the `copyright' file.
diff --git a/common/once.js b/common/once.js
index 098b43f..93e842f 100644
--- a/common/once.js
+++ b/common/once.js
@@ -1,5 +1,8 @@
 /**
- * Hachette feature initialization promise
+ * This file is part of Haketilo.
+ *
+ * Function: Wrap APIs that depend on some asynchronous initialization into
+ *     promises.
  *
  * Copyright (C) 2021 Wojtek Kosior
  * Redistribution terms are gathered in the `copyright' file.
diff --git a/common/patterns.js b/common/patterns.js
index ae29fcd..625be05 100644
--- a/common/patterns.js
+++ b/common/patterns.js
@@ -1,5 +1,7 @@
 /**
- * Hachette operations on page url patterns
+ * This file is part of Haketilo.
+ *
+ * Function: Operations on page URL patterns.
  *
  * Copyright (C) 2021 Wojtek Kosior
  * Redistribution terms are gathered in the `copyright' file.
diff --git a/common/sanitize_JSON.js b/common/sanitize_JSON.js
index 8b86d2d..4cf1ef4 100644
--- a/common/sanitize_JSON.js
+++ b/common/sanitize_JSON.js
@@ -1,6 +1,7 @@
 /**
- * part of Hachette
- * Powerful, full-blown format enforcer for externally-obtained JSON
+ * This file is part of Haketilo.
+ *
+ * Function: Powerful, full-blown format enforcer for externally-obtained JSON.
  *
  * Copyright (C) 2021 Wojtek Kosior
  * Redistribution terms are gathered in the `copyright' file.
diff --git a/common/settings_query.js b/common/settings_query.js
index b54e580..7e1315e 100644
--- a/common/settings_query.js
+++ b/common/settings_query.js
@@ -1,5 +1,7 @@
 /**
- * Hachette querying page settings with regard to wildcard records
+ * This file is part of Haketilo.
+ *
+ * Function: Querying page settings.
  *
  * Copyright (C) 2021 Wojtek Kosior
  * Redistribution terms are gathered in the `copyright' file.
diff --git a/common/signing.js b/common/signing.js
index 1904bcd..11cd442 100644
--- a/common/signing.js
+++ b/common/signing.js
@@ -1,6 +1,7 @@
 /**
- * part of Hachette
- * Functions related to "signing" of data, refactored to a separate file.
+ * This file is part of Haketilo.
+ *
+ * Functions: Operations related to "signing" of data.
  *
  * Copyright (C) 2021 Wojtek Kosior
  * Redistribution terms are gathered in the `copyright' file.
@@ -16,7 +17,7 @@
 
 /*
  * In order to make certain data synchronously accessible in certain contexts,
- * hachette smuggles it in string form in places like cookies, URLs and headers.
+ * Haketilo smuggles it in string form in places like cookies, URLs and headers.
  * When using the smuggled data, we first need to make sure it isn't spoofed.
  * For that, we use this pseudo-signing mechanism.
  *
diff --git a/common/storage_client.js b/common/storage_client.js
index 2b2f495..ef4a0b8 100644
--- a/common/storage_client.js
+++ b/common/storage_client.js
@@ -1,5 +1,7 @@
 /**
- * Hachette storage through connection (client side)
+ * This file is part of Haketilo.
+ *
+ * Function: Storage through messages (client side).
  *
  * Copyright (C) 2021 Wojtek Kosior
  * Redistribution terms are gathered in the `copyright' file.
diff --git a/common/storage_light.js b/common/storage_light.js
index 067bf0c..32e3b1f 100644
--- a/common/storage_light.js
+++ b/common/storage_light.js
@@ -1,6 +1,7 @@
 /**
- * part of Hachette
- * Storage manager, lighter than the previous one.
+ * This file is part of Haketilo.
+ *
+ * Function: Storage manager, lighter than the previous one.
  *
  * Copyright (C) 2021 Wojtek Kosior
  * Redistribution terms are gathered in the `copyright' file.
diff --git a/common/storage_raw.js b/common/storage_raw.js
index 4c02ee4..e354b6b 100644
--- a/common/storage_raw.js
+++ b/common/storage_raw.js
@@ -1,6 +1,7 @@
 /**
- * part of Hachette
- * Basic wrappers for storage API functions.
+ * This file is part of Haketilo.
+ *
+ * Function: Basic wrappers for storage API functions.
  *
  * Copyright (C) 2021 Wojtek Kosior
  * Redistribution terms are gathered in the `copyright' file.
diff --git a/common/stored_types.js b/common/stored_types.js
index bfceba6..a693b1c 100644
--- a/common/stored_types.js
+++ b/common/stored_types.js
@@ -1,5 +1,7 @@
 /**
- * Hachette stored item types "enum"
+ * This file is part of Haketilo.
+ *
+ * Function: Define an "enum" of stored item types.
  *
  * Copyright (C) 2021 Wojtek Kosior
  * Redistribution terms are gathered in the `copyright' file.
diff --git a/content/activity_info_server.js b/content/activity_info_server.js
index 1b69703..d1dfe36 100644
--- a/content/activity_info_server.js
+++ b/content/activity_info_server.js
@@ -1,7 +1,8 @@
 /**
- * part of Hachette
- * Informing about activities performed by content script (script injection,
- * script blocking).
+ * This file is part of Haketilo.
+ *
+ * Function: Informing the popup about what happens in the content script
+ *     (script injection, script blocking, etc.).
  *
  * Copyright (C) 2021 Wojtek Kosior
  * Redistribution terms are gathered in the `copyright' file.
diff --git a/content/main.js b/content/main.js
index 6478ea0..cec9943 100644
--- a/content/main.js
+++ b/content/main.js
@@ -1,5 +1,7 @@
 /**
- * Hachette main content script run in all frames
+ * This file is part of Haketilo.
+ *
+ * Function: Main content script that runs in all frames.
  *
  * Copyright (C) 2021 Wojtek Kosior
  * Copyright (C) 2021 jahoti
@@ -33,7 +35,7 @@ function extract_cookie_policy(cookie, min_time)
     let policy = null;
     const extracted_signatures = [];
 
-    for (const match of cookie.matchAll(/hachette-(\w*)=([^;]*)/g)) {
+    for (const match of cookie.matchAll(/haketilo-(\w*)=([^;]*)/g)) {
 	const new_result = extract_signed(...match.slice(1, 3));
 	if (new_result.fail)
 	    continue;
@@ -60,7 +62,7 @@ function extract_url_policy(url, min_time)
     const [base_url, payload, anchor] =
 	  /^([^#]*)#?([^#]*)(#?.*)$/.exec(url).splice(1, 4);
 
-    const match = /^hachette_([^_]+)_(.*)$/.exec(payload);
+    const match = /^haketilo_([^_]+)_(.*)$/.exec(payload);
     if (!match)
 	return [null, url];
 
@@ -83,7 +85,7 @@ function employ_nonhttp_policy(policy)
     policy.nonce = gen_nonce();
     const [base_url, target] = /^([^#]*)(#?.*)$/.exec(policy.url).slice(1, 3);
     const encoded_policy = encodeURIComponent(JSON.stringify(policy));
-    const payload = "hachette_" +
+    const payload = "haketilo_" +
 	  sign_data(encoded_policy, new Date().getTime()).join("_");
     const resulting_url = `${base_url}#${payload}${target}`;
     location.href = resulting_url;
@@ -187,7 +189,7 @@ function sanitize_meta(meta)
 
 function sanitize_script(script)
 {
-    script.hachette_blocked_type = script.getAttribute("type");
+    script.haketilo_blocked_type = script.getAttribute("type");
     script.type = "text/plain";
 }
 
@@ -197,12 +199,12 @@ function sanitize_script(script)
  */
 function desanitize_script(script)
 {
-    script.setAttribute("type", script.hachette_blocked_type);
+    script.setAttribute("type", script.haketilo_blocked_type);
 
-    if ([null, undefined].includes(script.hachette_blocked_type))
+    if ([null, undefined].includes(script.haketilo_blocked_type))
 	script.removeAttribute("type");
 
-    delete script.hachette_blocked_type;
+    delete script.haketilo_blocked_type;
 }
 
 const bad_url_reg = /^data:([^,;]*ml|unknown-content-type)/i;
@@ -235,7 +237,7 @@ function start_data_urls_sanitizing(doc)
  */
 function prevent_script_execution(event)
 {
-    if (!event.target._hachette_payload)
+    if (!event.target.haketilo_payload)
 	event.preventDefault();
 }
 
@@ -336,7 +338,7 @@ if (!is_privileged_url(document.URL)) {
 	let signatures;
 	[policy, signatures] = extract_cookie_policy(document.cookie, min_time);
 	for (const signature of signatures)
-	    document.cookie = `hachette-${signature}=; Max-Age=-1;`;
+	    document.cookie = `haketilo-${signature}=; Max-Age=-1;`;
     } else {
 	const scheme = /^([^:]*)/.exec(document.URL)[1];
 	const known_scheme = ["file", "ftp"].includes(scheme);
diff --git a/content/page_actions.js b/content/page_actions.js
index 040b4ab..db7c352 100644
--- a/content/page_actions.js
+++ b/content/page_actions.js
@@ -1,5 +1,7 @@
 /**
- * Hachette handling of page actions in content scripts
+ * This file is part of Haketilo.
+ *
+ * Function: Handle page actions in a content script.
  *
  * Copyright (C) 2021 Wojtek Kosior
  * Redistribution terms are gathered in the `copyright' file.
@@ -60,7 +62,7 @@ function add_script(script_text)
     let script = document.createElement("script");
     script.textContent = script_text;
     script.setAttribute("nonce", nonce);
-    script._hachette_payload = true;
+    script.haketilo_payload = true;
     document.body.appendChild(script);
 
     report_script(script_text);
diff --git a/content/repo_query.js b/content/repo_query.js
index 3708108..637282c 100644
--- a/content/repo_query.js
+++ b/content/repo_query.js
@@ -1,6 +1,7 @@
 /**
- * part of Hachette
- * Getting available content for site from remote repositories.
+ * This file is part of Haketilo.
+ *
+ * Function: Getting available content for site from remote repositories.
  *
  * Copyright (C) 2021 Wojtek Kosior
  * Redistribution terms are gathered in the `copyright' file.
diff --git a/copyright b/copyright
index 4c37eb3..fe2aed7 100644
--- a/copyright
+++ b/copyright
@@ -1,5 +1,5 @@
 Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
-Upstream-Name: Hachette
+Upstream-Name: Haketilo
 Source: https://git.koszko.org/browser-extension/
 
 Files: *
diff --git a/html/DOM_helpers.js b/html/DOM_helpers.js
index 01e2be9..4fe118d 100644
--- a/html/DOM_helpers.js
+++ b/html/DOM_helpers.js
@@ -1,5 +1,7 @@
 /**
- * Hachette operations on DOM elements
+ * This file is part of Haketilo.
+ *
+ * Function: Operations on DOM elements.
  *
  * Copyright (C) 2021 Wojtek Kosior
  * Redistribution terms are gathered in the `copyright' file.
diff --git a/html/MOZILLA_scrollbar_fix.css b/html/MOZILLA_scrollbar_fix.css
index 5feb7c3..cdbd5c6 100644
--- a/html/MOZILLA_scrollbar_fix.css
+++ b/html/MOZILLA_scrollbar_fix.css
@@ -1,6 +1,8 @@
 /**
- * Hachette
- * Hacky fix for vertical scrollbar width being included in child's width.
+ * This file is part of Haketilo.
+ *
+ * Function: Hacky fix for vertical scrollbar width being included in child's
+ *     width.
  *
  * Copyright (C) 2021 Wojtek Kosior
  * Redistribution terms are gathered in the `copyright' file.
diff --git a/html/back_button.css b/html/back_button.css
index 1ddc5da..b83e834 100644
--- a/html/back_button.css
+++ b/html/back_button.css
@@ -1,6 +1,7 @@
 /**
- * part of Hachette
- * Style for a "back" button with a CSS arrow image.
+ * This file is part of Haketilo.
+ *
+ * Function: Style for a "back" button with a CSS arrow image.
  *
  * Copyright (C) 2021 Wojtek Kosior
  * Redistribution terms are gathered in the `copyright' file.
diff --git a/html/base.css b/html/base.css
index df52f7c..517a5c1 100644
--- a/html/base.css
+++ b/html/base.css
@@ -1,5 +1,7 @@
 /**
- * Hachette base styles
+ * This file is part of Haketilo.
+ *
+ * Function: Base styles.
  *
  * Copyright (C) 2021 Wojtek Kosior
  * Copyright (C) 2021 Nicholas Johnson
diff --git a/html/default_blocking_policy.js b/html/default_blocking_policy.js
index 2f49bac..b6458f3 100644
--- a/html/default_blocking_policy.js
+++ b/html/default_blocking_policy.js
@@ -1,6 +1,7 @@
 /**
- * part of Hachette
- * Default policy dialog logic.
+ * This file is part of Haketilo.
+ *
+ * Function: Logic for the dialog of default policy selection.
  *
  * Copyright (C) 2021 Wojtek Kosior
  * Redistribution terms are gathered in the `copyright' file.
diff --git a/html/display-panel.html b/html/display-panel.html
index 3ed1b7a..ee9e767 100644
--- a/html/display-panel.html
+++ b/html/display-panel.html
@@ -1,12 +1,16 @@
 <!doctype html>
 <!--
+    This file is part of Haketilo.
+
+    Function: Extension's popup page.
+
     Copyright (C) 2021 Wojtek Kosior
     Redistribution terms are gathered in the `copyright' file.
   -->
 <html>
   <head>
     <meta charset="utf-8"/>
-    <title>Hachette - page settings</title>
+    <title>Haketilo - page settings</title>
     <link type="text/css" rel="stylesheet" href="reset.css" />
     <link type="text/css" rel="stylesheet" href="base.css" />
     <link type="text/css" rel="stylesheet" href="back_button.css" />
@@ -331,7 +335,7 @@
 
       <div class="footer padding_inline has_upper_thin_line">
 	<button id="settings_but" type="button">
-	  Open Hachette settings
+	  Open Haketilo settings
 	</button>
       </div>
     </div>
diff --git a/html/display-panel.js b/html/display-panel.js
index 84c922f..c078850 100644
--- a/html/display-panel.js
+++ b/html/display-panel.js
@@ -1,5 +1,7 @@
 /**
- * Hachette display panel logic
+ * This file is part of Haketilo.
+ *
+ * Function: Popup logic.
  *
  * Copyright (C) 2021 Wojtek Kosior
  * Redistribution terms are gathered in the `copyright' file.
diff --git a/html/import_frame.js b/html/import_frame.js
index c0eb2f0..ae6fab4 100644
--- a/html/import_frame.js
+++ b/html/import_frame.js
@@ -1,5 +1,7 @@
 /**
- * Hachette HTML import frame script
+ * This file is part of Haketilo.
+ *
+ * Function: Logic for the settings import frame.
  *
  * Copyright (C) 2021 Wojtek Kosior
  * Redistribution terms are gathered in the `copyright' file.
diff --git a/html/options.html b/html/options.html
index 54ab9e8..2e8317c 100644
--- a/html/options.html
+++ b/html/options.html
@@ -1,12 +1,16 @@
 <!doctype html>
 <!--
+    This file is part of Haketilo.
+
+    Function: Extension's settings page.
+
     Copyright (C) 2021 Wojtek Kosior
     Redistribution terms are gathered in the `copyright' file.
   -->
 <html>
   <head>
     <meta charset="utf-8"/>
-    <title>Hachette options</title>
+    <title>Haketilo options</title>
     <link type="text/css" rel="stylesheet" href="reset.css" />
     <link type="text/css" rel="stylesheet" href="base.css" />
     <link type="text/css" rel="stylesheet" href="table.css" />
diff --git a/html/options_main.js b/html/options_main.js
index 27ab0ec..f8faf9b 100644
--- a/html/options_main.js
+++ b/html/options_main.js
@@ -1,5 +1,7 @@
 /**
- * Hachette HTML options page main script
+ * This file is part of Haketilo.
+ *
+ * Function: Settings page logic.
  *
  * Copyright (C) 2021 Wojtek Kosior
  * Redistribution terms are gathered in the `copyright' file.
diff --git a/icons/hachette.svg b/icons/hachette.svg
deleted file mode 100644
index 6e8948d..0000000
--- a/icons/hachette.svg
+++ /dev/null
@@ -1,127 +0,0 @@
-<?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<svg
-   xmlns:dc="http://purl.org/dc/elements/1.1/"
-   xmlns:cc="http://creativecommons.org/ns#"
-   xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
-   xmlns:svg="http://www.w3.org/2000/svg"
-   xmlns="http://www.w3.org/2000/svg"
-   width="128"
-   height="128"
-   viewBox="0 -0.6 33.866668 33.866666"
-   version="1.1"
-   id="svg8">
-  <title
-     id="title1418">Hatchet</title>
-  <defs
-     id="defs2">
-    <filter
-       style="color-interpolation-filters:sRGB"
-       id="filter994"
-       x="-0.78125864"
-       width="2.5625174"
-       y="-0.25392297"
-       height="1.5078459">
-      <feGaussianBlur
-         stdDeviation="1.7304741"
-         id="feGaussianBlur996" />
-    </filter>
-    <filter
-       style="color-interpolation-filters:sRGB"
-       id="filter1401"
-       x="-0.43681362"
-       width="1.8736273"
-       y="-0.032828163"
-       height="1.0656563">
-      <feGaussianBlur
-         stdDeviation="2.2606587"
-         id="feGaussianBlur1403" />
-    </filter>
-  </defs>
-  <metadata
-     id="metadata5">
-    <rdf:RDF>
-      <cc:Work
-         rdf:about="">
-        <dc:format>image/svg+xml</dc:format>
-        <dc:type
-           rdf:resource="http://purl.org/dc/dcmitype/StillImage" />
-        <dc:title>Hatchet</dc:title>
-        <dc:creator>
-          <cc:Agent>
-            <dc:title>David Lyons</dc:title>
-          </cc:Agent>
-        </dc:creator>
-        <dc:publisher>
-          <cc:Agent>
-            <dc:title>dlyons</dc:title>
-          </cc:Agent>
-        </dc:publisher>
-        <cc:license
-           rdf:resource="http://creativecommons.org/licenses/by-sa/4.0/" />
-        <dc:date>2017-05</dc:date>
-        <dc:subject>
-          <rdf:Bag>
-            <rdf:li>hatchet</rdf:li>
-            <rdf:li>ax</rdf:li>
-            <rdf:li>wood</rdf:li>
-          </rdf:Bag>
-        </dc:subject>
-        <dc:description>Hatchet</dc:description>
-      </cc:Work>
-      <cc:License
-         rdf:about="http://creativecommons.org/licenses/by-sa/4.0/">
-        <cc:permits
-           rdf:resource="http://creativecommons.org/ns#Reproduction" />
-        <cc:permits
-           rdf:resource="http://creativecommons.org/ns#Distribution" />
-        <cc:requires
-           rdf:resource="http://creativecommons.org/ns#Notice" />
-        <cc:requires
-           rdf:resource="http://creativecommons.org/ns#Attribution" />
-        <cc:permits
-           rdf:resource="http://creativecommons.org/ns#DerivativeWorks" />
-        <cc:requires
-           rdf:resource="http://creativecommons.org/ns#ShareAlike" />
-      </cc:License>
-    </rdf:RDF>
-  </metadata>
-  <g
-     transform="matrix(0.18053177,-0.14666587,0.14666587,0.18053177,-0.67884005,5.998568)"
-     id="g4514">
-    <path
-       style="fill:#d38d5f;stroke-width:0.23824416"
-       d="M 7.30405,153.7586 C 20.54927,112.215 15.59359,34.229537 16.31646,33.113187 c 0.87975,-1.35862 11.98736,-0.3859 11.70824,-0.21673 0.17326,45.22237 7.01132,84.510963 -0.71993,131.991763 l -9.29885,-5.88681 z"
-       id="rect7" />
-    <path
-       style="stroke-width:0.27389684"
-       d="m 63.328435,18.175599 c 0,0 -18.017818,8.640905 -27.631388,12.644707 -3.823279,1.592294 -7.11998,3.047871 -9.996289,4.376476 -11.35319,0.247708 -19.4479991,0.01005 -19.8799245,1.450041 l 0.01602,16.049149 c 0.1225108,1.704999 8.9933655,2.136989 19.9713905,3.333131 6.538886,4.233937 13.307605,8.532834 17.153475,10.714075 9.058079,5.13742 18.504813,7.823295 18.504813,7.823295 0,0 5.056977,-21.237215 4.911847,-31.707625 C 66.23324,32.388436 63.328435,18.175599 63.328435,18.175599 Z"
-       id="rect9" />
-    <path
-       id="path35"
-       d="m 63.328435,18.175599 c 0,0 2.905055,14.268926 3.050195,24.739336 0.14513,10.47041 -4.912098,31.651538 -4.912098,31.651538 -11.67798,-3.788669 -16.221256,-6.527691 -16.221256,-6.527691 0,0 7.434244,-7.591907 9.174294,-22.366997 1.1592,-16.80443 -4.045711,-21.40711 -4.045711,-21.40711 3.905919,-1.879065 11.01257,-5.216217 12.954576,-6.089076 z"
-       style="opacity:0.45500004;fill:#ffffff;stroke-width:0.26458335" />
-    <path
-       style="opacity:0.45500004;fill:#ffffff;stroke-width:0.26458335"
-       d="m 63.208938,17.51176 c 0,0 3.024552,14.932765 3.169692,25.403175 0.14513,10.47041 -4.912098,31.621519 -4.912098,31.621519 -1.568463,-0.523507 -1.541936,-0.491688 -1.541936,-0.491688 0,0 5.456154,-26.034461 5.211644,-30.225191 -0.0315,-4.2355 -1.218109,-20.314453 -3.453104,-24.783592 0,0 0.723943,-0.407792 1.645299,-0.860384 z"
-       id="path1427" />
-    <path
-       style="fill:#784421;stroke:none;stroke-width:0.26458335px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1"
-       d="m 7.30405,153.7586 10.40103,5.0627 c 0,0 9.14195,5.35641 9.55606,6.02467 0.41411,0.66827 -4.66818,-0.88342 -7.90926,-2.11367 -3.24108,-1.23026 -8.21159,-4.9245 -10.36004,-6.6929 -2.14844,-1.76841 -1.68779,-2.2808 -1.68779,-2.2808 z"
-       id="path1407" />
-    <path
-       id="path999"
-       d="M 7.30405,153.7586 C 17.372688,112.40594 21.015256,78.343761 17.898744,32.568697 l 3.350934,-0.138515 c 0.131707,45.014525 3.851339,79.911868 -2.025736,127.174438 z"
-       style="opacity:0.3;fill:#2b1100;stroke-width:0.20724197" />
-    <path
-       style="opacity:1;fill:#1a1a1a;stroke:none;stroke-width:0.1832249"
-       d="m 37.364038,35.560531 9.400174,-5.992052 c 4.831746,9.986754 3.508267,19.973509 -0.303231,29.960263 l -9.096943,-5.992051 z"
-       id="rect4493" />
-    <rect
-       style="opacity:1;fill:#1a1a1a;stroke:none;stroke-width:0.37082145"
-       id="rect4504"
-       width="7.4658442"
-       height="15.338916"
-       x="23.754957"
-       y="38.224262" />
-  </g>
-</svg>
diff --git a/icons/hachette128.png b/icons/hachette128.png
deleted file mode 100644
index 18816e9..0000000
Binary files a/icons/hachette128.png and /dev/null differ
diff --git a/icons/hachette16.png b/icons/hachette16.png
deleted file mode 100644
index 182ede5..0000000
Binary files a/icons/hachette16.png and /dev/null differ
diff --git a/icons/hachette32.png b/icons/hachette32.png
deleted file mode 100644
index ffaa84b..0000000
Binary files a/icons/hachette32.png and /dev/null differ
diff --git a/icons/hachette48.png b/icons/hachette48.png
deleted file mode 100644
index 1ffcd38..0000000
Binary files a/icons/hachette48.png and /dev/null differ
diff --git a/icons/hachette64.png b/icons/hachette64.png
deleted file mode 100644
index a02abb0..0000000
Binary files a/icons/hachette64.png and /dev/null differ
diff --git a/icons/haketilo.svg b/icons/haketilo.svg
new file mode 100644
index 0000000..6e8948d
--- /dev/null
+++ b/icons/haketilo.svg
@@ -0,0 +1,127 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<svg
+   xmlns:dc="http://purl.org/dc/elements/1.1/"
+   xmlns:cc="http://creativecommons.org/ns#"
+   xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
+   xmlns:svg="http://www.w3.org/2000/svg"
+   xmlns="http://www.w3.org/2000/svg"
+   width="128"
+   height="128"
+   viewBox="0 -0.6 33.866668 33.866666"
+   version="1.1"
+   id="svg8">
+  <title
+     id="title1418">Hatchet</title>
+  <defs
+     id="defs2">
+    <filter
+       style="color-interpolation-filters:sRGB"
+       id="filter994"
+       x="-0.78125864"
+       width="2.5625174"
+       y="-0.25392297"
+       height="1.5078459">
+      <feGaussianBlur
+         stdDeviation="1.7304741"
+         id="feGaussianBlur996" />
+    </filter>
+    <filter
+       style="color-interpolation-filters:sRGB"
+       id="filter1401"
+       x="-0.43681362"
+       width="1.8736273"
+       y="-0.032828163"
+       height="1.0656563">
+      <feGaussianBlur
+         stdDeviation="2.2606587"
+         id="feGaussianBlur1403" />
+    </filter>
+  </defs>
+  <metadata
+     id="metadata5">
+    <rdf:RDF>
+      <cc:Work
+         rdf:about="">
+        <dc:format>image/svg+xml</dc:format>
+        <dc:type
+           rdf:resource="http://purl.org/dc/dcmitype/StillImage" />
+        <dc:title>Hatchet</dc:title>
+        <dc:creator>
+          <cc:Agent>
+            <dc:title>David Lyons</dc:title>
+          </cc:Agent>
+        </dc:creator>
+        <dc:publisher>
+          <cc:Agent>
+            <dc:title>dlyons</dc:title>
+          </cc:Agent>
+        </dc:publisher>
+        <cc:license
+           rdf:resource="http://creativecommons.org/licenses/by-sa/4.0/" />
+        <dc:date>2017-05</dc:date>
+        <dc:subject>
+          <rdf:Bag>
+            <rdf:li>hatchet</rdf:li>
+            <rdf:li>ax</rdf:li>
+            <rdf:li>wood</rdf:li>
+          </rdf:Bag>
+        </dc:subject>
+        <dc:description>Hatchet</dc:description>
+      </cc:Work>
+      <cc:License
+         rdf:about="http://creativecommons.org/licenses/by-sa/4.0/">
+        <cc:permits
+           rdf:resource="http://creativecommons.org/ns#Reproduction" />
+        <cc:permits
+           rdf:resource="http://creativecommons.org/ns#Distribution" />
+        <cc:requires
+           rdf:resource="http://creativecommons.org/ns#Notice" />
+        <cc:requires
+           rdf:resource="http://creativecommons.org/ns#Attribution" />
+        <cc:permits
+           rdf:resource="http://creativecommons.org/ns#DerivativeWorks" />
+        <cc:requires
+           rdf:resource="http://creativecommons.org/ns#ShareAlike" />
+      </cc:License>
+    </rdf:RDF>
+  </metadata>
+  <g
+     transform="matrix(0.18053177,-0.14666587,0.14666587,0.18053177,-0.67884005,5.998568)"
+     id="g4514">
+    <path
+       style="fill:#d38d5f;stroke-width:0.23824416"
+       d="M 7.30405,153.7586 C 20.54927,112.215 15.59359,34.229537 16.31646,33.113187 c 0.87975,-1.35862 11.98736,-0.3859 11.70824,-0.21673 0.17326,45.22237 7.01132,84.510963 -0.71993,131.991763 l -9.29885,-5.88681 z"
+       id="rect7" />
+    <path
+       style="stroke-width:0.27389684"
+       d="m 63.328435,18.175599 c 0,0 -18.017818,8.640905 -27.631388,12.644707 -3.823279,1.592294 -7.11998,3.047871 -9.996289,4.376476 -11.35319,0.247708 -19.4479991,0.01005 -19.8799245,1.450041 l 0.01602,16.049149 c 0.1225108,1.704999 8.9933655,2.136989 19.9713905,3.333131 6.538886,4.233937 13.307605,8.532834 17.153475,10.714075 9.058079,5.13742 18.504813,7.823295 18.504813,7.823295 0,0 5.056977,-21.237215 4.911847,-31.707625 C 66.23324,32.388436 63.328435,18.175599 63.328435,18.175599 Z"
+       id="rect9" />
+    <path
+       id="path35"
+       d="m 63.328435,18.175599 c 0,0 2.905055,14.268926 3.050195,24.739336 0.14513,10.47041 -4.912098,31.651538 -4.912098,31.651538 -11.67798,-3.788669 -16.221256,-6.527691 -16.221256,-6.527691 0,0 7.434244,-7.591907 9.174294,-22.366997 1.1592,-16.80443 -4.045711,-21.40711 -4.045711,-21.40711 3.905919,-1.879065 11.01257,-5.216217 12.954576,-6.089076 z"
+       style="opacity:0.45500004;fill:#ffffff;stroke-width:0.26458335" />
+    <path
+       style="opacity:0.45500004;fill:#ffffff;stroke-width:0.26458335"
+       d="m 63.208938,17.51176 c 0,0 3.024552,14.932765 3.169692,25.403175 0.14513,10.47041 -4.912098,31.621519 -4.912098,31.621519 -1.568463,-0.523507 -1.541936,-0.491688 -1.541936,-0.491688 0,0 5.456154,-26.034461 5.211644,-30.225191 -0.0315,-4.2355 -1.218109,-20.314453 -3.453104,-24.783592 0,0 0.723943,-0.407792 1.645299,-0.860384 z"
+       id="path1427" />
+    <path
+       style="fill:#784421;stroke:none;stroke-width:0.26458335px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1"
+       d="m 7.30405,153.7586 10.40103,5.0627 c 0,0 9.14195,5.35641 9.55606,6.02467 0.41411,0.66827 -4.66818,-0.88342 -7.90926,-2.11367 -3.24108,-1.23026 -8.21159,-4.9245 -10.36004,-6.6929 -2.14844,-1.76841 -1.68779,-2.2808 -1.68779,-2.2808 z"
+       id="path1407" />
+    <path
+       id="path999"
+       d="M 7.30405,153.7586 C 17.372688,112.40594 21.015256,78.343761 17.898744,32.568697 l 3.350934,-0.138515 c 0.131707,45.014525 3.851339,79.911868 -2.025736,127.174438 z"
+       style="opacity:0.3;fill:#2b1100;stroke-width:0.20724197" />
+    <path
+       style="opacity:1;fill:#1a1a1a;stroke:none;stroke-width:0.1832249"
+       d="m 37.364038,35.560531 9.400174,-5.992052 c 4.831746,9.986754 3.508267,19.973509 -0.303231,29.960263 l -9.096943,-5.992051 z"
+       id="rect4493" />
+    <rect
+       style="opacity:1;fill:#1a1a1a;stroke:none;stroke-width:0.37082145"
+       id="rect4504"
+       width="7.4658442"
+       height="15.338916"
+       x="23.754957"
+       y="38.224262" />
+  </g>
+</svg>
diff --git a/icons/haketilo128.png b/icons/haketilo128.png
new file mode 100644
index 0000000..18816e9
Binary files /dev/null and b/icons/haketilo128.png differ
diff --git a/icons/haketilo16.png b/icons/haketilo16.png
new file mode 100644
index 0000000..182ede5
Binary files /dev/null and b/icons/haketilo16.png differ
diff --git a/icons/haketilo32.png b/icons/haketilo32.png
new file mode 100644
index 0000000..ffaa84b
Binary files /dev/null and b/icons/haketilo32.png differ
diff --git a/icons/haketilo48.png b/icons/haketilo48.png
new file mode 100644
index 0000000..1ffcd38
Binary files /dev/null and b/icons/haketilo48.png differ
diff --git a/icons/haketilo64.png b/icons/haketilo64.png
new file mode 100644
index 0000000..a02abb0
Binary files /dev/null and b/icons/haketilo64.png differ
diff --git a/manifest.json b/manifest.json
index ce2577e..9d34732 100644
--- a/manifest.json
+++ b/manifest.json
@@ -1,18 +1,20 @@
+// This is the manifest file of Haketilo.
+//
 // Copyright (C) 2021 Wojtek Kosior
 // Redistribution terms are gathered in the `copyright' file.
 {
     "manifest_version": 2,
-    "name": "Hachette",
-    "short_name": "Hachette",
+    "name": "Haketilo",
+    "short_name": "Haketilo",
     "version": "0.0.1",
     "author": "various",
     "description": "Control your \"Web\" browsing.",_GECKO_APPLICATIONS_
     "icons":{
-	"128": "icons/hachette128.png",
-	"64": "icons/hachette64.png",
-	"48": "icons/hachette48.png",
-	"32": "icons/hachette32.png",
-	"16": "icons/hachette16.png"
+	"128": "icons/haketilo128.png",
+	"64": "icons/haketilo64.png",
+	"48": "icons/haketilo48.png",
+	"32": "icons/haketilo32.png",
+	"16": "icons/haketilo16.png"
     },
     "permissions": [
 	"contextMenus",
@@ -29,13 +31,13 @@
     "browser_action": {
 	"browser_style": true,
 	"default_icon": {
-	    "128": "icons/hachette128.png",
-	    "64": "icons/hachette64.png",
-	    "48": "icons/hachette48.png",
-	    "32": "icons/hachette32.png",
-	    "16": "icons/hachette16.png"
+	    "128": "icons/haketilo128.png",
+	    "64": "icons/haketilo64.png",
+	    "48": "icons/haketilo48.png",
+	    "32": "icons/haketilo32.png",
+	    "16": "icons/haketilo16.png"
 	},
-	"default_title": "Hachette",
+	"default_title": "Haketilo",
 	"default_popup": "html/display-panel.html"
     },
     "options_ui": {
diff --git a/re-generate_icons.sh b/re-generate_icons.sh
index ba0c28a..e557ad0 100755
--- a/re-generate_icons.sh
+++ b/re-generate_icons.sh
@@ -4,5 +4,5 @@
 # Redistribution terms are gathered in the `copyright' file.
 
 for SIZE in 128 64 48 32 16; do
-    inkscape -z -e icons/hachette$SIZE.png -w $SIZE -h $SIZE icons/hachette.svg
+    inkscape -z -e icons/haketilo$SIZE.png -w $SIZE -h $SIZE icons/haketilo.svg
 done
-- 
cgit v1.2.3


From 212b5c8ef94c16019201a5da94f5247b30f14a9b Mon Sep 17 00:00:00 2001
From: Wojtek Kosior <koszko@koszko.org>
Date: Tue, 14 Sep 2021 19:28:54 +0200
Subject: use default settings that only contain a demo script (the rest is
 available through Hydrilla)

---
 copyright             |  2 +-
 default_settings.json | 51 +--------------------------------------------------
 2 files changed, 2 insertions(+), 51 deletions(-)

diff --git a/copyright b/copyright
index fe2aed7..de411e0 100644
--- a/copyright
+++ b/copyright
@@ -6,7 +6,7 @@ Files: *
 Copyright: 2021 Wojtek Kosior <koszko@koszko.org>
 License: GPL-3+-javascript or Alicense-1.0
 
-Files: *.sh
+Files: *.sh default_settings.json
 Copyright: 2021 Wojtek Kosior <koszko@koszko.org>
    2021 jahoti <jahoti@tilde.team>
 License: CC0
diff --git a/default_settings.json b/default_settings.json
index 44fbca0..89c59cf 100644
--- a/default_settings.json
+++ b/default_settings.json
@@ -1,50 +1 @@
-[
-    {
-	"sbandcamp": {
-	    "text": "/*\n\tCopyright © 2021 jahoti (jahoti@tilde.team)\n\t\n\tLicensed under the Apache License, Version 2.0 (the \"License\");\n\tyou may not use this file except in compliance with the License.\n\tYou may obtain a copy of the License at\n\t\n\t   http://www.apache.org/licenses/LICENSE-2.0\n\t\n\tUnless required by applicable law or agreed to in writing, software\n\tdistributed under the License is distributed on an \"AS IS\" BASIS,\n\tWITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n\tSee the License for the specific language governing permissions and\n\tlimitations under the License.\n*/\n\nvar div, player, playerBox = document.querySelector('.inline_player');\nplayerBox.innerHTML = '';\n\nfor (var track of JSON.parse(document.querySelector('[data-tralbum]').dataset.tralbum).trackinfo) {\n\tdiv = document.createElement('div');\n\tplayer = document.createElement('audio');\n\t\n\tdiv.innerText = track.title + ': ';\n\tplayer.src = track.file['mp3-128']; // Is this always available?\n\tdiv.append(player);\n\tplayerBox.append(div);\n}"
-	}
-    },
-    {
-	"sopencores": {
-	    "text":"let data = JSON.parse(document.getElementById(\"__NEXT_DATA__\").textContent);\nlet sections = {};\nfor (let h1 of document.getElementsByClassName(\"cMJCrc\")) {\n    let ul = document.createElement(\"ul\");\n    if (h1.nextElementSibling !== null)\n\th1.parentNode.insertBefore(ul, h1.nextElementSibling);\n    else\n\th1.parentNode.appendChild(ul);\n\n    sections[h1.children[1].firstChild.textContent] = ul;\n}\n\nfor (let prop of data.props.pageProps.list) {\n    let ul = sections[prop.category];\n    if (ul === undefined) {\n\tconsole.log(`unknown category \"${prop.category}\" for project \"${prop.title}\"`);\n\tcontinue;\n    }\n\n    let li = document.createElement(\"li\");\n    let a = document.createElement(\"a\");\n    a.setAttribute(\"href\", \"/projects/\" + prop.slug);\n    a.textContent = prop.title;\n\n    li.appendChild(a);\n    ul.appendChild(li);\n}\n"
-	}
-    },
-    {
-	"ssumofus (sign petition)": {
-	    "text": "/*\n\tCopyright © 2021 jahoti (jahoti@tilde.team)\n\t\n\tLicensed under the Apache License, Version 2.0 (the \"License\");\n\tyou may not use this file except in compliance with the License.\n\tYou may obtain a copy of the License at\n\t\n\t   http://www.apache.org/licenses/LICENSE-2.0\n\t\n\tUnless required by applicable law or agreed to in writing, software\n\tdistributed under the License is distributed on an \"AS IS\" BASIS,\n\tWITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n\tSee the License for the specific language governing permissions and\n\tlimitations under the License.\n*/\n\nfunction submitFormItem() {\n\tvar name, val, queryString = '', xhr = new content.XMLHttpRequest();\n\tfor (var formItem of this.querySelectorAll('select, input:not([type=\"radio\"]):not([type=\"checkbox\"])' +\n\t\t':not([type=\"submit\"]):not([type=\"reset\"])')) {\n\t\tqueryString += (queryString && '&') + formItem.name + '=' + encodeURIComponent(formItem.value);\n\t}\n\t\n\txhr.onreadystatechange = function () {\n\t\tif (this.readyState === 4) {\n\t\t\tif (this.status === 200) location.href =  JSON.parse(this.responseText).follow_up_url;\n\t\t\telse if (this.status === 422) {\n\t\t\t\tvar failMessage = [], response = JSON.parse(this.responseText);\n\t\t\t\tfor (field in response.errors) for (error of response.errors[field]) {\n\t\t\t\t\tfailMessage.push('Field \"' + field + '\" ' + error);\n\t\t\t\t}\n\t\t\t\talert(failMessage.join('\\n'));\n\t\t\t}\n\t\t\telse alert('Submission failed: response code ' + this.status);\n\t\t}\n\t}\n\t\n\txhr.open('POST', this.action, true); // Manually add the domain, as it's not properly handled in extensions\n\txhr.setRequestHeader('X-CSRF-Token', csrf);\n\txhr.setRequestHeader('X-Requested-With', 'XMLHttpRequest');\n\txhr.setRequestHeader('Content-Type', 'application/x-www-form-urlencoded');\n\txhr.send(queryString);\n\treturn false;\n}\n\n// Apply CSS as necessary\nif (notice = document.querySelector('#petition-bar-main > span')) notice.style.display = 'none'; // Hide the totally mistaken (even without this extension) anti-anti-JS warning\ndocument.querySelector('.script-dependent').style.display = 'block';\ndocument.querySelector('.button-wrapper').style.position = 'static'; // Stop the \"submit\" button obscuring the form\n\n\n\ncsrf = document.querySelector('meta[name=\"csrf-token\"]').content\nfor (var button of document.querySelectorAll('button[type=\"submit\"].button.action-form__submit-button')) button.form.onsubmit = submitFormItem;"
-	}
-    },
-    {
-	"sworldcat (library holdings)": {
-	    "text": "/*\n\tCopyright © 2021 jahoti (jahoti@tilde.team)\n\t\n\tLicensed under the Apache License, Version 2.0 (the \"License\");\n\tyou may not use this file except in compliance with the License.\n\tYou may obtain a copy of the License at\n\t\n\t   http://www.apache.org/licenses/LICENSE-2.0\n\t\n\tUnless required by applicable law or agreed to in writing, software\n\tdistributed under the License is distributed on an \"AS IS\" BASIS,\n\tWITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n\tSee the License for the specific language governing permissions and\n\tlimitations under the License.\n*/\n\nvar pathParts = location.pathname.split('/'), itemRef = pathParts[pathParts.length - 1];\n\n// Generate a function which, when invoked, loads the catalog holdings starting at i (one-indexed) focused on loc\nfunction generateGoTo(i, set_loc) {\n\treturn function () {\n\t\t; // If this is a new search, \"set_loc\" won't be set; set it\n\t\tvar xhr = new content.XMLHttpRequest(), loc = set_loc || encodeURIComponent(locInput.value);\n\t\txhr.onreadystatechange = function () {\n\t\t\tif (this.readyState === 4) {\n\t\t\t\tif (this.status === 200) {\n\t\t\t\t\tretrieved.innerHTML = this.responseText;\n\t\t\t\t\t\n\t\t\t\t\tvar i, node = document.getElementById('libslocator');\n\t\t\t\t\tnode.parentNode.removeChild(node);\n\t\t\t\t\tfor (node of retrieved.querySelectorAll('a[href^=\"javascript:findLibs(\\'\\', \"]')) {\n\t\t\t\t\t\ti = parseInt(node.href.split(',', 2)[1]);\n\t\t\t\t\t\tnode.onclick = generateGoTo(i, loc);\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t\telse alert('Search failed: response code ' + this.status);\n\t\t\t}\n\t\t}\n\t\t\n\t\txhr.open('GET', 'https://www.worldcat.org/wcpa/servlet/org.oclc.lac.ui.ajax.ServiceServlet?wcoclcnum=' + itemRef + '&start_holding='\n\t\t\t\t+ i + '&serviceCommand=holdingsdata&loc=' + loc, true);\n\t\txhr.send();\n\t\treturn false; // Make sure the browser doesn't try to submit any holding form\n\t};\n}\n\n\nvar retriever = document.querySelector('.retrieving'), retrieved = document.getElementById('donelocator');\n\nvar locForm = document.createElement('form'), locLabel = document.createElement('label'), locInput = document.createElement('input'),\n\tlocSubmit = document.createElement('input');\n\nlocForm.appendChild(locLabel);\nlocForm.appendChild(locInput);\nlocForm.appendChild(locSubmit);\n\nlocInput.name = locLabel.htmlFor = 'cat_location';\nlocInput.type = 'text';\nlocInput.required = 'yes';\nlocLabel.innerText = 'Find copies closest to: ';\nlocSubmit.value = 'Go';\nlocSubmit.type = 'submit';\nlocForm.onsubmit = generateGoTo(1);\n\nretriever.parentNode.replaceChild(locForm, retriever);"
-	}
-    },
-    {
-	"phttps://*.bandcamp.com/track/*": {
-	    "components": ["s", "bandcamp"]
-	}
-    },
-    {
-	"phttps://opencores.org/projects": {
-	    "components": ["s", "opencores"]
-	}
-    },
-    {
-	"phttps://actions.sumofus.org/a/*": {
-	    "components": ["s", "sumofus (sign petition)"],
-	}
-    },
-    {
-	"phttps://worldcat.org/title/**": {
-	    "components": ["s", "worldcat (library holdings)"]
-	}
-    },
-    {
-	"phttps://www.worldcat.org/title/**": {
-	    "components": ["s", "worldcat (library holdings)"]
-	}
-    },
-    {
-	"rhttps://api-demo.hachette-hydrilla.org": {}
-    }
-]
+[{"shaketilo demo script":{"url":"","hash":"","text":"/**\n * Haketilo demo script.\n *\n * Copyright (C) Wojtek Kosior\n * Available under the terms of Creative Commons Zero\n * <https://creativecommons.org/publicdomain/zero/1.0/legalcode>\n */\n\nconst banner = document.createElement(\"h2\");\n\nbanner.textContent = \"Hoooray! Haketilo works :D\"\n\nbanner.setAttribute(\"style\", `\\\nmargin: 1em; \\\nborder-radius: 1em 0px; \\\nbackground-color: #474; \\\npadding: 10px 20px; \\\ncolor: #eee; \\\nbox-shadow: 0 6px 8px 0 rgba(0,0,0,0.24), 0 17px 50px 0 rgba(0,0,0,0.19); \\\ndisplay: inline-block;\\\n`);\n\ndocument.body.prepend(banner);"}},{"bhaketilo demo bag":[["s","haketilo demo script"]]},{"phttps://hachette-hydrilla.org":{"components":["b","haketilo demo bag"],"allow":false}}]
\ No newline at end of file
-- 
cgit v1.2.3


From e9b6187e0c5eaa4ac5ee41aacb261ae2da208c8f Mon Sep 17 00:00:00 2001
From: Wojtek Kosior <koszko@koszko.org>
Date: Tue, 14 Sep 2021 19:29:34 +0200
Subject: bump version to 0.1

---
 manifest.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/manifest.json b/manifest.json
index 9d34732..3caa6af 100644
--- a/manifest.json
+++ b/manifest.json
@@ -6,7 +6,7 @@
     "manifest_version": 2,
     "name": "Haketilo",
     "short_name": "Haketilo",
-    "version": "0.0.1",
+    "version": "0.1",
     "author": "various",
     "description": "Control your \"Web\" browsing.",_GECKO_APPLICATIONS_
     "icons":{
-- 
cgit v1.2.3


From 960363e7dd98a724246320e49c3fbaff9d68d1bd Mon Sep 17 00:00:00 2001
From: jahoti <jahoti@tilde.team>
Date: Wed, 15 Sep 2021 00:00:00 +0000
Subject: Add default repository to default settings

---
 default_settings.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/default_settings.json b/default_settings.json
index 89c59cf..e7ea2c3 100644
--- a/default_settings.json
+++ b/default_settings.json
@@ -1 +1 @@
-[{"shaketilo demo script":{"url":"","hash":"","text":"/**\n * Haketilo demo script.\n *\n * Copyright (C) Wojtek Kosior\n * Available under the terms of Creative Commons Zero\n * <https://creativecommons.org/publicdomain/zero/1.0/legalcode>\n */\n\nconst banner = document.createElement(\"h2\");\n\nbanner.textContent = \"Hoooray! Haketilo works :D\"\n\nbanner.setAttribute(\"style\", `\\\nmargin: 1em; \\\nborder-radius: 1em 0px; \\\nbackground-color: #474; \\\npadding: 10px 20px; \\\ncolor: #eee; \\\nbox-shadow: 0 6px 8px 0 rgba(0,0,0,0.24), 0 17px 50px 0 rgba(0,0,0,0.19); \\\ndisplay: inline-block;\\\n`);\n\ndocument.body.prepend(banner);"}},{"bhaketilo demo bag":[["s","haketilo demo script"]]},{"phttps://hachette-hydrilla.org":{"components":["b","haketilo demo bag"],"allow":false}}]
\ No newline at end of file
+[{"shaketilo demo script":{"url":"","hash":"","text":"/**\n * Haketilo demo script.\n *\n * Copyright (C) Wojtek Kosior\n * Available under the terms of Creative Commons Zero\n * <https://creativecommons.org/publicdomain/zero/1.0/legalcode>\n */\n\nconst banner = document.createElement(\"h2\");\n\nbanner.textContent = \"Hoooray! Haketilo works :D\"\n\nbanner.setAttribute(\"style\", `\\\nmargin: 1em; \\\nborder-radius: 1em 0px; \\\nbackground-color: #474; \\\npadding: 10px 20px; \\\ncolor: #eee; \\\nbox-shadow: 0 6px 8px 0 rgba(0,0,0,0.24), 0 17px 50px 0 rgba(0,0,0,0.19); \\\ndisplay: inline-block;\\\n`);\n\ndocument.body.prepend(banner);"}},{"bhaketilo demo bag":[["s","haketilo demo script"]]},{"phttps://hachette-hydrilla.org":{"components":["b","haketilo demo bag"],"allow":false}},{"rhttps://api-demo.hachette-hydrilla.org":{}}]
-- 
cgit v1.2.3