From 014f2a2f4e2071c35314d67285711f0f4615266b Mon Sep 17 00:00:00 2001
From: Wojtek Kosior <koszko@koszko.org>
Date: Wed, 18 Aug 2021 17:53:57 +0200
Subject: implement smuggling via cookies instead of URL

---
 html/display-panel.js | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

(limited to 'html/display-panel.js')

diff --git a/html/display-panel.js b/html/display-panel.js
index b4d9abb..2539ded 100644
--- a/html/display-panel.js
+++ b/html/display-panel.js
@@ -16,7 +16,6 @@
  * IMPORT get_import_frame
  * IMPORT query_all
  * IMPORT CONNECTION_TYPE
- * IMPORT url_item
  * IMPORT is_privileged_url
  * IMPORT TYPE_PREFIX
  * IMPORT nice_name
@@ -60,7 +59,7 @@ async function show_page_activity_info()
 	return;
     }
 
-    tab_url = url_item(tab.url);
+    tab_url = /^([^?#]*)/.exec(tab.url)[1];
     page_url_heading.textContent = tab_url;
     if (is_privileged_url(tab_url)) {
 	show_privileged_notice_chbx.checked = true;
-- 
cgit v1.2.3


From 538376341e9a50ebd350897fe26f43c433f0ee06 Mon Sep 17 00:00:00 2001
From: Wojtek Kosior <koszko@koszko.org>
Date: Fri, 27 Aug 2021 10:01:32 +0200
Subject: enable whitelisting of `file://' protocol\n\nThis commit additionally
 also changes the semantics of triple asterisk wildcard in URL path.

---
 common/misc.js           |  12 ++--
 common/patterns.js       | 160 ++++++++++++++++++++++-------------------------
 common/settings_query.js |  27 ++++----
 content/freezer.js       |   1 +
 content/main.js          |  86 ++++++++++++++++++++++---
 content/page_actions.js  |  22 ++++---
 html/display-panel.js    |   5 +-
 7 files changed, 190 insertions(+), 123 deletions(-)

(limited to 'html/display-panel.js')

diff --git a/common/misc.js b/common/misc.js
index d6b9662..fd70f62 100644
--- a/common/misc.js
+++ b/common/misc.js
@@ -84,11 +84,13 @@ function open_in_settings(prefix, name)
     window.open(url, "_blank");
 }
 
-/* Check if url corresponds to a browser's special page */
-function is_privileged_url(url)
-{
-    return !!/^(chrome(-extension)?|moz-extension):\/\/|^about:/i.exec(url);
-}
+/*
+ * Check if url corresponds to a browser's special page (or a directory index in
+ * case of `file://' protocol).
+ */
+const privileged_reg =
+      /^(chrome(-extension)?|moz-extension):\/\/|^about:|^file:\/\/.*\/$/;
+const is_privileged_url = url => privileged_reg.test(url);
 
 /* Parse a CSP header */
 function parse_csp(csp) {
diff --git a/common/patterns.js b/common/patterns.js
index be7c650..0a322b0 100644
--- a/common/patterns.js
+++ b/common/patterns.js
@@ -5,35 +5,41 @@
  * Redistribution terms are gathered in the `copyright' file.
  */
 
-const proto_re = "[a-zA-Z]*:\/\/";
+const proto_regex = /^(\w+):\/\/(.*)$/;
+
 const domain_re = "[^/?#]+";
-const segments_re = "/[^?#]*";
-const query_re = "\\?[^#]*";
-
-const url_regex = new RegExp(`\
-^\
-(${proto_re})\
-(${domain_re})\
-(${segments_re})?\
-(${query_re})?\
-#?.*\$\
-`);
+const path_re = "[^?#]*";
+const query_re = "\\??[^#]*";
+
+const http_regex = new RegExp(`^(${domain_re})(${path_re})(${query_re}).*`);
+
+const file_regex = new RegExp(`^(${path_re}).*`);
 
 function deconstruct_url(url)
 {
-    const regex_match = url_regex.exec(url);
-    if (regex_match === null)
+    const proto_match = proto_regex.exec(url);
+    if (proto_match === null)
 	return undefined;
 
-    let [_, proto, domain, path, query] = regex_match;
+    const deco = {proto: proto_match[1]};
 
-    domain = domain.split(".");
-    let path_trailing_dash =
-	path && path[path.length - 1] === "/";
-    path = (path || "").split("/").filter(s => s !== "");
-    path.unshift("");
+    if (deco.proto === "file") {
+	deco.path = file_regex.exec(proto_match[2])[1];
+    } else {
+	const http_match = http_regex.exec(proto_match[2]);
+	if (!http_match)
+	    return undefined;
+	[deco.domain, deco.path, deco.query] = http_match.slice(1, 4);
+	deco.domain = deco.domain.split(".");
+    }
 
-    return {proto, domain, path, query, path_trailing_dash};
+    const leading_dash = deco.path[0] === "/";
+    deco.trailing_dash = deco.path[deco.path.length - 1] === "/";
+    deco.path = deco.path.split("/").filter(s => s !== "");
+    if (leading_dash || deco.path.length === 0)
+	deco.path.unshift("");
+
+    return deco;
 }
 
 /* Be sane: both arguments should be arrays of length >= 2 */
@@ -104,84 +110,70 @@ function url_matches(url, pattern)
 	return false
     }
 
-    if (pattern_deco.proto !== url_deco.proto)
-	return false;
-
-    return domain_matches(url_deco.domain, pattern_deco.domain) &&
-	path_matches(url_deco.path, url_deco.path_trailing_dash,
-		     pattern_deco.path, pattern_deco.path_trailing_dash);
+    return pattern_deco.proto === url_deco.proto &&
+	!(pattern_deco.proto === "file" && pattern_deco.trailing_dash) &&
+	!!url_deco.domain === !!pattern_deco.domain &&
+	(!url_deco.domain ||
+	 domain_matches(url_deco.domain, pattern_deco.domain)) &&
+	path_matches(url_deco.path, url_deco.trailing_dash,
+		     pattern_deco.path, pattern_deco.trailing_dash);
 }
 
-/*
- * Call callback for every possible pattern that matches url. Return when there
- * are no more patterns or callback returns false.
- */
-function for_each_possible_pattern(url, callback)
+function* each_domain_pattern(domain_segments)
 {
-    const deco = deconstruct_url(url);
-
-    if (deco === undefined) {
-	console.log("bad url format", url);
-	return;
+    for (let slice = 0; slice < domain_segments.length; slice++) {
+	const domain_part = domain_segments.slice(slice).join(".");
+	const domain_wildcards = [];
+	if (slice === 0)
+	    yield domain_part;
+	if (slice === 1)
+	    yield "*." + domain_part;
+	if (slice > 1)
+	    yield "**." + domain_part;
+	yield "***." + domain_part;
     }
+}
 
-    for (let d_slice = 0; d_slice < deco.domain.length; d_slice++) {
-	const domain_part = deco.domain.slice(d_slice).join(".");
-	const domain_wildcards = [];
-	if (d_slice === 0)
-	    domain_wildcards.push("");
-	if (d_slice === 1)
-	    domain_wildcards.push("*.");
-	if (d_slice > 0)
-	    domain_wildcards.push("**.");
-	domain_wildcards.push("***.");
-
-	for (const domain_wildcard of domain_wildcards) {
-	    const domain_pattern = domain_wildcard + domain_part;
-
-	    for (let s_slice = deco.path.length; s_slice > 0; s_slice--) {
-		const path_part = deco.path.slice(0, s_slice).join("/");
-		const path_wildcards = [];
-		if (s_slice === deco.path.length) {
-		    if (deco.path_trailing_dash)
-			path_wildcards.push("/");
-		    path_wildcards.push("");
-		}
-		if (s_slice === deco.path.length - 1 &&
-		    deco.path[s_slice] !== "*")
-		    path_wildcards.push("/*");
-		if (s_slice < deco.path.length &&
-		    (deco.path[s_slice] !== "**" ||
-		     s_slice < deco.path.length - 1))
-		    path_wildcards.push("/**");
-		if (deco.path[s_slice] !== "***" || s_slice < deco.path.length)
-		    path_wildcards.push("/***");
-
-		for (const path_wildcard of path_wildcards) {
-		    const path_pattern = path_part + path_wildcard;
-
-		    const pattern = deco.proto + domain_pattern + path_pattern;
-
-		    if (callback(pattern) === false)
-			return;
-		}
-	    }
+function* each_path_pattern(path_segments, trailing_dash)
+{
+    for (let slice = path_segments.length; slice > 0; slice--) {
+	const path_part = path_segments.slice(0, slice).join("/");
+	const path_wildcards = [];
+	if (slice === path_segments.length) {
+	    if (trailing_dash)
+		yield path_part + "/";
+	    yield path_part;
 	}
+	if (slice === path_segments.length - 1 && path_segments[slice] !== "*")
+	    yield path_part + "/*";
+	if (slice < path_segments.length - 1)
+	    yield path_part + "/**";
+	if (slice < path_segments.length - 1 ||
+	    path_segments[path_segments.length - 1] !== "***")
+	    yield path_part + "/***";
     }
 }
 
-function possible_patterns(url)
+/* Generate every possible pattern that matches url. */
+function* each_url_pattern(url)
 {
-    const patterns = [];
-    for_each_possible_pattern(url, patterns.push);
+    const deco = deconstruct_url(url);
 
-    return patterns;
+    if (deco === undefined) {
+	console.log("bad url format", url);
+	return false;
+    }
+
+    const all_domains = deco.domain ? each_domain_pattern(deco.domain) : [""];
+    for (const domain of all_domains) {
+	for (const path of each_path_pattern(deco.path, deco.trailing_dash))
+	    yield `${deco.proto}://${domain}${path}`;
+    }
 }
 
 /*
  * EXPORTS_START
  * EXPORT url_matches
- * EXPORT for_each_possible_pattern
- * EXPORT possible_patterns
+ * EXPORT each_url_pattern
  * EXPORTS_END
  */
diff --git a/common/settings_query.js b/common/settings_query.js
index e85ae63..b54e580 100644
--- a/common/settings_query.js
+++ b/common/settings_query.js
@@ -8,30 +8,25 @@
 /*
  * IMPORTS_START
  * IMPORT TYPE_PREFIX
- * IMPORT for_each_possible_pattern
+ * IMPORT each_url_pattern
  * IMPORTS_END
  */
 
-function check_pattern(storage, pattern, multiple, matched)
-{
-    const settings = storage.get(TYPE_PREFIX.PAGE, pattern);
-
-    if (settings === undefined)
-	return;
-
-    matched.push([pattern, settings]);
-
-    if (!multiple)
-	return false;
-}
-
 function query(storage, url, multiple)
 {
     const matched = [];
     const cb = p => check_pattern(storage, p, multiple, matched);
-    for_each_possible_pattern(url, cb);
+    for (const pattern of each_url_pattern(url)) {
+	const result = [pattern, storage.get(TYPE_PREFIX.PAGE, pattern)];
+	if (result[1] === undefined)
+	    continue;
+
+	if (!multiple)
+	    return result;
+	matched.push(result);
+    }
 
-    return multiple ? matched : (matched[0] || [undefined, undefined]);
+    return multiple ? matched : [undefined, undefined];
 }
 
 function query_best(storage, url)
diff --git a/content/freezer.js b/content/freezer.js
index 9dbc95e..0ea362e 100644
--- a/content/freezer.js
+++ b/content/freezer.js
@@ -49,6 +49,7 @@ function mozilla_suppress_scripts(e) {
 	console.log('Script suppressor has detached.');
 	return;
     }
+    console.log("script event", e);
     if (e.isTrusted && !e.target._hachette_payload) {
 	e.preventDefault();
 	console.log('Suppressed script', e.target);
diff --git a/content/main.js b/content/main.js
index 984b3cb..06d3bf1 100644
--- a/content/main.js
+++ b/content/main.js
@@ -10,6 +10,7 @@
  * IMPORTS_START
  * IMPORT handle_page_actions
  * IMPORT extract_signed
+ * IMPORT sign_data
  * IMPORT gen_nonce
  * IMPORT is_privileged_url
  * IMPORT mozilla_suppress_scripts
@@ -31,13 +32,13 @@ function accept_node(node, parent)
     parent.hachette_corresponding.appendChild(clone);
 }
 
-if (!is_privileged_url(document.URL)) {
-    /* Signature valid for half an hour. */
-    const min_time = new Date().getTime() - 1800 * 1000;
+function extract_cookie_policy(cookie, min_time)
+{
     let best_result = {time: -1};
     let policy = null;
     const extracted_signatures = [];
-    for (const match of document.cookie.matchAll(/hachette-(\w*)=([^;]*)/g)) {
+
+    for (const match of cookie.matchAll(/hachette-(\w*)=([^;]*)/g)) {
 	const new_result = extract_signed(...match.slice(1, 3));
 	if (new_result.fail)
 	    continue;
@@ -56,17 +57,84 @@ if (!is_privileged_url(document.URL)) {
 	policy = new_policy;
     }
 
+    return [policy, extracted_signatures];
+}
+
+function extract_url_policy(url, min_time)
+{
+    const [base_url, payload, anchor] =
+	  /^([^#]*)#?([^#]*)(#?.*)$/.exec(url).splice(1, 4);
+
+    const match = /^hachette_([^_]+)_(.*)$/.exec(payload);
+    if (!match)
+	return [null, url];
+
+    const result = extract_signed(...match.slice(1, 3));
+    if (result.fail)
+	return [null, url];
+
+    const original_url = base_url + anchor;
+    const policy = result.time < min_time ? null :
+	  JSON.parse(decodeURIComponent(result.data));
+
+    return [policy.url === original_url ? policy : null, original_url];
+}
+
+function employ_nonhttp_policy(policy)
+{
+    if (!policy.allow)
+	return;
+
+    policy.nonce = gen_nonce();
+    const [base_url, target] = /^([^#]*)(#?.*)$/.exec(policy.url).slice(1, 3);
+    const encoded_policy = encodeURIComponent(JSON.stringify(policy));
+    const payload = "hachette_" +
+	  sign_data(encoded_policy, new Date().getTime()).join("_");
+    const resulting_url = `${base_url}#${payload}${target}`;
+    location.href = resulting_url;
+    location.reload();
+}
+
+if (!is_privileged_url(document.URL)) {
+    let policy_received_callback = () => undefined;
+    let policy;
+
+    /* Signature valid for half an hour. */
+    const min_time = new Date().getTime() - 1800 * 1000;
+
+    if (/^https?:/.test(document.URL)) {
+	let signatures;
+	[policy, signatures] = extract_cookie_policy(document.cookie, min_time);
+	for (const signature of signatures)
+	    document.cookie = `hachette-${signature}=; Max-Age=-1;`;
+    } else {
+	const scheme = /^([^:]*)/.exec(document.URL)[1];
+	const known_scheme = ["file"].includes(scheme);
+
+	if (!known_scheme)
+	    console.warn(`Unknown url scheme: \`${scheme}'!`);
+
+	let original_url;
+	[policy, original_url] = extract_url_policy(document.URL, min_time);
+	history.replaceState(null, "", original_url);
+
+	if (known_scheme && !policy)
+	    policy_received_callback = employ_nonhttp_policy;
+    }
+
     if (!policy) {
-	console.warn("WARNING! Using default policy!!!");
+	console.warn("Using default policy!");
 	policy = {allow: false, nonce: gen_nonce()};
     }
 
-    for (const signature of extracted_signatures)
-	document.cookie = `hachette-${signature}=; Max-Age=-1;`;
-
-    handle_page_actions(policy.nonce);
+    handle_page_actions(policy.nonce, policy_received_callback);
 
     if (!policy.allow) {
+	if (is_mozilla) {
+	    const script = document.querySelector("script");
+	    if (script)
+		script.textContent = "throw 'blocked';\n" + script.textContent;
+	}
 	const old_html = document.documentElement;
 	const new_html = document.createElement("html");
 	old_html.replaceWith(new_html);
diff --git a/content/page_actions.js b/content/page_actions.js
index aff56b8..6a6b3a0 100644
--- a/content/page_actions.js
+++ b/content/page_actions.js
@@ -14,10 +14,13 @@
  * IMPORTS_END
  */
 
-var port;
-var loaded = false;
-var scripts_awaiting = [];
-var nonce;
+let policy_received_callback;
+/* Snapshot url early because document.URL can be changed by other code. */
+let url;
+let port;
+let loaded = false;
+let scripts_awaiting = [];
+let nonce;
 
 function handle_message(message)
 {
@@ -31,8 +34,10 @@ function handle_message(message)
 		scripts_awaiting.push(script_text);
 	}
     }
-    if (action === "settings")
+    if (action === "settings") {
 	report_settings(data);
+	policy_received_callback({url, allow: !!data[1] && data[1].allow});
+    }
 }
 
 function document_loaded(event)
@@ -56,11 +61,14 @@ function add_script(script_text)
     report_script(script_text);
 }
 
-function handle_page_actions(script_nonce) {
+function handle_page_actions(script_nonce, policy_received_cb) {
+    policy_received_callback = policy_received_cb;
+    url = document.URL;
+
     document.addEventListener("DOMContentLoaded", document_loaded);
     port = browser.runtime.connect({name : CONNECTION_TYPE.PAGE_ACTIONS});
     port.onMessage.addListener(handle_message);
-    port.postMessage({url: document.URL});
+    port.postMessage({url});
 
     nonce = script_nonce;
 }
diff --git a/html/display-panel.js b/html/display-panel.js
index 2539ded..bc190ac 100644
--- a/html/display-panel.js
+++ b/html/display-panel.js
@@ -20,7 +20,7 @@
  * IMPORT TYPE_PREFIX
  * IMPORT nice_name
  * IMPORT open_in_settings
- * IMPORT for_each_possible_pattern
+ * IMPORT each_url_pattern
  * IMPORT by_id
  * IMPORT clone_template
  * IMPORTS_END
@@ -127,7 +127,8 @@ function handle_page_change(change)
 
 function populate_possible_patterns_list(url)
 {
-    for_each_possible_pattern(url, add_pattern_to_list);
+    for (const pattern of each_url_pattern(url))
+	add_pattern_to_list(pattern);
 
     for (const [pattern, settings] of query_all(storage, url)) {
 	set_pattern_li_button_text(ensure_pattern_exists(pattern),
-- 
cgit v1.2.3


From 826b4fd80a288f13841b6f6d56cc38e2f43bbc03 Mon Sep 17 00:00:00 2001
From: Wojtek Kosior <koszko@koszko.org>
Date: Fri, 27 Aug 2021 18:01:34 +0200
Subject: start using `<template>' tag

---
 html/DOM_helpers.js     | 21 ++++++++++++++++++++-
 html/display-panel.html | 11 +++++------
 html/display-panel.js   |  5 +++--
 html/import_frame.html  |  6 +++---
 html/import_frame.js    |  3 ++-
 html/options.html       | 13 ++++++-------
 html/options_main.js    |  9 +++++----
 7 files changed, 44 insertions(+), 24 deletions(-)

(limited to 'html/display-panel.js')

diff --git a/html/DOM_helpers.js b/html/DOM_helpers.js
index 2bff966..392299f 100644
--- a/html/DOM_helpers.js
+++ b/html/DOM_helpers.js
@@ -10,9 +10,27 @@ function by_id(id)
     return document.getElementById(id);
 }
 
+const known_templates = new Map();
+
+function get_template(template_id)
+{
+    let template = known_templates.get(template_id) || null;
+    if (template)
+	return template;
+
+    for (const template_node of document.getElementsByTagName("TEMPLATE")) {
+	template = template_node.content.getElementById(template_id);
+	if (template)
+	    break;
+    }
+
+    known_templates.set(template_id, template);
+    return template;
+}
+
 function clone_template(template_id)
 {
-    const clone = document.getElementById(template_id).cloneNode(true);
+    const clone = get_template(template_id).cloneNode(true);
     const result_object = {};
     const to_process = [clone];
 
@@ -36,6 +54,7 @@ function clone_template(template_id)
 /*
  * EXPORTS_START
  * EXPORT by_id
+ * EXPORT get_template
  * EXPORT clone_template
  * EXPORTS_END
  */
diff --git a/html/display-panel.html b/html/display-panel.html
index 1b9c77b..c5b500d 100644
--- a/html/display-panel.html
+++ b/html/display-panel.html
@@ -35,19 +35,18 @@
     </style>
   </head>
   <body>
-    <!-- The invisible div below is for elements that will be cloned. -->
-    <div class="hide">
-      <li id="pattern_li_template">
+    <template>
+      <li id="pattern_li">
 	<span></span>
 	<button>View in settings</button>
       </li>
-      <li id="query_match_li_template" class="queried_pattern_match" data-template="li">
+      <li id="query_match_li" class="queried_pattern_match" data-template="li">
 	<div>
 	  <span>pattern:</span>
 	  <span class="bold" data-template="pattern"></span>
 	  <button data-template="btn">Install</button>
 	</div>
-	<div id="unrollable_component_template" data-template="unroll_container">
+	<div id="unrollable_component" data-template="unroll_container">
 	  <span data-template="component_label">payload:</span>
 	  <input type="checkbox" class="unroll_chbx" data-template="chbx"></input>
 	  <br data-template="br"/>
@@ -61,7 +60,7 @@
 	  <div data-template="unroll"></div>
 	</div>
       </li>
-    </div>
+    </template>
 
     <input id="show_install_view_chbx" type="checkbox" class="show_hide_next2"></input>
     <div id="install_view">
diff --git a/html/display-panel.js b/html/display-panel.js
index bc190ac..54b5578 100644
--- a/html/display-panel.js
+++ b/html/display-panel.js
@@ -22,6 +22,7 @@
  * IMPORT open_in_settings
  * IMPORT each_url_pattern
  * IMPORT by_id
+ * IMPORT get_template
  * IMPORT clone_template
  * IMPORTS_END
  */
@@ -73,7 +74,7 @@ async function show_page_activity_info()
 }
 
 const possible_patterns_ul = by_id("possible_patterns");
-const pattern_li_template = by_id("pattern_li_template");
+const pattern_li_template = get_template("pattern_li");
 pattern_li_template.removeAttribute("id");
 const known_patterns = new Map();
 
@@ -487,7 +488,7 @@ function show_query_successful_result(result_item, repo_url, result)
     set_appended(result_item, ul);
 
     for (const match of result) {
-	const entry_object = clone_template("query_match_li_template");
+	const entry_object = clone_template("query_match_li");
 
 	entry_object.pattern.textContent = match.pattern;
 
diff --git a/html/import_frame.html b/html/import_frame.html
index c86c3de..0511e6c 100644
--- a/html/import_frame.html
+++ b/html/import_frame.html
@@ -1,10 +1,10 @@
-<div style="display: none;">
-  <li id="import_li_template">
+<template>
+  <li id="import_li">
     <span></span>
     <input type="checkbox" style="display: inline;" checked></input>
     <span></span>
   </li>
-</div>
+</template>
 <h2> Settings import </h2>
 <input id="import_loading_radio" type="radio" name="import_window_content" class="show_next"></input>
 <span> Loading... </span>
diff --git a/html/import_frame.js b/html/import_frame.js
index 4075433..ab39702 100644
--- a/html/import_frame.js
+++ b/html/import_frame.js
@@ -9,6 +9,7 @@
  * IMPORTS_START
  * IMPORT get_remote_storage
  * IMPORT by_id
+ * IMPORT get_template
  * IMPORT nice_name
  * IMPORT make_once
  * IMPORTS_END
@@ -16,7 +17,7 @@
 
 let storage;
 
-const import_li_template = by_id("import_li_template");
+const import_li_template = get_template("import_li");
 import_li_template.removeAttribute("id");
 
 function import_li_id(prefix, item)
diff --git a/html/options.html b/html/options.html
index 2246f9a..81ab002 100644
--- a/html/options.html
+++ b/html/options.html
@@ -78,27 +78,26 @@
     </style>
   </head>
   <body>
-    <!-- The invisible div below is for elements that will be cloned. -->
-    <div class="hide">
-      <li id="item_li_template">
+    <template>
+      <li id="item_li">
 	<span></span>
 	<button> Edit </button>
 	<button> Remove </button>
 	<button> Export </button>
       </li>
-      <li id="bag_component_li_template">
+      <li id="bag_component_li">
 	<span></span>
 	<button> Remove </button>
       </li>
-      <li id="chbx_component_li_template">
+      <li id="chbx_component_li">
 	<input type="checkbox" style="display: inline;"></input>
 	<span></span>
       </li>
-      <li id="radio_component_li_template">
+      <li id="radio_component_li">
 	<input type="radio" style="display: inline;" name="page_components"></input>
 	<span></span>
       </li>
-    </div>
+    </template>
 
     <!-- Mind the show_*s ids below - their format is assumed in js code -->
     <input type="radio" name="tabs" id="show_repos"></input>
diff --git a/html/options_main.js b/html/options_main.js
index 830c860..825728e 100644
--- a/html/options_main.js
+++ b/html/options_main.js
@@ -13,6 +13,7 @@
  * IMPORT list_prefixes
  * IMPORT nice_name
  * IMPORT parse_json_with_schema
+ * IMPORT get_template
  * IMPORT by_id
  * IMPORT matchers
  * IMPORT get_import_frame
@@ -21,10 +22,10 @@
 
 var storage;
 
-const item_li_template = by_id("item_li_template");
-const bag_component_li_template = by_id("bag_component_li_template");
-const chbx_component_li_template = by_id("chbx_component_li_template");
-const radio_component_li_template = by_id("radio_component_li_template");
+const item_li_template = get_template("item_li");
+const bag_component_li_template = get_template("bag_component_li");
+const chbx_component_li_template = get_template("chbx_component_li");
+const radio_component_li_template = get_template("radio_component_li");
 /* Make sure they are later cloned without id. */
 item_li_template.removeAttribute("id");
 bag_component_li_template.removeAttribute("id");
-- 
cgit v1.2.3


From 453ba03962ececcdff9264bea606b7bc488c1803 Mon Sep 17 00:00:00 2001
From: Wojtek Kosior <koszko@koszko.org>
Date: Wed, 1 Sep 2021 11:45:06 +0200
Subject: add styling for popup page\n\nThis does not include styling for
 contents of the import dialog

---
 copyright               |   4 +
 html/DOM_helpers.js     |   2 +-
 html/back_button.css    |  50 +++++++
 html/base.css           |  22 ++-
 html/display-panel.html | 365 ++++++++++++++++++++++++++++++++++++++----------
 html/display-panel.js   | 174 ++++++++++++-----------
 html/import_frame.html  |   1 -
 html/options.html       |  95 +++----------
 html/options_main.js    |   8 +-
 html/table.css          |  46 ++++++
 10 files changed, 532 insertions(+), 235 deletions(-)
 create mode 100644 html/back_button.css
 create mode 100644 html/table.css

(limited to 'html/display-panel.js')

diff --git a/copyright b/copyright
index 75be239..58993a6 100644
--- a/copyright
+++ b/copyright
@@ -31,6 +31,10 @@ Files: *.html README.txt copyright
 Copyright: 2021 Wojtek Kosior <koszko@koszko.org>
 License: GPL-3+ or Alicense-1.0 or CC-BY-SA-4.0
 
+Files: html/*.css
+Copyright: 2021 Wojtek Kosior <koszko@koszko.org>
+License: GPL-3+ or Alicense-1.0 or CC-BY-SA-4.0
+
 Files: html/base.css
 Copyright: 2021 Wojtek Kosior <koszko@koszko.org>
    2021 Nicholas Johnson <nicholasjohnson@posteo.org>
diff --git a/html/DOM_helpers.js b/html/DOM_helpers.js
index 392299f..01e2be9 100644
--- a/html/DOM_helpers.js
+++ b/html/DOM_helpers.js
@@ -42,7 +42,7 @@ function clone_template(template_id)
 	    result_object[template_key] = element;
 
 	element.removeAttribute("id");
-	element.removeAttribute("template_key");
+	element.removeAttribute("data-template");
 
 	for (const child of element.children)
 	    to_process.push(child);
diff --git a/html/back_button.css b/html/back_button.css
new file mode 100644
index 0000000..1ddc5da
--- /dev/null
+++ b/html/back_button.css
@@ -0,0 +1,50 @@
+/**
+ * part of Hachette
+ * Style for a "back" button with a CSS arrow image.
+ *
+ * Copyright (C) 2021 Wojtek Kosior
+ * Redistribution terms are gathered in the `copyright' file.
+ */
+
+.back_button {
+    display: block;
+    width: auto;
+    height: auto;
+    background-color: white;
+    border: solid #454 0.4em;
+    border-left: none;
+    border-radius: 0 1.5em 1.5em 0;
+    cursor: pointer;
+}
+
+.back_button:hover {
+    box-shadow: 0 6px 8px 0 rgba(0,0,0,0.24), 0 17px 50px 0 rgba(0,0,0,0.19);
+}
+
+.back_button>div, .back_arrow {
+    width: 2em;
+    height: 0.5em;
+    background-color: #4CAF50;
+    border-radius: 0.3em;
+    margin: 1.15em 0.4em;
+}
+
+.back_button>div::after, .back_arrow::after,
+.back_button>div::before, .back_arrow::before {
+    content: "";
+    display: block;
+    position: relative;
+    background-color: inherit;
+    width: 1.3em;
+    height: 0.5em;
+    transform: rotate(45deg);
+    border-radius: 0.3em;
+    top: 0.3em;
+    right: 0.2em;
+    margin: 0 -1.3em -0.5em 0;
+}
+
+.back_button>div::before, .back_arrow::before {
+    transform: rotate(-45deg);
+    top: -0.3em;
+}
diff --git a/html/base.css b/html/base.css
index 91fd953..0b9c7d3 100644
--- a/html/base.css
+++ b/html/base.css
@@ -6,8 +6,11 @@
  * Redistribution terms are gathered in the `copyright' file.
  */
 
-html {
+body {
     font-family: sans-serif;
+    background-color: #f0f0f0;
+    color: #555;
+    overflow: auto;
 }
 
 textarea {
@@ -18,6 +21,10 @@ input[type="checkbox"], input[type="radio"], .hide {
     display: none;
 }
 
+.camouflage {
+    visibility: hidden;
+}
+
 .show_next:not(:checked)+* {
     display: none;
 }
@@ -42,6 +49,8 @@ button, .button {
     margin: 2px 0px;
     -moz-user-select: none;
     user-select: none;
+    cursor: pointer;
+    font: 400 15px sans-serif;
 }
 
 button.slimbutton, .button.slimbutton {
@@ -64,3 +73,14 @@ aside {
 textarea: {
     resize: none;
 }
+
+.has_bottom_line::after, .has_upper_line::before {
+    content: "";
+    display: block;
+    height: 8px;
+    background: linear-gradient(transparent, #555);
+}
+
+.has_bottom_line::after {
+    background: linear-gradient(#555, transparent);
+}
diff --git a/html/display-panel.html b/html/display-panel.html
index cbd7dc8..4121c30 100644
--- a/html/display-panel.html
+++ b/html/display-panel.html
@@ -9,117 +9,336 @@
     <title>Hachette - page settings</title>
     <link type="text/css" rel="stylesheet" href="reset.css" />
     <link type="text/css" rel="stylesheet" href="base.css" />
+    <link type="text/css" rel="stylesheet" href="back_button.css" />
+    <link type="text/css" rel="stylesheet" href="table.css" />
     <style>
       body {
-	  width: 300px;
-	  height: 300px;
+	  width: max-content;
+	  width: -moz-max-content;
       }
 
-      ul {
-	  padding-inline-start: 15px;
+      .bold, h2 {
+	  font-weight: bold;
       }
 
-      .bold {
-	  font-weight: bold;
+      h2 {
+	  margin: 8px;
+	  font-size: 120%;
+      }
+
+      .top>h2 {
+	  padding-left: calc(0.8*3.2em - 8px);
+      }
+
+      .top {
+	  line-height: calc(0.8*3.6em - 16px);
       }
 
-      .unroll_chbx:not(:checked)+*+label span.triangle:first-child+span.triangle,
-      .unroll_chbx:checked+*+label span.triangle:first-child,
-      .unroll_chbx:not(:checked)+*,
-      .unroll_chbx:not(:checked)+*+label+* {
+      #main_view>.top>h2 {
+	  padding-left: 0;
+      }
+
+      h3 {
+	  padding: 5px;
+	  font-size: 108%;
+	  text-shadow: 0 0 0 #454;
+      }
+
+      .unroll_chbx:not(:checked)+div>:not(:first-child) {
 	  display: none;
       }
 
+      .unroll_triangle {
+	  height: 1em;
+	  width: 1em;
+	  display: inline-block;
+      }
+
+      .unroll_triangle::after {
+	  content: "";
+	  width: 0.6em;
+	  height: 0.6em;
+	  background: linear-gradient(-45deg, currentColor 50%, transparent 50%);
+	  display: block;
+	  position: relative;
+	  transform: rotate(-45deg);
+	  top: 0.3em;
+      }
+
+      .unroll_chbx:checked+div>:first-child .unroll_triangle::after {
+	  transform: rotate(45deg);
+	  left: 0.2em;
+	  top: 0.2em;
+      }
+
+      .unroll_chbx:checked+div>:first-child .unroll_block {
+	  display: block;
+      }
+
+      .unroll_chbx:checked+div>:first-child {
+	  line-height: 1.4em;
+      }
+
+      .l2_ul {
+	  border-left: solid #454 5px;
+      }
+
+      .l1_li {
+	  margin-top: 0.3em;
+	  margin-bottom: 0.3em;
+      }
+
+      .l1_li>div {
+	  padding: 0.3em 0.3em 0.3em 0;
+      }
+
+      .l2_li {
+	  padding: 0.3em;
+      }
+
+      #container_for_injected>*:nth-child(odd),
+      .l2_li:nth-child(odd) {
+	  background-color: #e5e5e5;
+      }
+
       #container_for_injected>#none_injected:not(:last-child) {
 	  display: none;
       }
+
+      #page_url_heading>span {
+	  display: inline-block;
+      }
+
+      .back_button {
+	  position: fixed;
+	  z-index: 1;
+	  top: 0;
+	  left: 0;
+	  /* The following scales the entire button. */
+	  font-size: 80%;
+      }
+
+      #show_main_view_radio:checked~.back_button {
+	  margin-left: -3.2em;
+      }
+
+      #show_main_view_radio:not(:checked)~.back_button {
+	  transition: all 0.2s ease-out;
+      }
+
+      pre {
+	  font-family: monospace;
+	  background-color: white;
+	  border-top: dashed #4CAF50 1px;
+	  border-bottom: dashed #4CAF50 1px;
+	  padding: 1px 5px;
+      }
+
+      .matched_pattern {
+	  font-weight: bold;
+      }
+
+      tr.matched_pattern~tr {
+	  color: #777;
+	  font-size: 90%;
+      }
+
+      .padding_inline {
+	  padding-left: 5px;
+	  padding-right: 5px;
+      }
+
+      .header {
+	  border-bottom: dashed #4CAF50 1px;
+	  padding-bottom: 0.3em;
+	  margin-bottom: 0.5em;
+	  text-align: center;
+      }
+
+      .middle {
+	  margin-top: 0.5em;
+	  margin-bottom: 0.5em;
+      }
+
+      .footer {
+	  border-top: dashed #4CAF50 1px;
+	  padding-top: 0.3em;
+	  margin-top: 0.5em;
+	  text-align: center;
+      }
+
+      .active_setting_table {
+	  margin-bottom: 0.5em;
+      }
+
+      .active_setting_table td {
+	  padding: 5px;
+	  vertical-align: middle;
+      }
     </style>
   </head>
   <body>
     <template>
-      <li id="pattern_li">
-	<span></span>
-	<button>View in settings</button>
-      </li>
-      <li id="query_match_li" class="queried_pattern_match" data-template="li">
+      <tr id="pattern_entry" data-template="entry">
+	<td data-template="name"></td>
+	<td>
+	  <div class="button" data-template="button">Add setting</div>
+	</td>
+      </tr>
+
+      <li id="query_match_li" class="l2_li" data-template="li">
 	<div>
 	  <span>pattern:</span>
 	  <span class="bold" data-template="pattern"></span>
-	  <button data-template="btn">Install</button>
+	  <label class="button slimbutton" for="show_install_view_radio" data-template="btn">
+	    Install
+	  </label>
 	</div>
 	<div id="unrollable_component" data-template="unroll_container">
-	  <span data-template="component_label">payload:</span>
 	  <input type="checkbox" class="unroll_chbx" data-template="chbx"></input>
-	  <br data-template="br"/>
-	  <label class="bold" data-template="lbl">
-	    <span data-template="triangle">
-	      <span class="triangle">&#x23F5;</span>
-	      <span class="triangle">&#x23F7;</span>
+	  <div>
+	    <span>payload:
+	      <label class="bold unroll_block" data-template="lbl">
+		<div data-template="triangle" class="unroll_triangle"></div>
+		<span data-template="payload"></span>
+	      </label>
 	    </span>
-	    <span data-template="component"></span>
+	    <div data-template="unroll"></div>
+	  </div>
+	</div>
+      </li>
+
+      <div id="injected_script" data-template="div">
+	<input type="checkbox" class="unroll_chbx" data-template="chbx"></input>
+	<div>
+	  <label data-template="lbl">
+	    <h3><div class="unroll_triangle"></div> script</h3>
 	  </label>
-	  <div data-template="unroll"></div>
+	  <pre data-template="script_contents"></pre>
+	</div>
+      </div>
+
+      <div id="multi_repos_query_result" data-template="div">
+	Results for <span class="bold" data-template="url_span"></span>
+	<ul class="l1_ul" data-template="ul"></ul>
+      </div>
+
+      <li id="single_repo_query_result" class="l1_li" data-template="li">
+	<div>
+	  From <span class="bold" data-template="repo_url"></span>
 	</div>
       </li>
+
+      <ul id="result_patterns_list" class="l2_ul" data-template="ul">
+      </ul>
     </template>
 
-    <input id="show_install_view_chbx" type="checkbox" class="show_hide_next2"></input>
+    <input id="show_install_view_radio" type="radio" class="show_next" name="current_view"></input>
     <div id="install_view">
+      <div class="top has_bottom_line"><h2> Site modifiers install </h2></div>
       <IMPORT html/import_frame.html />
-      <!--
-	  <div id="install_status"></div>
-	  <label for="show_install_chbx" class="bold">Cancel install</label>
-	  <button id="commit_install_but">Commit install</button>
-      -->
     </div>
-    <div id="main_view">
-      <h2 id="page_url_heading"></h2>
-
-      <input id="show_privileged_notice_chbx" type="checkbox" class="show_next"></input>
-      <h3>Privileged page</h3>
-
-      <input id="show_page_state_chbx" type="checkbox" class="show_next"></input>
-      <div>
-	<input id="possible_patterns_chbx" type="checkbox" class="unroll_chbx"></input>
-	<span></span>
-	<label for="possible_patterns_chbx">
-	  <h3>
-	    <span class="triangle">&#x23F5;</span>
-	    <span class="triangle">&#x23F7;</span>
-	    Possible patterns
-	  </h3>
-	</label>
-	<ul id="possible_patterns"></ul>
-
-	<input id="connected_chbx" type="checkbox" class="show_hide_next2"></input>
+
+    <input id="show_injected_view_radio" type="radio" class="show_next" name="current_view"></input>
+    <div id="injected_view">
+      <div class="top has_bottom_line"><h2>Injected scripts</h2></div>
+      <div id="container_for_injected">
+	<span id="none_injected">None</span>
+      </div>
+    </div>
+
+    <input id="show_patterns_view_radio" type="radio" class="show_next" name="current_view"></input>
+    <div>
+      <div class="top has_bottom_line"><h2>Possible patterns for this page</h2></div>
+      <div class="padding_inline">
+	<aside>
+	  Patterns higher are more specific and override the ones below.
+	</aside>
+      </div>
+      <div class="table_wrapper">
 	<div>
-	  Matched pattern: <span id="pattern" class="bold">...</span>
-	  <button id="view_pattern" class="hide">
-	    View in settings
-	  </button>
-	  <br/>
-	  Blocked: <span id="blocked" class="bold">...</span>
-	  <br/>
-	  Payload: <span id="payload" class="bold">...</span>
-	  <button id="view_payload" class="hide">
-	    View in settings
-	  </button>
-	  <h3>Injected</h3>
-	  <div id="container_for_injected">
-	    <span id="none_injected">None</span>
+	  <table>
+	    <tbody id="possible_patterns">
+	    </tbody>
+	  </table>
+	</div>
+      </div>
+    </div>
+
+    <input id="show_queried_view_radio" type="radio" class="show_next" name="current_view"></input>
+    <div>
+      <div class="top has_bottom_line"><h2>Queried from repositories</h2></div>
+      <div id="container_for_repo_responses" class="padding_inline">
+      </div>
+    </div>
+
+    <input id="show_main_view_radio" type="radio" class="show_next" name="current_view" checked></input>
+    <div id="main_view">
+      <div class="top has_bottom_line"><h2 id="page_url_heading"></h2></div>
+      <h3 id="privileged_notice" class="middle hide">Privileged page</h3>
+
+      <div id="page_state" class="hide">
+	<div class="header padding_inline">
+	  <label for="show_patterns_view_radio" class="button">
+	    Edit settings for this page
+	  </label>
+	</div>
+	<div class="middle padding_inline">
+	  <input id="connected_chbx" type="checkbox" class="show_hide_next2"></input>
+	  <div>
+	    <table class="active_setting_table">
+	      <tbody>
+		<tr>
+		  <td>Matched pattern:</td>
+		  <td id="pattern" class="bold">...</td>
+		  <td>
+		    <button id="view_pattern" class="hide">
+		      View in settings
+		    </button>
+		  </td>
+		</tr>
+		<tr>
+		  <td>Scripts blocked:</td>
+		  <td id="blocked" class="bold">...</td>
+		  <td></td>
+		</tr>
+		<tr>
+		  <td>Injected payload:</td>
+		  <td id="payload" class="bold">...</td>
+		  <td id="payload_buttons" class="hide">
+		    <button id="view_payload"> View in settings </button>
+		    <br/>
+		    <label id="view_injected" class="button" for="show_injected_view_radio">
+		      View injected scripts
+		    </label>
+		  </td>
+		</tr>
+	      </tbody>
+	    </table>
+	    <label id="query_pattern" for="show_queried_view_radio" class="button">
+	      Install scripts for this page
+	    </label>
 	  </div>
-	  <input id="query_started_chbx" type="checkbox" class="show_hide_next2"></input>
-	  <div id="container_for_repo_responses">
-	    <h3>Queried from repositories</h3>
+	  <div>
+	    <h3>
+	      Connecting to content script..<span id="loading_point">.</span>
+	    </h3>
+	    <aside id="reload_notice">
+	      Try reloading the page.
+	    </aside>
 	  </div>
-	  <button id="query_pattern">
-	    Search for matching patterns
-	  </button>
 	</div>
-	<h3>Trying to connect..<input id="loading_chbx" type="checkbox" class="show_next"></input><span>.</span></h3>
       </div>
 
-      <button id="settings_but" type="button" style="margin-top: 20px;">Settings</button>
-    </div>_POPUPSCRIPTS_
+      <div class="footer padding_inline">
+	<button id="settings_but" type="button">
+	  Open Hachette settings
+	</button>
+      </div>
+    </div>
+
+    <div class="has_upper_line"></div>
+
+    <label for="show_main_view_radio" class="back_button"><div></div></label>_POPUPSCRIPTS_
   </body>
 </html>
diff --git a/html/display-panel.js b/html/display-panel.js
index 54b5578..0c89864 100644
--- a/html/display-panel.js
+++ b/html/display-panel.js
@@ -20,6 +20,7 @@
  * IMPORT TYPE_PREFIX
  * IMPORT nice_name
  * IMPORT open_in_settings
+ * IMPORT url_matches
  * IMPORT each_url_pattern
  * IMPORT by_id
  * IMPORT get_template
@@ -30,6 +31,16 @@
 let storage;
 let tab_url;
 
+/* Force popup <html>'s reflow on stupid Firefox. */
+if (is_mozilla) {
+    const reflow_forcer =
+	  () => document.documentElement.style.width = "-moz-fit-content";
+    for (const radio of document.querySelectorAll('[name="current_view"]'))
+	radio.addEventListener("change", reflow_forcer);
+}
+
+const show_queried_view_radio = by_id("show_queried_view_radio");
+
 const tab_query = {currentWindow: true, active: true};
 
 async function get_current_tab()
@@ -48,8 +59,21 @@ async function get_current_tab()
 }
 
 const page_url_heading = by_id("page_url_heading");
-const show_privileged_notice_chbx = by_id("show_privileged_notice_chbx");
-const show_page_state_chbx = by_id("show_page_state_chbx");
+const privileged_notice = by_id("privileged_notice");
+const page_state = by_id("page_state");
+
+/* Helper functions to convert string into a list of one-letter <span>'s. */
+function char_to_span(char, doc)
+{
+    const span = document.createElement("span");
+    span.textContent = char;
+    return span;
+}
+
+function to_spans(string, doc=document)
+{
+    return string.split("").map(c => char_to_span(c, doc));
+}
 
 async function show_page_activity_info()
 {
@@ -61,69 +85,65 @@ async function show_page_activity_info()
     }
 
     tab_url = /^([^?#]*)/.exec(tab.url)[1];
-    page_url_heading.textContent = tab_url;
+    to_spans(tab_url).forEach(s => page_url_heading.append(s));
     if (is_privileged_url(tab_url)) {
-	show_privileged_notice_chbx.checked = true;
+	privileged_notice.classList.remove("hide");
 	return;
     }
 
     populate_possible_patterns_list(tab_url);
-    show_page_state_chbx.checked = true;
+    page_state.classList.remove("hide");
 
     try_to_connect(tab.id);
 }
 
-const possible_patterns_ul = by_id("possible_patterns");
-const pattern_li_template = get_template("pattern_li");
-pattern_li_template.removeAttribute("id");
+const possible_patterns_list = by_id("possible_patterns");
 const known_patterns = new Map();
 
 function add_pattern_to_list(pattern)
 {
-    const li = pattern_li_template.cloneNode(true);
-    li.id = `pattern_li_${known_patterns.size}`;
-    known_patterns.set(pattern, li.id);
+    const template = clone_template("pattern_entry");
+    template.name.textContent = pattern;
 
-    const span = li.firstElementChild;
-    span.textContent = pattern;
-
-    const button = span.nextElementSibling;
     const settings_opener = () => open_in_settings(TYPE_PREFIX.PAGE, pattern);
-    button.addEventListener("click", settings_opener);
+    template.button.addEventListener("click", settings_opener);
 
-    possible_patterns_ul.appendChild(li)
+    known_patterns.set(pattern, template);
+    possible_patterns_list.append(template.entry);
 
-    return li.id;
+    return template;
 }
 
 function ensure_pattern_exists(pattern)
 {
-    let id = known_patterns.get(pattern);
+    let entry_object = known_patterns.get(pattern);
     /*
      * As long as pattern computation works well, we should never get into this
      * conditional block. This is just a safety measure. To be removed as part
      * of a bigger rework when we start taking iframes into account.
      */
-    if (id === undefined) {
+    if (entry_object === undefined) {
 	console.log(`unknown pattern: ${pattern}`);
-	id = add_pattern_to_list(pattern);
+	entry_object = add_pattern_to_list(pattern);
     }
 
-    return id;
+    return entry_object;
 }
 
-function set_pattern_li_button_text(li_id, text)
+function style_possible_pattern_entry(pattern, exists_in_settings)
 {
-    by_id(li_id).firstElementChild.nextElementSibling.textContent = text;
+    const [text, class_action] = exists_in_settings ?
+	  ["Edit", "add"] : ["Add", "remove"];
+    const entry_object = ensure_pattern_exists(pattern);
+
+    entry_object.button.textContent = `${text} setting`;
+    entry_object.entry.classList[class_action]("matched_pattern");
 }
 
 function handle_page_change(change)
 {
-    const li_id = ensure_pattern_exists(change.item);
-    if (change.old_val === undefined)
-	set_pattern_li_button_text(li_id, "Edit in settings");
-    if (change.new_val === undefined)
-	set_pattern_li_button_text(li_id, "Add setting");
+    if (url_matches(tab_url, change.item))
+        style_possible_pattern_entry(change.item, change.new_val !== undefined);
 }
 
 function populate_possible_patterns_list(url)
@@ -131,10 +151,8 @@ function populate_possible_patterns_list(url)
     for (const pattern of each_url_pattern(url))
 	add_pattern_to_list(pattern);
 
-    for (const [pattern, settings] of query_all(storage, url)) {
-	set_pattern_li_button_text(ensure_pattern_exists(pattern),
-				   "Edit in settings");
-    }
+    for (const [pattern, settings] of query_all(storage, url))
+	style_possible_pattern_entry(pattern, true);
 
     storage.add_change_listener(handle_page_change, [TYPE_PREFIX.PAGE]);
 }
@@ -160,17 +178,16 @@ function try_to_connect(tab_id)
 	setTimeout(() => monitor_connecting(tab_id), 1000);
 }
 
-const query_started_chbx = by_id("query_started_chbx");
-
-function start_querying_repos(port)
+function start_querying_repos()
 {
+    query_pattern_but.removeEventListener("click", start_querying_repos);
     const repo_urls = storage.get_all_names(TYPE_PREFIX.REPO);
     if (content_script_port)
 	content_script_port.postMessage([TYPE_PREFIX.URL, tab_url, repo_urls]);
-    query_started_chbx.checked = true;
 }
 
-const loading_chbx = by_id("loading_chbx");
+const loading_point = by_id("loading_point");
+const reload_notice = by_id("reload_notice");
 
 function handle_disconnect(tab_id, button_cb)
 {
@@ -184,7 +201,9 @@ function handle_disconnect(tab_id, button_cb)
     if (connected_chbx.checked)
 	return;
 
-    loading_chbx.checked = !loading_chbx.checked;
+    loading_point.classList.toggle("camouflage");
+    reload_notice.classList.remove("hide");
+
     setTimeout(() => try_to_connect(tab_id), 1000);
 }
 
@@ -198,7 +217,8 @@ function monitor_connecting(tab_id)
     else
 	return;
 
-    loading_chbx.checked = !loading_chbx.checked;
+    loading_point.classList.toggle("camouflage");
+    reload_notice.classList.remove("hide");
     try_to_connect(tab_id);
 }
 
@@ -206,11 +226,15 @@ const pattern_span = by_id("pattern");
 const view_pattern_but = by_id("view_pattern");
 const blocked_span = by_id("blocked");
 const payload_span = by_id("payload");
+const payload_buttons_div = by_id("payload_buttons");
 const view_payload_but = by_id("view_payload");
+const view_injected_but = by_id("view_injected");
 const container_for_injected = by_id("container_for_injected");
 
 const queried_items = new Map();
 
+let max_injected_script_id = 0;
+
 function handle_activity_report(message)
 {
     connected_chbx.checked = true;
@@ -236,25 +260,22 @@ function handle_activity_report(message)
 	const components = settings.components;
 	if (components) {
 	    payload_span.textContent = nice_name(...components);
+	    payload_buttons_div.classList.remove("hide");
 	    const settings_opener = () => open_in_settings(...components);
-	    view_payload_but.classList.remove("hide");
 	    view_payload_but.addEventListener("click", settings_opener);
 	} else {
 	    payload_span.textContent = "none";
 	}
     }
     if (type === "script") {
-	const h4 = document.createElement("h4");
-	const pre = document.createElement("pre");
-	h4.textContent = "script";
-	pre.textContent = data;
-
-	container_for_injected.appendChild(h4);
-	container_for_injected.appendChild(pre);
+	const template = clone_template("injected_script");
+	const chbx_id = `injected_script_${max_injected_script_id++}`;
+	template.chbx.id = chbx_id;
+	template.lbl.setAttribute("for", chbx_id);
+	template.script_contents.textContent = data;
+	container_for_injected.appendChild(template.div);
     }
     if (type === "repo_query_action") {
-	query_started_chbx.checked = true;
-
 	const key = data.prefix + data.item;
 	const results = queried_items.get(key) || {};
 	Object.assign(results, data.results);
@@ -274,35 +295,26 @@ const results_lists = new Map();
 
 function create_results_list(url)
 {
-    const list_div = document.createElement("div");
-    const list_head = document.createElement("h4");
-    const list = document.createElement("ul");
+    const cloned_template = clone_template("multi_repos_query_result");
+    cloned_template.url_span.textContent = url;
+    container_for_repo_responses.appendChild(cloned_template.div);
 
-    list_head.textContent = url;
-    list_div.appendChild(list_head);
-    list_div.appendChild(list);
-    container_for_repo_responses.appendChild(list_div);
+    cloned_template.by_repo = new Map();
+    results_lists.set(url, cloned_template);
 
-    const list_object = {list, by_repo: new Map()};
-
-    results_lists.set(url, list_object);
-
-    return list_object;
+    return cloned_template;
 }
 
 function create_result_item(list_object, repo_url, result)
 {
-    const result_li = document.createElement("li");
-    const repo_url_span = document.createElement("span");
-    const result_item = {result_li, appended: null};
-
-    repo_url_span.textContent = repo_url;
-    result_li.appendChild(repo_url_span);
+    const cloned_template = clone_template("single_repo_query_result");
+    cloned_template.repo_url.textContent = repo_url;
+    cloned_template.appended = null;
 
-    list_object.list.appendChild(result_li);
-    list_object.by_repo.set(repo_url, result_item);
+    list_object.ul.appendChild(cloned_template.li);
+    list_object.by_repo.set(repo_url, cloned_template);
 
-    return result_item;
+    return cloned_template;
 }
 
 function set_appended(result_item, element)
@@ -310,7 +322,7 @@ function set_appended(result_item, element)
     if (result_item.appended)
 	result_item.appended.remove();
     result_item.appended = element;
-    result_item.result_li.appendChild(element);
+    result_item.li.appendChild(element);
 }
 
 function show_message(result_item, text)
@@ -333,11 +345,9 @@ function unroll_chbx_first_checked(entry_object)
     entry_object.chbx.removeEventListener("change", entry_object.unroll_cb);
     delete entry_object.unroll_cb;
 
-    entry_object.unroll.textContent = "preview not implemented...";
+    entry_object.unroll.innerHTML = "preview not implemented...<br />(consider contributing)";
 }
 
-const show_install_chbx = by_id("show_install_view_chbx");
-
 let import_frame;
 let install_target = null;
 
@@ -463,7 +473,6 @@ function record_fetched_install_dep(prefix, item, repo_url, result)
 
 function install_clicked(entry_object)
 {
-    show_install_chbx.checked = true;
     import_frame.show_loading();
 
     install_target = {
@@ -483,25 +492,24 @@ var max_query_result_id = 0;
 
 function show_query_successful_result(result_item, repo_url, result)
 {
-    const ul = document.createElement("ul");
-
-    set_appended(result_item, ul);
+    const cloned_ul_template = clone_template("result_patterns_list");
+    set_appended(result_item, cloned_ul_template.ul);
 
     for (const match of result) {
 	const entry_object = clone_template("query_match_li");
 
 	entry_object.pattern.textContent = match.pattern;
 
-	ul.appendChild(entry_object.li);
+	cloned_ul_template.ul.appendChild(entry_object.li);
 
 	if (!match.payload) {
 	    entry_object.payload.textContent = "(none)";
-	    for (const key of ["chbx", "br", "triangle", "unroll"])
+	    for (const key of ["chbx", "triangle", "unroll"])
 		entry_object[key].remove();
 	    continue;
 	}
 
-	entry_object.component.textContent = nice_name(...match.payload);
+	entry_object.payload.textContent = nice_name(...match.payload);
 
 	const install_cb = () => install_clicked(entry_object);
 	entry_object.btn.addEventListener("click", install_cb);
@@ -544,7 +552,7 @@ async function main()
 {
     storage = await get_remote_storage();
     import_frame = await get_import_frame();
-    import_frame.onclose = () => show_install_chbx.checked = false;
+    import_frame.onclose = () => show_queried_view_radio.checked = true;
     show_page_activity_info();
 }
 
diff --git a/html/import_frame.html b/html/import_frame.html
index 0511e6c..835977d 100644
--- a/html/import_frame.html
+++ b/html/import_frame.html
@@ -5,7 +5,6 @@
     <span></span>
   </li>
 </template>
-<h2> Settings import </h2>
 <input id="import_loading_radio" type="radio" name="import_window_content" class="show_next"></input>
 <span> Loading... </span>
 <input id="import_failed_radio" type="radio" name="import_window_content" class="show_next"></input>
diff --git a/html/options.html b/html/options.html
index e0c3c23..13a8973 100644
--- a/html/options.html
+++ b/html/options.html
@@ -9,11 +9,9 @@
     <title>Hachette options</title>
     <link type="text/css" rel="stylesheet" href="reset.css" />
     <link type="text/css" rel="stylesheet" href="base.css" />
+    <link type="text/css" rel="stylesheet" href="table.css" />
     <style>
       body {
-	  background-color: #f0f0f0;
-	  color: #555;
-	  overflow: auto;
 	  width: 100%;
       }
 
@@ -37,6 +35,10 @@
 	  font-size: 130%;
 	  padding: 10px;
 	  display: inline-block;
+	  cursor: pointer;
+      }
+
+      #tab_heads {
 	  -moz-user-select: none;
 	  user-select: none;
       }
@@ -49,13 +51,6 @@
 	  border-radius: 0;
       }
 
-      #tab_heads::after {
-	  display: block;
-	  height: 8px;
-	  content: "";
-	  background: linear-gradient(#555, transparent);
-      }
-
       div.tab {
 	  min-width: 50vw;
 	  width: fit-content;
@@ -86,77 +81,36 @@
 	  width: fit-content;
       }
 
-      div.ul_container {
-	  background-color: #f0f0f0;
-	  width: -moz-fit-content;
-	  width: fit-content;
-	  margin: 6px 0;
-      }
-
-      div.ul_container::after, div.ul_container::before {
-	  display: block;
-	  height: 6px;
-	  content: "";
-	  background: linear-gradient(transparent, #555);
-      }
-
-      div.ul_container::after {
-	  background: linear-gradient(#555, transparent);
-      }
-
-      .work_li div.ul_container::before {
+      .work_li .table_wrapper::before {
 	  background: linear-gradient(#e0f0f0, #555);
       }
 
-      .work_li div.ul_container::after {
+      .work_li .table_wrapper::after {
 	  background: linear-gradient(#555, #e0f0f0);
       }
 
-      div.ul_container>.always_scrollbar{
+      .table_wrapper>.always_scrollbar{
 	  border-left: solid #454 8px;
 	  max-height: 80vh;
 	  overflow-y: scroll;
       }
 
-      div.ul_container table {
-	  border-collapse: unset;
-      }
-
-      div.ul_container, div.ul_container>*, div.ul_container table>tbody {
-	  width: -moz-min-content;
-	  width: min-content;
-      }
-
-      div.ul_container div.ul_container>.always_scrollbar,
-      .popup_frame div.ul_container>.always_scrollbar {
+      .table_wrapper .table_wrapper>.always_scrollbar,
+      .popup_frame .table_wrapper>.always_scrollbar {
 	  max-height: 60vh;
       }
 
-      .popup_frame div.ul_container table {
+      .popup_frame .table_wrapper table {
 	  min-width: 30vw;
       }
 
-      .popup_frame div.ul_container {
+      .popup_frame .table_wrapper {
 	  margin: 0 auto;
       }
 
-      tr:nth-child(odd) {
-	  background-color: #e5e5e5;
-      }
-
-      td {
-	  vertical-align: middle;
-	  min-width: fit-content;
-	  min-width: -moz-fit-content;
-	  width: 1%;
-      }
-
       tr>td:first-child {
-	  padding: 3px 10px 6px;
 	  max-width: 70vw;
 	  overflow: hidden;
-	  width: 100%;
-	  white-space: nowrap;
       }
 
       tr.work_li>td:first-child {
@@ -198,14 +152,6 @@
 	  min-width: 70vw;
 	  resize: none;
       }
-
-      td>div.button {
-	  margin-right: 4px;
-      }
-
-      input[type="radio"]:not(:checked)+.import_window_content {
-	  display: none;
-      }
     </style>
   </head>
   <body>
@@ -239,7 +185,7 @@
     <input type="radio" name="tabs" id="show_pages" checked></input>
     <input type="radio" name="tabs" id="show_bags"></input>
     <input type="radio" name="tabs" id="show_scripts"></input>
-    <div id="tab_heads">
+    <div id="tab_heads" class="has_bottom_line">
       <label for="show_repos" id="repos_lbl"> Repos </label>
       <label for="show_pages" id="pages_lbl"> Pages </label>
       <label for="show_bags" id="bags_lbl"> Bags </label>
@@ -247,7 +193,7 @@
       <button id="import_but" style="margin-left: 40px;"> Import </button>
     </div>
     <div id="repos" class="tab">
-      <div class="ul_container">
+      <div class="table_wrapper tight_table has_bottom_line has_upper_line">
 	<div>
 	  <table>
 	    <tbody id="repos_ul">
@@ -270,7 +216,7 @@
       <button id="add_repo_but" type="button"> Add repository </button>
     </div>
     <div id="pages" class="tab">
-      <div class="ul_container">
+      <div class="table_wrapper tight_table has_bottom_line has_upper_line">
 	<div>
 	  <table>
 	    <tbody id="pages_ul">
@@ -304,7 +250,7 @@
       <button id="add_page_but" type="button"> Add page </button>
     </div>
     <div id="bags" class="tab">
-      <div class="ul_container">
+      <div class="table_wrapper tight_table has_bottom_line has_upper_line">
 	<div>
 	  <table>
 	    <tbody id="bags_ul">
@@ -313,7 +259,7 @@
 		  <div class="form_grid">
 		    <label for="bag_name_field"> Name: </label>
 		    <input id="bag_name_field"></input>
-		    <div class="ul_container">
+		    <div class="table_wrapper tight_table has_bottom_line has_upper_line">
 		      <div>
 			<table>
 			  <tbody id="bag_components_ul">
@@ -341,7 +287,7 @@
       <button id="add_bag_but" type="button"> Add bag </button>
     </div>
     <div id="scripts" class="tab">
-      <div class="ul_container">
+      <div class="table_wrapper tight_table has_bottom_line has_upper_line">
 	<div>
 	  <table>
 	    <tbody id="scripts_ul">
@@ -375,7 +321,7 @@
 
     <div id="chbx_components_window" class="hide popup" position="absolute">
       <div class="popup_frame">
-	<div class="ul_container">
+	<div class="table_wrapper tight_table has_bottom_line has_upper_line">
 	  <div>
 	    <table>
 	      <tbody id="chbx_components_ul">
@@ -390,7 +336,7 @@
 
     <div id="radio_components_window" class="hide popup" position="absolute">
       <div class="popup_frame">
-	<div class="ul_container">
+	<div class="table_wrapper tight_table has_bottom_line has_upper_line">
 	  <div class="always_scrollbar">
 	    <table>
 	      <tbody id="radio_components_ul">
@@ -411,6 +357,7 @@
 
     <div id="import_window" class="hide popup" position="absolute">
       <div class="popup_frame">
+	<h2> Settings import </h2>
 	<IMPORT html/import_frame.html />
       </div>
     </div>
diff --git a/html/options_main.js b/html/options_main.js
index 8067fe7..03505a5 100644
--- a/html/options_main.js
+++ b/html/options_main.js
@@ -77,8 +77,12 @@ function add_li(prefix, item, at_the_end=false)
 	    break;
 	}
     }
-    if (!li.parentElement)
-	ul.ul.appendChild(li);
+    if (!li.parentElement) {
+	if (ul.work_li !== ul.ul.lastElementChild)
+	    ul.ul.appendChild(li);
+	else
+	    ul.work_li.before(li);
+    }
 
     list_set_scrollbar(ul.ul);
 }
diff --git a/html/table.css b/html/table.css
new file mode 100644
index 0000000..6296f83
--- /dev/null
+++ b/html/table.css
@@ -0,0 +1,46 @@
+.table_wrapper {
+    display: block;
+    background-color: #f0f0f0;
+    margin: 6px 0;
+}
+
+.table_wrapper table {
+    border-collapse: unset;
+    width: 100%;
+}
+
+.table_wrapper.tight_table,
+.table_wrapper.tight_table>*,
+.table_wrapper.tight_table>*>table {
+    width: -moz-min-content;
+    width: min-content;
+}
+
+tr:nth-child(odd) {
+    background-color: #e5e5e5;
+}
+
+td {
+    vertical-align: middle;
+    min-width: fit-content;
+    min-width: -moz-fit-content;
+}
+
+.tight_table td {
+    width: 1%;
+}
+
+td:first-child {
+    padding: 3px 10px 6px;
+    white-space: nowrap;
+}
+
+.tight_table td:first-child {
+    width: 100%;
+}
+
+td>div.button {
+    margin-right: 4px;
+    white-space: nowrap;
+    float: right;
+}
-- 
cgit v1.2.3


From 4b59dced912fb9b50ff041c67f0f72cbbad56b6c Mon Sep 17 00:00:00 2001
From: Wojtek Kosior <koszko@koszko.org>
Date: Wed, 1 Sep 2021 14:14:51 +0200
Subject: add styling to settings install(import) dialog

---
 html/base.css           | 19 +++++++++++++
 html/display-panel.html | 27 +++++-------------
 html/display-panel.js   |  1 -
 html/import_frame.html  | 33 +++++++++++++++++-----
 html/import_frame.js    | 74 +++++++++++++++++++++++--------------------------
 html/options.html       | 20 ++++++-------
 html/options_main.js    |  6 +++-
 html/table.css          |  1 -
 8 files changed, 102 insertions(+), 79 deletions(-)

(limited to 'html/display-panel.js')

diff --git a/html/base.css b/html/base.css
index 0b9c7d3..94b3f31 100644
--- a/html/base.css
+++ b/html/base.css
@@ -13,6 +13,21 @@ body {
     overflow: auto;
 }
 
+.bold, h2 {
+    font-weight: bold;
+}
+
+h2 {
+    margin: 8px;
+    font-size: 120%;
+}
+
+h3 {
+    padding: 5px;
+    font-size: 108%;
+    text-shadow: 0 0 0 #454;
+}
+
 textarea {
     font-family: monospace;
 }
@@ -84,3 +99,7 @@ textarea: {
 .has_bottom_line::after {
     background: linear-gradient(#555, transparent);
 }
+
+.nowrap {
+    white-space: nowrap;
+}
diff --git a/html/display-panel.html b/html/display-panel.html
index 4121c30..0806f26 100644
--- a/html/display-panel.html
+++ b/html/display-panel.html
@@ -17,15 +17,6 @@
 	  width: -moz-max-content;
       }
 
-      .bold, h2 {
-	  font-weight: bold;
-      }
-
-      h2 {
-	  margin: 8px;
-	  font-size: 120%;
-      }
-
       .top>h2 {
 	  padding-left: calc(0.8*3.2em - 8px);
       }
@@ -38,12 +29,6 @@
 	  padding-left: 0;
       }
 
-      h3 {
-	  padding: 5px;
-	  font-size: 108%;
-	  text-shadow: 0 0 0 #454;
-      }
-
       .unroll_chbx:not(:checked)+div>:not(:first-child) {
 	  display: none;
       }
@@ -179,7 +164,7 @@
   </head>
   <body>
     <template>
-      <tr id="pattern_entry" data-template="entry">
+      <tr id="pattern_entry" class="nowrap" data-template="entry">
 	<td data-template="name"></td>
 	<td>
 	  <div class="button" data-template="button">Add setting</div>
@@ -236,7 +221,9 @@
     <input id="show_install_view_radio" type="radio" class="show_next" name="current_view"></input>
     <div id="install_view">
       <div class="top has_bottom_line"><h2> Site modifiers install </h2></div>
-      <IMPORT html/import_frame.html />
+      <div class="padding_inline">
+	<IMPORT html/import_frame.html />
+      </div>
     </div>
 
     <input id="show_injected_view_radio" type="radio" class="show_next" name="current_view"></input>
@@ -288,7 +275,7 @@
 	  <div>
 	    <table class="active_setting_table">
 	      <tbody>
-		<tr>
+		<tr class="nowrap">
 		  <td>Matched pattern:</td>
 		  <td id="pattern" class="bold">...</td>
 		  <td>
@@ -297,12 +284,12 @@
 		    </button>
 		  </td>
 		</tr>
-		<tr>
+		<tr class="nowrap">
 		  <td>Scripts blocked:</td>
 		  <td id="blocked" class="bold">...</td>
 		  <td></td>
 		</tr>
-		<tr>
+		<tr class="nowrap">
 		  <td>Injected payload:</td>
 		  <td id="payload" class="bold">...</td>
 		  <td id="payload_buttons" class="hide">
diff --git a/html/display-panel.js b/html/display-panel.js
index 0c89864..bd210c1 100644
--- a/html/display-panel.js
+++ b/html/display-panel.js
@@ -23,7 +23,6 @@
  * IMPORT url_matches
  * IMPORT each_url_pattern
  * IMPORT by_id
- * IMPORT get_template
  * IMPORT clone_template
  * IMPORTS_END
  */
diff --git a/html/import_frame.html b/html/import_frame.html
index 835977d..e6db205 100644
--- a/html/import_frame.html
+++ b/html/import_frame.html
@@ -1,12 +1,21 @@
+<style>
+  .padding_right {
+      padding-right: 0.3em;
+  }
+</style>
 <template>
-  <li id="import_li">
-    <span></span>
-    <input type="checkbox" style="display: inline;" checked></input>
-    <span></span>
-  </li>
+  <tr id="import_entry" class="nowrap" data-template="entry">
+    <td>
+      <input type="checkbox" style="display: inline;" checked data-template="chbx"></input>
+      <span data-template="name_span"></span>
+    </td>
+    <td class="bold padding_right" data-template="warning"></td>
+  </tr>
 </template>
+
 <input id="import_loading_radio" type="radio" name="import_window_content" class="show_next"></input>
 <span> Loading... </span>
+
 <input id="import_failed_radio" type="radio" name="import_window_content" class="show_next"></input>
 <div>
   <span id="import_errormsg"></span>
@@ -14,13 +23,23 @@
   <pre id="import_errordetail"></pre>
   <button id="import_failok_but"> OK </button>
 </div>
+
 <input id="import_selection_radio" type="radio" name="import_window_content" class="show_next"></input>
 <div>
   <button id="check_all_import_but"> Check all </button>
   <button id="uncheck_all_import_but"> Uncheck all </button>
   <button id="uncheck_colliding_import_but"> Uncheck existing </button>
-  <ul id="import_ul">
-  </ul>
+  <aside id="existing_settings_note">
+    Settings that would owerwrite existing ones are marked "!".
+  </aside>
+  <div id="import_table_wrapper" class="table_wrapper">
+    <div>
+      <table>
+	<tbody id="import_list">
+	</tbody>
+      </table>
+    </div>
+  </div>
   <button id="commit_import_but"> OK </button>
   <button id="cancel_import_but"> Cancel </button>
 </div>
diff --git a/html/import_frame.js b/html/import_frame.js
index ab39702..c0eb2f0 100644
--- a/html/import_frame.js
+++ b/html/import_frame.js
@@ -9,7 +9,7 @@
  * IMPORTS_START
  * IMPORT get_remote_storage
  * IMPORT by_id
- * IMPORT get_template
+ * IMPORT clone_template
  * IMPORT nice_name
  * IMPORT make_once
  * IMPORTS_END
@@ -17,48 +17,38 @@
 
 let storage;
 
-const import_li_template = get_template("import_li");
-import_li_template.removeAttribute("id");
-
-function import_li_id(prefix, item)
-{
-    return `ili_${prefix}_${item}`;
-}
-
-let import_ul = by_id("import_ul");
+let import_list = by_id("import_list");
 let import_chbxs_colliding = undefined;
+let entry_objects = undefined;
 let settings_import_map = undefined;
 
-function add_import_li(prefix, name)
+function add_import_entry(prefix, name)
 {
-    let li = import_li_template.cloneNode(true);
-    let name_span = li.firstElementChild;
-    let chbx = name_span.nextElementSibling;
-    let warning_span = chbx.nextElementSibling;
+    const cloned_template = clone_template("import_entry");
+    Object.assign(cloned_template, {prefix, name});
 
-    li.setAttribute("data-prefix", prefix);
-    li.setAttribute("data-name", name);
-    li.id = import_li_id(prefix, name);
-    name_span.textContent = nice_name(prefix, name);
+    cloned_template.name_span.textContent = nice_name(prefix, name);
 
     if (storage.get(prefix, name) !== undefined) {
-	import_chbxs_colliding.push(chbx);
-	warning_span.textContent = "(will overwrite existing setting!)";
+	import_chbxs_colliding.push(cloned_template.chbx);
+	cloned_template.warning.textContent = "!";
     }
 
-    import_ul.appendChild(li);
+    import_list.appendChild(cloned_template.entry);
+
+    return cloned_template;
 }
 
 function check_all_imports()
 {
-    for (let li of import_ul.children)
-	li.firstElementChild.nextElementSibling.checked = true;
+    for (const entry_object of entry_objects)
+	entry_object.chbx.checked = true;
 }
 
 function uncheck_all_imports()
 {
-    for (let li of import_ul.children)
-	li.firstElementChild.nextElementSibling.checked = false;
+    for (const entry_object of entry_objects)
+	entry_object.chbx.checked = false;
 }
 
 function uncheck_colliding_imports()
@@ -69,17 +59,13 @@ function uncheck_colliding_imports()
 
 function commit_import()
 {
-    for (let li of import_ul.children) {
-	let chbx = li.firstElementChild.nextElementSibling;
-
-	if (!chbx.checked)
+    for (const entry_object of entry_objects) {
+	if (!entry_object.chbx.checked)
 	    continue;
 
-	let prefix = li.getAttribute("data-prefix");
-	let name = li.getAttribute("data-name");
-	let key = prefix + name;
-	let value = settings_import_map.get(key);
-	storage.set(prefix, name, value);
+	const key = entry_object.prefix + entry_object.name;
+	const value = settings_import_map.get(key);
+	storage.set(entry_object.prefix, entry_object.name, value);
     }
 
     deactivate();
@@ -106,38 +92,48 @@ function show_error(errormsg, errordetail)
 }
 
 const import_selection_radio = by_id("import_selection_radio");
+const existing_settings_note = by_id("existing_settings_note");
 
 function show_selection(settings)
 {
     import_selection_radio.checked = true;
 
-    let old_children = import_ul.children;
+    let old_children = import_list.children;
     while (old_children[0] !== undefined)
-	import_ul.removeChild(old_children[0]);
+	import_list.removeChild(old_children[0]);
 
     import_chbxs_colliding = [];
+    entry_objects = [];
     settings_import_map = new Map();
 
     for (let setting of settings) {
 	let [key, value] = Object.entries(setting)[0];
 	let prefix = key[0];
 	let name = key.substring(1);
-	add_import_li(prefix, name);
+	entry_objects.push(add_import_entry(prefix, name));
 	settings_import_map.set(key, value);
     }
+
+    const op = import_chbxs_colliding.length > 0 ? "remove" : "add";
+    existing_settings_note.classList[op]("hide");
 }
 
 function deactivate()
 {
     /* Let GC free some memory */
     import_chbxs_colliding = undefined;
+    entry_objects = undefined;
     settings_import_map = undefined;
 
     if (exports.onclose)
 	exports.onclose();
 }
 
-const exports = {show_loading, show_error, show_selection, deactivate};
+const wrapper = by_id("import_table_wrapper");
+const style_table = (...cls) => cls.forEach(c => wrapper.classList.add(c));
+
+const exports =
+      {show_loading, show_error, show_selection, deactivate, style_table};
 
 async function init()
 {
diff --git a/html/options.html b/html/options.html
index 13a8973..085162c 100644
--- a/html/options.html
+++ b/html/options.html
@@ -89,14 +89,14 @@
 	  background: linear-gradient(#555, #e0f0f0);
       }
 
-      .table_wrapper>.always_scrollbar{
+      .table_wrapper.always_scrollbar>* {
 	  border-left: solid #454 8px;
 	  max-height: 80vh;
 	  overflow-y: scroll;
       }
 
-      .table_wrapper .table_wrapper>.always_scrollbar,
-      .popup_frame .table_wrapper>.always_scrollbar {
+      .table_wrapper .table_wrapper.always_scrollbar>*,
+      .popup_frame .table_wrapper.always_scrollbar>* {
 	  max-height: 60vh;
       }
 
@@ -108,7 +108,7 @@
 	  margin: 0 auto;
       }
 
-      tr>td:first-child {
+      td:first-child {
 	  max-width: 70vw;
 	  overflow: hidden;
       }
@@ -156,23 +156,23 @@
   </head>
   <body>
     <template>
-      <tr id="item_li">
+      <tr id="item_li" class="nowrap">
 	<td></td>
 	<td><div class="button"> Edit </div></td>
 	<td><div class="button"> Remove </div></td>
 	<td><div class="button"> Export </div></td>
       </tr>
-      <tr id="bag_component_li">
+      <tr id="bag_component_li" class="nowrap">
 	<td></td>
 	<td><div class="button"> Remove </div></td>
       </tr>
-      <tr id="chbx_component_li">
+      <tr id="chbx_component_li" class="nowrap">
 	<td>
 	  <input type="checkbox" style="display: inline;"></input>
 	  <span></span>
 	</td>
       </tr>
-      <tr id="radio_component_li">
+      <tr id="radio_component_li" class="nowrap">
 	<td>
 	  <input type="radio" style="display: inline;" name="page_components"></input>
 	  <span></span>
@@ -336,8 +336,8 @@
 
     <div id="radio_components_window" class="hide popup" position="absolute">
       <div class="popup_frame">
-	<div class="table_wrapper tight_table has_bottom_line has_upper_line">
-	  <div class="always_scrollbar">
+	<div class="table_wrapper tight_table always_scrollbar has_bottom_line has_upper_line">
+	  <div>
 	    <table>
 	      <tbody id="radio_components_ul">
 		<tr id="radio_component_none_li">
diff --git a/html/options_main.js b/html/options_main.js
index 03505a5..e08bdb9 100644
--- a/html/options_main.js
+++ b/html/options_main.js
@@ -37,7 +37,9 @@ function list_set_scrollbar(list_elem)
     const op = ((list_elem.children.length === 1 &&
 		 list_elem.children[0].classList.contains("hide")) ||
 		list_elem.children.length < 1) ? "remove" : "add";
-    list_elem.parentElement.parentElement.classList[op]("always_scrollbar");
+    while (!list_elem.classList.contains("table_wrapper"))
+	list_elem = list_elem.parentElement;
+    list_elem.classList[op]("always_scrollbar");
 }
 
 function item_li_id(prefix, item)
@@ -632,6 +634,8 @@ async function initialize_import_facility()
 
     import_frame = await get_import_frame();
     import_frame.onclose = hide_import_window;
+    import_frame.style_table("has_bottom_line", "always_scrollbar",
+			     "has_upper_line", "tight_table");
 }
 
 /*
diff --git a/html/table.css b/html/table.css
index 6296f83..36f88bb 100644
--- a/html/table.css
+++ b/html/table.css
@@ -32,7 +32,6 @@ td {
 
 td:first-child {
     padding: 3px 10px 6px;
-    white-space: nowrap;
 }
 
 .tight_table td:first-child {
-- 
cgit v1.2.3


From 6247f163d3ca89d5570450ac7ac8fd18f73bb74b Mon Sep 17 00:00:00 2001
From: Wojtek Kosior <koszko@koszko.org>
Date: Thu, 2 Sep 2021 18:35:49 +0200
Subject: enable toggling of global script blocking policy\n\nThis commit also
 introduces `light_storage' module which is later going to replace the storage
 code we use right now.\nAlso included is a hack to properly display
 scrollbars under Mozilla (needs testing on newer Mozilla browsers).

---
 background/main.js                |   6 +-
 background/page_actions_server.js |  11 ++--
 build.sh                          |  11 ++++
 common/observable.js              |  28 ++++-----
 common/storage_light.js           | 129 ++++++++++++++++++++++++++++++++++++++
 common/storage_raw.js             |  11 +++-
 content/main.js                   |   2 +-
 content/page_actions.js           |   2 +-
 html/MOZILLA_scrollbar_fix.css    |  46 ++++++++++++++
 html/base.css                     |   8 +++
 html/default_blocking_policy.html |  18 ++++++
 html/default_blocking_policy.js   |  47 ++++++++++++++
 html/display-panel.html           |  24 ++++---
 html/display-panel.js             |   5 +-
 html/import_frame.html            |   7 +++
 html/options.html                 |   1 +
 html/options_main.js              |   3 +
 17 files changed, 322 insertions(+), 37 deletions(-)
 create mode 100644 common/storage_light.js
 create mode 100644 html/MOZILLA_scrollbar_fix.css
 create mode 100644 html/default_blocking_policy.html
 create mode 100644 html/default_blocking_policy.js

(limited to 'html/display-panel.js')

diff --git a/background/main.js b/background/main.js
index 5d6e680..b1c252a 100644
--- a/background/main.js
+++ b/background/main.js
@@ -9,6 +9,7 @@
  * IMPORTS_START
  * IMPORT TYPE_PREFIX
  * IMPORT get_storage
+ * IMPORT light_storage
  * IMPORT start_storage_server
  * IMPORT start_page_actions_server
  * IMPORT browser
@@ -50,6 +51,7 @@ browser.runtime.onInstalled.addListener(init_ext);
 
 
 let storage;
+let policy_observable = {};
 
 function on_headers_received(details)
 {
@@ -58,7 +60,7 @@ function on_headers_received(details)
 	return;
 
     const [pattern, settings] = query_best(storage, details.url);
-    const allow = !!(settings && settings.allow);
+    const allow = !!(settings ? settings.allow : policy_observable.value);
     const nonce = gen_nonce();
     const policy = {allow, url, nonce};
 
@@ -114,6 +116,8 @@ async function start_webRequest_operations()
 	{urls: ["<all_urls>"], types: all_types},
 	extra_opts.concat("requestHeaders")
     );
+
+    policy_observable = await light_storage.observe_var("default_allow");
 }
 
 start_webRequest_operations();
diff --git a/background/page_actions_server.js b/background/page_actions_server.js
index 58a0073..b0db5f5 100644
--- a/background/page_actions_server.js
+++ b/background/page_actions_server.js
@@ -8,6 +8,7 @@
 /*
  * IMPORTS_START
  * IMPORT get_storage
+ * IMPORT light_storage
  * IMPORT TYPE_PREFIX
  * IMPORT CONNECTION_TYPE
  * IMPORT browser
@@ -20,17 +21,17 @@
 
 var storage;
 var handler;
+let policy_observable;
 
 function send_actions(url, port)
 {
-    const [pattern, settings] = query_best(storage, url);
+    let [pattern, settings] = query_best(storage, url);
+    if (!settings)
+	settings = {allow: policy_observable && policy_observable.value};
     const repos = storage.get_all(TYPE_PREFIX.REPO);
 
     port.postMessage(["settings", [pattern, settings, repos]]);
 
-    if (settings === undefined)
-	return;
-
     let components = settings.components;
     let processed_bags = new Set();
 
@@ -127,6 +128,8 @@ async function start_page_actions_server()
     storage = await get_storage();
 
     listen_for_connection(CONNECTION_TYPE.PAGE_ACTIONS, new_connection);
+
+    policy_observable = await light_storage.observe_var("default_allow");
 }
 
 /*
diff --git a/build.sh b/build.sh
index 31f3dec..0659ed1 100755
--- a/build.sh
+++ b/build.sh
@@ -291,6 +291,17 @@ EOF
     cp html/*.css $BUILDDIR/html
     mkdir $BUILDDIR/icons
     cp icons/*.png $BUILDDIR/icons
+
+    if [ "$BROWSER" = "chromium" ]; then
+	for MOZILLA_FILE in $(find $BUILDDIR -name "MOZILLA_*"); do
+	    echo > "$MOZILLA_FILE"
+	done
+    fi
+    if [ "$BROWSER" = "mozilla" ]; then
+	for CHROMIUM_FILE in $(find $BUILDDIR -name "CHROMIUM_*"); do
+	    echo > "$CHROMIUM_FILE"
+	done
+    fi
 }
 
 main "$@"
diff --git a/common/observable.js b/common/observable.js
index 1fb0b0a..02f1c1b 100644
--- a/common/observable.js
+++ b/common/observable.js
@@ -6,28 +6,22 @@
  * Redistribution terms are gathered in the `copyright' file.
  */
 
-function make()
-{
-    return new Set();
-}
+const make = (value=undefined) => ({value, listeners: new Set()});
+const subscribe = (observable, cb) => observable.listeners.add(cb);
+const unsubscribe = (observable, cb) => observable.listeners.delete(cb);
 
-function subscribe(observable, cb)
-{
-    observable.add(cb);
-}
-
-function unsubscribe(observable, cb)
-{
-    observable.delete(cb);
-}
+const silent_set = (observable, value) => observable.value = value;
+const broadcast = (observable, ...values) =>
+      observable.listeners.forEach(cb => cb(...values));
 
-function broadcast(observable, event)
+function set(observable, value)
 {
-    for (const callback of observable)
-	callback(event);
+    const old_value = observable.value;
+    silent_set(observable, value);
+    broadcast(observable, value, old_value);
 }
 
-const observables = {make, subscribe, unsubscribe, broadcast};
+const observables = {make, subscribe, unsubscribe, broadcast, silent_set, set};
 
 /*
  * EXPORTS_START
diff --git a/common/storage_light.js b/common/storage_light.js
new file mode 100644
index 0000000..067bf0c
--- /dev/null
+++ b/common/storage_light.js
@@ -0,0 +1,129 @@
+/**
+ * part of Hachette
+ * Storage manager, lighter than the previous one.
+ *
+ * Copyright (C) 2021 Wojtek Kosior
+ * Redistribution terms are gathered in the `copyright' file.
+ */
+
+/*
+ * IMPORTS_START
+ * IMPORT TYPE_PREFIX
+ * IMPORT raw_storage
+ * IMPORT is_mozilla
+ * IMPORT observables
+ */
+
+const reg_spec = new Set(["\\", "[", "]", "(", ")", "{", "}", ".", "*", "+"]);
+const escape_reg_special = c => reg_spec.has(c) ? "\\" + c : c;
+
+function make_regex(name)
+{
+    return new RegExp(`^${name.split("").map(escape_reg_special).join("")}\$`);
+}
+
+const listeners_by_callback = new Map();
+
+function listen(callback, prefix, name)
+{
+    let by_prefix = listeners_by_callback.get(callback);
+    if (!by_prefix) {
+	by_prefix = new Map();
+	listeners_by_callback.set(callback, by_prefix);
+    }
+
+    let by_name = by_prefix.get(prefix);
+    if (!by_name) {
+	by_name = new Map();
+	by_prefix.set(prefix, by_name);
+    }
+
+    let name_reg = by_name.get(name);
+    if (!name_reg) {
+	name_reg = name.test ? name : make_regex(name);
+	by_name.set(name, name_reg);
+    }
+}
+
+function no_listen(callback, prefix, name)
+{
+    const by_prefix = listeners_by_callback.get(callback);
+    if (!by_prefix)
+	return;
+
+    const by_name = by_prefix.get(prefix);
+    if (!by_name)
+	return;
+
+    const name_reg = by_name.get(name);
+    if (!name_reg)
+	return;
+
+    by_name.delete(name);
+
+    if (by_name.size === 0)
+	by_prefix.delete(prefix);
+
+    if (by_prefix.size === 0)
+	listeners_by_callback.delete(callback);
+}
+
+function storage_change_callback(changes, area)
+{
+    if (is_mozilla && area !== "local")
+    {console.log("area", area);return;}
+
+    for (const item of Object.keys(changes)) {
+	for (const [callback, by_prefix] of listeners_by_callback.entries()) {
+	    const by_name = by_prefix.get(item[0]);
+	    if (!by_name)
+		continue;
+
+	    for (const reg of by_name.values()) {
+		if (!reg.test(item.substring(1)))
+		    continue;
+
+		try {
+		    callback(item, changes[item]);
+		} catch(e) {
+		    console.error(e);
+		}
+	    }
+	}
+    }
+}
+
+raw_storage.listen(storage_change_callback);
+
+
+const created_observables = new Map();
+
+async function observe(prefix, name)
+{
+    const observable = observables.make();
+    const callback = (it, ch) => observables.set(observable, ch.newValue);
+    listen(callback, prefix, name);
+    created_observables.set(observable, [callback, prefix, name]);
+    observables.silent_set(observable, await raw_storage.get(prefix + name));
+
+    return observable;
+}
+
+const observe_var = name => observe(TYPE_PREFIX.VAR, name);
+
+function no_observe(observable)
+{
+    no_listen(...created_observables.get(observable) || []);
+    created_observables.delete(observable);
+}
+
+const light_storage = {};
+Object.assign(light_storage, raw_storage);
+Object.assign(light_storage,
+	      {listen, no_listen, observe, observe_var, no_observe});
+
+/*
+ * EXPORTS_START
+ * EXPORT light_storage
+ * EXPORTS_END
+ */
diff --git a/common/storage_raw.js b/common/storage_raw.js
index 9ce3980..4c02ee4 100644
--- a/common/storage_raw.js
+++ b/common/storage_raw.js
@@ -26,8 +26,9 @@ async function get(key)
 
 async function set(key_or_object, value)
 {
-    return browser.storage.local.set(typeof key_or_object === "object" ?
-				     key_or_object : {[key]: value});
+    const arg = typeof key_or_object === "object" ?
+	  key_or_object : {[key_or_object]: value};
+    return browser.storage.local.set(arg);
 }
 
 async function set_var(name, value)
@@ -40,7 +41,11 @@ async function get_var(name)
     return get(TYPE_PREFIX.VAR + name);
 }
 
-const raw_storage = {get, set, get_var, set_var};
+const on_changed = browser.storage.onChanged || browser.storage.local.onChanged;
+const listen = cb => on_changed.addListener(cb);
+const no_listen = cb => on_changed.removeListener(cb);
+
+const raw_storage = {get, set, get_var, set_var, listen, no_listen};
 
 /*
  * EXPORTS_START
diff --git a/content/main.js b/content/main.js
index 6c97350..17b6b98 100644
--- a/content/main.js
+++ b/content/main.js
@@ -123,7 +123,7 @@ if (!is_privileged_url(document.URL)) {
     }
 
     if (!policy) {
-	console.warn("Using default policy!");
+	console.warn("Using fallback policy!");
 	policy = {allow: false, nonce: gen_nonce()};
     }
 
diff --git a/content/page_actions.js b/content/page_actions.js
index 6a6b3a0..bf76790 100644
--- a/content/page_actions.js
+++ b/content/page_actions.js
@@ -36,7 +36,7 @@ function handle_message(message)
     }
     if (action === "settings") {
 	report_settings(data);
-	policy_received_callback({url, allow: !!data[1] && data[1].allow});
+	policy_received_callback({url, allow: data[1].allow});
     }
 }
 
diff --git a/html/MOZILLA_scrollbar_fix.css b/html/MOZILLA_scrollbar_fix.css
new file mode 100644
index 0000000..5feb7c3
--- /dev/null
+++ b/html/MOZILLA_scrollbar_fix.css
@@ -0,0 +1,46 @@
+/**
+ * Hachette
+ * Hacky fix for vertical scrollbar width being included in child's width.
+ *
+ * Copyright (C) 2021 Wojtek Kosior
+ * Redistribution terms are gathered in the `copyright' file.
+ */
+
+/*
+ * Under Mozilla browsers to avoid vertical scrollbar forcing horizontal
+ * scrollbar to appear in an element we add the `firefox_scrollbars_hacky_fix'
+ * class to an element for which width has to be reserved.
+ *
+ * This is a bit hacky and relies on some assumed width of Firefox scrollbar, I
+ * know. And must be excluded from Chromium builds.
+ *
+ * I came up with this hack when working on popup. Before that I had the
+ * scrollbar issue with tables in the options page and gave up there and made
+ * the scrollbal always visible. Now we could try applying this "fix" there,
+ * too!
+ */
+
+.firefox_scrollbars_hacky_fix {
+    font-size: 0;
+}
+
+.firefox_scrollbars_hacky_fix>div {
+    display: inline-block;
+    width: -moz-available;
+}
+
+.firefox_scrollbars_hacky_fix>*>* {
+    font-size: initial;
+}
+
+.firefox_scrollbars_hacky_fix::after {
+    content: "";
+    display: inline-block;
+    visibility: hidden;
+    font-size: initial;
+    width: 14px;
+}
+
+.firefox_scrollbars_hacky_fix.has_inline_content::after {
+    width: calc(14px - 0.3em);
+}
diff --git a/html/base.css b/html/base.css
index 94b3f31..df52f7c 100644
--- a/html/base.css
+++ b/html/base.css
@@ -100,6 +100,14 @@ textarea: {
     background: linear-gradient(#555, transparent);
 }
 
+.has_bottom_thin_line {
+    border-bottom: dashed #4CAF50 1px;
+}
+
+.has_upper_thin_line {
+    border-top: dashed #4CAF50 1px;
+}
+
 .nowrap {
     white-space: nowrap;
 }
diff --git a/html/default_blocking_policy.html b/html/default_blocking_policy.html
new file mode 100644
index 0000000..50c19ca
--- /dev/null
+++ b/html/default_blocking_policy.html
@@ -0,0 +1,18 @@
+<!--
+    Copyright (C) 2021 Wojtek Kosior
+    Redistribution terms are gathered in the `copyright' file.
+
+    This is not a standalone page. This file is meant to be imported into other
+    HTML code.
+  -->
+<style>
+  #blocking_policy_div {
+      line-height: 2em;
+  }
+</style>
+<span id="blocking_policy_span">
+  Default policy for unmatched pages is to
+  <span id="current_policy_span" class="bold"></span>
+  their own scripts.
+  <button id="toggle_policy_but">Toggle policy</button>
+</span>
diff --git a/html/default_blocking_policy.js b/html/default_blocking_policy.js
new file mode 100644
index 0000000..2f49bac
--- /dev/null
+++ b/html/default_blocking_policy.js
@@ -0,0 +1,47 @@
+/**
+ * part of Hachette
+ * Default policy dialog logic.
+ *
+ * Copyright (C) 2021 Wojtek Kosior
+ * Redistribution terms are gathered in the `copyright' file.
+ */
+
+/*
+ * IMPORTS_START
+ * IMPORT by_id
+ * IMPORT light_storage
+ * IMPORT observables
+ * IMPORTS_END
+ */
+
+/*
+ * Used with `default_blocking_policy.html' to allow user to choose whether to
+ * block scripts globally or not.
+ */
+
+const blocking_policy_span = by_id("blocking_policy_span");
+const current_policy_span = by_id("current_policy_span");
+const toggle_policy_but = by_id("toggle_policy_but");
+
+let policy_observable;
+
+const update_policy =
+      allowed => current_policy_span.textContent = allowed ? "allow" : "block";
+const toggle_policy =
+      () => light_storage.set_var("default_allow", !policy_observable.value);
+
+async function init_default_policy_dialog()
+{
+    policy_observable = await light_storage.observe_var("default_allow");
+    update_policy(policy_observable.value);
+    observables.subscribe(policy_observable, update_policy);
+
+    toggle_policy_but.addEventListener("click", toggle_policy);
+    blocking_policy_span.classList.remove("hide");
+}
+
+/*
+ * EXPORTS_START
+ * EXPORT init_default_policy_dialog
+ * EXPORTS_END
+ */
diff --git a/html/display-panel.html b/html/display-panel.html
index 0806f26..a8c52b6 100644
--- a/html/display-panel.html
+++ b/html/display-panel.html
@@ -11,10 +11,11 @@
     <link type="text/css" rel="stylesheet" href="base.css" />
     <link type="text/css" rel="stylesheet" href="back_button.css" />
     <link type="text/css" rel="stylesheet" href="table.css" />
+    <link type="text/css" rel="stylesheet" href="MOZILLA_scrollbar_fix.css" />
     <style>
       body {
 	  width: max-content;
-	  width: -moz-max-content;
+	  width: -moz-fit-content;
       }
 
       .top>h2 {
@@ -114,8 +115,6 @@
       pre {
 	  font-family: monospace;
 	  background-color: white;
-	  border-top: dashed #4CAF50 1px;
-	  border-bottom: dashed #4CAF50 1px;
 	  padding: 1px 5px;
       }
 
@@ -133,8 +132,11 @@
 	  padding-right: 5px;
       }
 
+      .padding_top {
+	  padding-top: 5px;
+      }
+
       .header {
-	  border-bottom: dashed #4CAF50 1px;
 	  padding-bottom: 0.3em;
 	  margin-bottom: 0.5em;
 	  text-align: center;
@@ -146,7 +148,6 @@
       }
 
       .footer {
-	  border-top: dashed #4CAF50 1px;
 	  padding-top: 0.3em;
 	  margin-top: 0.5em;
 	  text-align: center;
@@ -199,7 +200,7 @@
 	  <label data-template="lbl">
 	    <h3><div class="unroll_triangle"></div> script</h3>
 	  </label>
-	  <pre data-template="script_contents"></pre>
+	  <pre class="has_bottom_thin_line has_upper_thin_line" data-template="script_contents"></pre>
 	</div>
       </div>
 
@@ -242,7 +243,7 @@
 	  Patterns higher are more specific and override the ones below.
 	</aside>
       </div>
-      <div class="table_wrapper">
+      <div class="table_wrapper firefox_scrollbars_hacky_fix">
 	<div>
 	  <table>
 	    <tbody id="possible_patterns">
@@ -250,6 +251,11 @@
 	  </table>
 	</div>
       </div>
+      <div class="padding_inline padding_top has_upper_thin_line firefox_scrollbars_hacky_fix has_inline_content">
+	<span class="nowrap">
+	  <IMPORT html/default_blocking_policy.html />
+	</span>
+      </div>
     </div>
 
     <input id="show_queried_view_radio" type="radio" class="show_next" name="current_view"></input>
@@ -265,7 +271,7 @@
       <h3 id="privileged_notice" class="middle hide">Privileged page</h3>
 
       <div id="page_state" class="hide">
-	<div class="header padding_inline">
+	<div class="header padding_inline has_bottom_thin_line">
 	  <label for="show_patterns_view_radio" class="button">
 	    Edit settings for this page
 	  </label>
@@ -317,7 +323,7 @@
 	</div>
       </div>
 
-      <div class="footer padding_inline">
+      <div class="footer padding_inline has_upper_thin_line">
 	<button id="settings_but" type="button">
 	  Open Hachette settings
 	</button>
diff --git a/html/display-panel.js b/html/display-panel.js
index bd210c1..ed96c07 100644
--- a/html/display-panel.js
+++ b/html/display-panel.js
@@ -14,6 +14,7 @@
  *** temporarily, before all storage access gets reworked.
  * IMPORT get_remote_storage
  * IMPORT get_import_frame
+ * IMPORT init_default_policy_dialog
  * IMPORT query_all
  * IMPORT CONNECTION_TYPE
  * IMPORT is_privileged_url
@@ -243,7 +244,6 @@ function handle_activity_report(message)
     if (type === "settings") {
 	let [pattern, settings] = data;
 
-	settings = settings || {};
 	blocked_span.textContent = settings.allow ? "no" : "yes";
 
 	if (pattern) {
@@ -254,6 +254,7 @@ function handle_activity_report(message)
 	    view_pattern_but.addEventListener("click", settings_opener);
 	} else {
 	    pattern_span.textContent = "none";
+	    blocked_span.textContent = blocked_span.textContent + " (default)";
 	}
 
 	const components = settings.components;
@@ -549,6 +550,8 @@ by_id("settings_but")
 
 async function main()
 {
+    init_default_policy_dialog();
+
     storage = await get_remote_storage();
     import_frame = await get_import_frame();
     import_frame.onclose = () => show_queried_view_radio.checked = true;
diff --git a/html/import_frame.html b/html/import_frame.html
index e6db205..754b289 100644
--- a/html/import_frame.html
+++ b/html/import_frame.html
@@ -1,3 +1,10 @@
+<!--
+    Copyright (C) 2021 Wojtek Kosior
+    Redistribution terms are gathered in the `copyright' file.
+
+    This is not a standalone page. This file is meant to be imported into other
+    HTML code.
+  -->
 <style>
   .padding_right {
       padding-right: 0.3em;
diff --git a/html/options.html b/html/options.html
index 085162c..f2a75e1 100644
--- a/html/options.html
+++ b/html/options.html
@@ -248,6 +248,7 @@
 	</div>
       </div>
       <button id="add_page_but" type="button"> Add page </button>
+      <IMPORT html/default_blocking_policy.html />
     </div>
     <div id="bags" class="tab">
       <div class="table_wrapper tight_table has_bottom_line has_upper_line">
diff --git a/html/options_main.js b/html/options_main.js
index e08bdb9..2f4f154 100644
--- a/html/options_main.js
+++ b/html/options_main.js
@@ -17,6 +17,7 @@
  * IMPORT by_id
  * IMPORT matchers
  * IMPORT get_import_frame
+ * IMPORT init_default_policy_dialog
  * IMPORTS_END
  */
 
@@ -670,6 +671,8 @@ function jump_to_item(url_with_item)
 
 async function main()
 {
+    init_default_policy_dialog();
+
     storage = await get_remote_storage();
 
     for (let prefix of list_prefixes) {
-- 
cgit v1.2.3


From c12b9ee3535f5a4515c164b020dfc08df8f1bfbd Mon Sep 17 00:00:00 2001
From: Wojtek Kosior <koszko@koszko.org>
Date: Fri, 3 Sep 2021 19:40:45 +0200
Subject: disable payload injection on non-html pages

---
 content/activity_info_server.js | 6 ++++++
 content/main.js                 | 2 ++
 content/page_actions.js         | 9 ++++++++-
 html/display-panel.html         | 5 +++++
 html/display-panel.js           | 5 +++++
 5 files changed, 26 insertions(+), 1 deletion(-)

(limited to 'html/display-panel.js')

diff --git a/content/activity_info_server.js b/content/activity_info_server.js
index 81a25fb..beecb1a 100644
--- a/content/activity_info_server.js
+++ b/content/activity_info_server.js
@@ -44,6 +44,11 @@ function report_settings(settings)
     report_activity("settings", settings);
 }
 
+function report_content_type(content_type)
+{
+    report_activity("content_type", content_type);
+}
+
 function report_repo_query_action(update, port)
 {
     report_activity_oneshot("repo_query_action", update, port);
@@ -91,5 +96,6 @@ function start_activity_info_server()
  * EXPORT start_activity_info_server
  * EXPORT report_script
  * EXPORT report_settings
+ * EXPORT report_content_type
  * EXPORTS_END
  */
diff --git a/content/main.js b/content/main.js
index 17b6b98..da215b9 100644
--- a/content/main.js
+++ b/content/main.js
@@ -147,3 +147,5 @@ if (!is_privileged_url(document.URL)) {
 
     start_activity_info_server();
 }
+
+console.log("content script");
diff --git a/content/page_actions.js b/content/page_actions.js
index bf76790..3799afd 100644
--- a/content/page_actions.js
+++ b/content/page_actions.js
@@ -11,12 +11,14 @@
  * IMPORT browser
  * IMPORT report_script
  * IMPORT report_settings
+ * IMPORT report_content_type
  * IMPORTS_END
  */
 
 let policy_received_callback;
-/* Snapshot url early because document.URL can be changed by other code. */
+/* Snapshot url and content type early; these can be changed by other code. */
 let url;
+let is_html;
 let port;
 let loaded = false;
 let scripts_awaiting = [];
@@ -52,6 +54,9 @@ function document_loaded(event)
 
 function add_script(script_text)
 {
+    if (!is_html)
+	return;
+
     let script = document.createElement("script");
     script.textContent = script_text;
     script.setAttribute("nonce", nonce);
@@ -64,6 +69,8 @@ function add_script(script_text)
 function handle_page_actions(script_nonce, policy_received_cb) {
     policy_received_callback = policy_received_cb;
     url = document.URL;
+    is_html = /html/.test(document.contentType);
+    report_content_type(document.contentType);
 
     document.addEventListener("DOMContentLoaded", document_loaded);
     port = browser.runtime.connect({name : CONNECTION_TYPE.PAGE_ACTIONS});
diff --git a/html/display-panel.html b/html/display-panel.html
index a8c52b6..1f6beb7 100644
--- a/html/display-panel.html
+++ b/html/display-panel.html
@@ -306,6 +306,11 @@
 		    </label>
 		  </td>
 		</tr>
+		<tr>
+		  <td id="content_type" colspan="3" class="hide">
+		    This is a non-HTML page. Chosen payload will not be injected.
+		  </td>
+		</tr>
 	      </tbody>
 	    </table>
 	    <label id="query_pattern" for="show_queried_view_radio" class="button">
diff --git a/html/display-panel.js b/html/display-panel.js
index ed96c07..66e51a6 100644
--- a/html/display-panel.js
+++ b/html/display-panel.js
@@ -230,6 +230,7 @@ const payload_buttons_div = by_id("payload_buttons");
 const view_payload_but = by_id("view_payload");
 const view_injected_but = by_id("view_injected");
 const container_for_injected = by_id("container_for_injected");
+const content_type_cell = by_id("content_type");
 
 const queried_items = new Map();
 
@@ -275,6 +276,10 @@ function handle_activity_report(message)
 	template.script_contents.textContent = data;
 	container_for_injected.appendChild(template.div);
     }
+    if (type === "content_type") {
+	if (!/html/.test(data))
+	    content_type_cell.classList.remove("hide");
+    }
     if (type === "repo_query_action") {
 	const key = data.prefix + data.item;
 	const results = queried_items.get(key) || {};
-- 
cgit v1.2.3


From d141aada17154872623cddfadb224170580814e3 Mon Sep 17 00:00:00 2001
From: Wojtek Kosior <koszko@koszko.org>
Date: Sat, 4 Sep 2021 17:44:17 +0200
Subject: show appropriate message when repository returns no custom content
 for given URL

---
 html/display-panel.js | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'html/display-panel.js')

diff --git a/html/display-panel.js b/html/display-panel.js
index 66e51a6..7d801c9 100644
--- a/html/display-panel.js
+++ b/html/display-panel.js
@@ -497,6 +497,11 @@ var max_query_result_id = 0;
 
 function show_query_successful_result(result_item, repo_url, result)
 {
+    if (result.length === 0) {
+	show_message(result_item, "No results :(");
+	return;
+    }
+
     const cloned_ul_template = clone_template("result_patterns_list");
     set_appended(result_item, cloned_ul_template.ul);
 
-- 
cgit v1.2.3


From e2d26bad35bbe3876862b482f7963d713238313b Mon Sep 17 00:00:00 2001
From: Wojtek Kosior <koszko@koszko.org>
Date: Wed, 8 Sep 2021 19:55:33 +0200
Subject: Fix sanitizing of non-HTML XMLDocument's

---
 build.sh                        |   4 +-
 common/misc.js                  |   4 +-
 content/activity_info_server.js |   6 +-
 content/main.js                 | 195 ++++++++++++++++++++--------------------
 content/page_actions.js         |   6 +-
 html/display-panel.js           |   4 +-
 6 files changed, 109 insertions(+), 110 deletions(-)

(limited to 'html/display-panel.js')

diff --git a/build.sh b/build.sh
index 66f709c..478ca04 100755
--- a/build.sh
+++ b/build.sh
@@ -201,9 +201,7 @@ main() {
 
     if [ "$BROWSER" = "chromium" ]; then
 	CHROMIUM_KEY="$(dd if=/dev/urandom bs=32 count=1 2>/dev/null | base64)"
-	echo "chromium key is" $CHROMIUM_KEY
-	CHROMIUM_KEY="chromium-key-dummy-file-$CHROMIUM_KEY"
-	CHROMIUM_KEY=$(echo $CHROMIUM_KEY | tr / -);
+	CHROMIUM_KEY=$(echo chromium-key-dummy-file-$CHROMIUM_KEY | tr / -)
 	touch $BUILDDIR/$CHROMIUM_KEY
 
 	CHROMIUM_KEY="\n\
diff --git a/common/misc.js b/common/misc.js
index 91d60d2..6adaf1e 100644
--- a/common/misc.js
+++ b/common/misc.js
@@ -36,9 +36,9 @@ function Uint8toHex(data)
     return returnValue;
 }
 
-function gen_nonce(length) // Default 16
+function gen_nonce(length=16)
 {
-    let randomData = new Uint8Array(length || 16);
+    let randomData = new Uint8Array(length);
     crypto.getRandomValues(randomData);
     return Uint8toHex(randomData);
 }
diff --git a/content/activity_info_server.js b/content/activity_info_server.js
index beecb1a..1b69703 100644
--- a/content/activity_info_server.js
+++ b/content/activity_info_server.js
@@ -44,9 +44,9 @@ function report_settings(settings)
     report_activity("settings", settings);
 }
 
-function report_content_type(content_type)
+function report_document_type(is_html)
 {
-    report_activity("content_type", content_type);
+    report_activity("is_html", is_html);
 }
 
 function report_repo_query_action(update, port)
@@ -96,6 +96,6 @@ function start_activity_info_server()
  * EXPORT start_activity_info_server
  * EXPORT report_script
  * EXPORT report_settings
- * EXPORT report_content_type
+ * EXPORT report_document_type
  * EXPORTS_END
  */
diff --git a/content/main.js b/content/main.js
index a183913..fb334dd 100644
--- a/content/main.js
+++ b/content/main.js
@@ -22,6 +22,12 @@
  * IMPORTS_END
  */
 
+document.content_loaded = document.readyState === "complete";
+const wait_loaded = e => e.content_loaded ? Promise.resolve() :
+      new Promise(c => e.addEventListener("DOMContentLoaded", c, {once: true}));
+
+wait_loaded(document).then(() => document.content_loaded = true);
+
 function extract_cookie_policy(cookie, min_time)
 {
     let best_result = {time: -1};
@@ -86,18 +92,17 @@ function employ_nonhttp_policy(policy)
 }
 
 /*
+ * In the case of HTML documents:
  * 1. When injecting some payload we need to sanitize <meta> CSP tags before
  *    they reach the document.
  * 2. Only <meta> tags inside <head> are considered valid by the browser and
  *    need to be considered.
  * 3. We want to detach <html> from document, wait until its <head> completes
  *    loading, sanitize it and re-attach <html>.
- * 4. Browsers are eager to add <meta>'s that appear after `</head>' but before
- *    `<body>'. Due to this behavior the `DOMContentLoaded' event is considered
- *    unreliable (although it could still work properly, it is just problematic
- *    to verify).
- * 5. We shall wait for anything to appear in or after <body> and take that as
- *    a sign <head> has _really_ finished loading.
+ * 4. We shall wait for anything to appear in or after <body> and take that as
+ *    a sign <head> has finished loading.
+ * 5. Otherwise, getting the `DOMContentLoaded' event on the document shall also
+ *    be a sign that <head> is fully loaded.
  */
 
 function make_body_start_observer(DOM_element, waiting)
@@ -123,8 +128,10 @@ function try_body_started(waiting)
 
 function finish_waiting(waiting)
 {
+    if (waiting.finished)
+	return;
+    waiting.finished = true;
     waiting.observers.forEach(observer => observer.disconnect());
-    waiting.doc.removeEventListener("DOMContentLoaded", waiting.loaded_cb);
     setTimeout(waiting.callback, 0);
 }
 
@@ -132,19 +139,12 @@ function _wait_for_head(doc, detached_html, callback)
 {
     const waiting = {doc, detached_html, callback, observers: []};
 
-    /*
-     * For XML and SVG documents, instead of waiting for `<head>', we wait
-     * for the entire document to finish loading.
-     */
-    if (doc instanceof HTMLDocument) {
-	if (try_body_started(waiting))
-	    return;
+    if (try_body_started(waiting))
+	return;
 
-	waiting.observers = [make_body_start_observer(detached_html, waiting)];
-    }
+    waiting.observers = [make_body_start_observer(detached_html, waiting)];
 
-    waiting.loaded_cb = () => finish_waiting(waiting);
-    doc.addEventListener("DOMContentLoaded", waiting.loaded_cb);
+    wait_loaded(doc).then(() => finish_waiting(waiting));
 }
 
 function wait_for_head(doc, detached_html)
@@ -154,42 +154,43 @@ function wait_for_head(doc, detached_html)
 
 const blocked_str = "blocked";
 
-function block_attribute(node, attr)
+function block_attribute(node, attr, ns=null)
 {
+    const [hasa, geta, seta, rema] = ["has", "get", "set", "remove"]
+	  .map(m => (n, ...args) => typeof ns === "string" ?
+	       n[`${m}AttributeNS`](ns, ...args) : n[`${m}Attribute`](...args));
     /*
-     * Disabling attributes this way allows them to still be relatively
-     * easily accessed in case they contain some useful data.
+     * Disabling attributes by prepending `-blocked' allows them to still be
+     * relatively easily accessed in case they contain some useful data.
      */
     const construct_name = [attr];
-    while (node.hasAttribute(construct_name.join("")))
+    while (hasa(node, construct_name.join("")))
 	construct_name.unshift(blocked_str);
 
     while (construct_name.length > 1) {
 	construct_name.shift();
 	const name = construct_name.join("");
-	node.setAttribute(`${blocked_str}-${name}`, node.getAttribute(name));
+	seta(node, `${blocked_str}-${name}`, geta(node, name));
     }
-
-    node.removeAttribute(attr);
 }
 
 function sanitize_meta(meta, policy)
 {
-    const http_equiv = meta.getAttribute("http-equiv");
-    const value = meta.content;
+    const value = meta.content || "";
 
-    if (!value || !is_csp_header_name(http_equiv, true))
+    if (!value || !is_csp_header_name(meta.httpEquiv || "", true))
 	return;
 
     block_attribute(meta, "content");
-
-    if (is_csp_header_name(http_equiv, false))
-	meta.content = sanitize_csp_header({value}, policy).value;
 }
 
+/*
+ * Used to disable <script> that has not yet been added to live DOM (doesn't
+ * work for those already added).
+ */
 function sanitize_script(script)
 {
-    script.hachette_blocked_type = script.type;
+    script.hachette_blocked_type = script.getAttribute("type");
     script.type = "text/plain";
 }
 
@@ -201,102 +202,101 @@ function desanitize_script(script, policy)
 {
     script.setAttribute("type", script.hachette_blocked_type);
 
-    if (script.hachette_blocked_type === undefined)
+    if (script.hachette_blocked_type === null)
 	script.removeAttribute("type");
 
     delete script.hachette_blocked_type;
 }
 
-function apply_hachette_csp_rules(doc, head, policy)
-{
-    const meta = doc.createElement("meta");
-    meta.setAttribute("http-equiv", "Content-Security-Policy");
-    meta.setAttribute("content", csp_rule(policy.nonce));
-    head.append(meta);
-    /* CSP is already in effect, we can remove the <meta> now. */
-    meta.remove();
-}
-
+const bad_url_reg = /^data:([^,;]*ml|unknown-content-type)/i;
 function sanitize_urls(element)
 {
-    for (const attribute of [...element.attributes]) {
-	if (/^(href|src|data)$/i.test(attribute.localName) &&
-	    /^data:([^,;]*ml|unknown-content-type)/i.test(attribute.value))
-	    block_attribute(element, attribute.localName);
-    }
+    for (const attr of [...element.attributes || []]
+	       .filter(attr => /^(href|src|data)$/i.test(attr.localName))
+	       .filter(attr => bad_url_reg.test(attr.value)))
+	block_attribute(element, attr.localName, attr.namespaceURI);
 }
 
 function start_data_urls_sanitizing(doc)
 {
     doc.querySelectorAll("*[href], *[src], *[data]").forEach(sanitize_urls);
-    const mutation_handler = m => m.addedNodes.forEach(sanitize_urls);
-    const mo = new MutationObserver(ms => ms.forEach(mutation_handler));
-    mo.observe(doc, {childList: true, subtree: true});
+    if (!doc.content_loaded) {
+	const mutation_handler = m => m.addedNodes.forEach(sanitize_urls);
+	const mo = new MutationObserver(ms => ms.forEach(mutation_handler));
+	mo.observe(doc, {childList: true, subtree: true});
+	wait_loaded(doc).then(() => mo.disconnect());
+    }
 }
 
-function apply_intrinsics_sanitizing(root_element)
+/*
+ * Normally, we block scripts with CSP. However, Mozilla does optimizations that
+ * cause part of the DOM to be loaded when our content scripts get to run. Thus,
+ * before the CSP rules we inject (for non-HTTP pages) become effective, we need
+ * to somehow block the execution of `<script>'s and intrinsics that were
+ * already there.
+ */
+function mozilla_initial_block(doc)
 {
-    for (const subelem of root_element.querySelectorAll("*")) {
-	[...subelem.attributes]
-	    .filter(a => /^on/i.test(a.localName))
-	    .filter(a => /^javascript:/i.test(a.value))
-	    .forEach(a => block_attribute(subelem, a.localName));
-    }
+    const blocker = e => e.preventDefault();
+    doc.addEventListener("beforescriptexecute", blocker);
+    setTimeout(() => doc.removeEventListener("beforescriptexecute", blocker));
+
+    [...doc.all].flatMap(ele => [...ele.attributes].map(attr => [ele, attr]))
+	.map(([ele, attr]) => [ele, attr.localName])
+	.filter(([ele, attr]) => /^on/.test(attr) && ele.wrappedJSObject[attr])
+	.forEach(([ele, attr]) => ele.wrappedJSObject[attr] = null);
 }
 
+/*
+ * Here we block all scripts of a document which might be either and
+ * HTMLDocument or an XMLDocument. Modifying an XML document might disrupt
+ * Mozilla's XML preview. This is an unfortunate thing we have to accept for
+ * now. XML documents *have to* be sanitized as well because they might
+ * contain `<script>' tags (or on* attributes) with namespace declared as
+ * "http://www.w3.org/1999/xhtml" or "http://www.w3.org/2000/svg" which allows
+ * javascript execution.
+ */
 async function sanitize_document(doc, policy)
 {
     /*
      * Blocking of scripts that are in the DOM from the beginning. Needed for
-     * Mozilla, harmless on Chromium.
-     * Note that at least in SVG documents the `src' attr on `<script>'s seems
-     * to be ignored by Firefox, so we don't need to sanitize it.
+     * Mozilla.
      */
-    for (const script of document.getElementsByTagName("script")) {
-	const old_children = [...script.childNodes];
-	script.innerHTML = "";
-	setTimeout(() => old_children.forEach(c => script.append(c)), 0);
-    }
+    if (is_mozilla)
+	mozilla_initial_block(doc);
 
     /*
      * Ensure our CSP rules are employed from the beginning. This CSP injection
      * method is, when possible, going to be applied together with CSP rules
      * injected using webRequest.
-     * For non-HTML documents this is just a dummy operation of adding and
-     * removing `head'.
+     * Using elements namespaced as HTML makes this CSP injection also work for
+     * non-HTML documents.
      */
-    let added_head = doc.createElement("head");
-    if (!doc.head)
-	doc.documentElement.prepend(added_head);
-
-    apply_hachette_csp_rules(doc, added_head, policy);
-
-    /* Proceed with DOM in its initial state. */
-    added_head.remove();
+    const html = new DOMParser().parseFromString(`<html><head><meta \
+http-equiv="Content-Security-Policy" content="${csp_rule(policy.nonce)}"\
+/></head><body>Loading...</body></html>`, "text/html").documentElement;
 
     /*
-     * <html> node gets hijacked now, to be re-attached after <head> is loaded
+     * Root node gets hijacked now, to be re-attached after <head> is loaded
      * and sanitized.
      */
-    const old_html = doc.documentElement;
-    const new_html = doc.createElement("html");
-    old_html.replaceWith(new_html);
+    const root = doc.documentElement;
+    root.replaceWith(html);
 
-    await wait_for_head(doc, old_html);
-
-    for (const meta of old_html.querySelectorAll("head meta"))
-	sanitize_meta(meta, policy);
-
-    for (const script of old_html.querySelectorAll("script"))
-	sanitize_script(script, policy);
-
-    if (!(doc instanceof HTMLDocument))
-	apply_intrinsics_sanitizing(old_html);
+    /*
+     * For XML documents, we don't intend to inject payload, so we neither block
+     * document's CSP `<meta>' tags nor wait for `<head>' to be parsed.
+     */
+    if (document instanceof HTMLDocument) {
+	await wait_for_head(doc, root);
 
-    new_html.replaceWith(old_html);
+	root.querySelectorAll("head meta")
+	    .forEach(m => sanitize_meta(m, policy));
+    }
 
-    for (const script of old_html.querySelectorAll("script"))
-	desanitize_script(script, policy);
+    root.querySelectorAll("script").forEach(s => sanitize_script(s, policy));
+    html.replaceWith(root);
+    root.querySelectorAll("script").forEach(s => desanitize_script(s, policy));
 
     start_data_urls_sanitizing(doc);
 }
@@ -329,14 +329,15 @@ if (!is_privileged_url(document.URL)) {
     }
 
     if (!policy) {
-	console.warn("Using fallback policy!");
+	console.debug("Using fallback policy!");
 	policy = {allow: false, nonce: gen_nonce()};
     }
 
+    console.debug("current policy", policy);
+
     const doc_ready = Promise.all([
-	policy.allow ? Promise.resolve : sanitize_document(document, policy),
-	new Promise(cb => document.addEventListener("DOMContentLoaded",
-						    cb, {once: true}))
+	policy.allow ? Promise.resolve() : sanitize_document(document, policy),
+	wait_loaded(document)
     ]);
 
     handle_page_actions(policy.nonce, policy_received_callback, doc_ready);
diff --git a/content/page_actions.js b/content/page_actions.js
index 8057541..040b4ab 100644
--- a/content/page_actions.js
+++ b/content/page_actions.js
@@ -11,7 +11,7 @@
  * IMPORT browser
  * IMPORT report_script
  * IMPORT report_settings
- * IMPORT report_content_type
+ * IMPORT report_document_type
  * IMPORTS_END
  */
 
@@ -70,8 +70,8 @@ function handle_page_actions(script_nonce, policy_received_cb,
 			     doc_ready_promise) {
     policy_received_callback = policy_received_cb;
     url = document.URL;
-    is_html = /html/.test(document.contentType);
-    report_content_type(document.contentType);
+    is_html = document instanceof HTMLDocument;
+    report_document_type(is_html);
 
     doc_ready_promise.then(document_ready);
 
diff --git a/html/display-panel.js b/html/display-panel.js
index 7d801c9..623ff36 100644
--- a/html/display-panel.js
+++ b/html/display-panel.js
@@ -276,8 +276,8 @@ function handle_activity_report(message)
 	template.script_contents.textContent = data;
 	container_for_injected.appendChild(template.div);
     }
-    if (type === "content_type") {
-	if (!/html/.test(data))
+    if (type === "is_html") {
+	if (!data)
 	    content_type_cell.classList.remove("hide");
     }
     if (type === "repo_query_action") {
-- 
cgit v1.2.3


From 72cbfa74f7f30fdf60fc6ad73182ed1cca3d3712 Mon Sep 17 00:00:00 2001
From: Wojtek Kosior <koszko@koszko.org>
Date: Thu, 9 Sep 2021 20:18:01 +0200
Subject: limit allowed pattern lengths

---
 common/patterns.js    | 141 +++++++++++++++++---------------------------------
 html/display-panel.js |  28 +++-------
 2 files changed, 53 insertions(+), 116 deletions(-)

(limited to 'html/display-panel.js')

diff --git a/common/patterns.js b/common/patterns.js
index ebb55ab..ae29fcd 100644
--- a/common/patterns.js
+++ b/common/patterns.js
@@ -5,6 +5,11 @@
  * Redistribution terms are gathered in the `copyright' file.
  */
 
+const MAX_URL_PATH_LEN = 12;
+const MAX_URL_PATH_CHARS = 255;
+const MAX_DOMAIN_LEN = 7;
+const MAX_DOMAIN_CHARS = 100;
+
 const proto_regex = /^(\w+):\/\/(.*)$/;
 
 const user_re = "[^/?#@]+@"
@@ -37,103 +42,51 @@ function deconstruct_url(url)
 	[deco.domain, deco.path, deco.query] = http_match.slice(1, 4);
     }
 
-    if (deco.domain)
-	deco.domain = deco.domain.split(".");
-
     const leading_dash = deco.path[0] === "/";
     deco.trailing_dash = deco.path[deco.path.length - 1] === "/";
-    deco.path = deco.path.split("/").filter(s => s !== "");
-    if (leading_dash || deco.path.length === 0)
-	deco.path.unshift("");
 
-    return deco;
-}
+    if (deco.domain) {
+	if (deco.domain.length > MAX_DOMAIN_CHARS) {
+	    const idx = deco.domain.indexOf(".", deco.domain.length -
+					    MAX_DOMAIN_CHARS);
+	    if (idx === -1)
+		deco.domain = [];
+	    else
+		deco.domain = deco.domain.substring(idx + 1);
 
-/* Be sane: both arguments should be arrays of length >= 2 */
-function domain_matches(url_domain, pattern_domain)
-{
-    const length_difference = url_domain.length - pattern_domain.length;
-
-    for (let i = 1; i <= url_domain.length; i++) {
-	const url_part = url_domain[url_domain.length - i];
-	const pattern_part = pattern_domain[pattern_domain.length - i];
-
-	if (pattern_domain.length === i) {
-	    if (pattern_part === "*")
-		return length_difference === 0;
-	    if (pattern_part === "**")
-		return length_difference > 0;
-	    if (pattern_part === "***")
-		return true;
-	    return length_difference === 0 && pattern_part === url_part;
+	    deco.domain_truncated = true;
 	}
 
-	if (pattern_part !== url_part)
-	    return false;
-    }
-
-    return pattern_domain.length === url_domain.length + 1 &&
-	pattern_domain[0] === "***";
-}
-
-function path_matches(url_path, url_trailing_dash,
-		      pattern_path, pattern_trailing_dash)
-{
-    const dashes_ok = !(pattern_trailing_dash && !url_trailing_dash);
-
-    if (pattern_path.length === 0)
-	return url_path.length === 0 && dashes_ok;
-
-    const length_difference = url_path.length - pattern_path.length;
-
-    for (let i = 0; i < url_path.length; i++) {
-	if (pattern_path.length === i + 1) {
-	    if (pattern_path[i] === "*")
-		return length_difference === 0;
-	    if (pattern_path[i] === "**") {
-		return length_difference > 0 ||
-		    (url_path[i] === "**" && dashes_ok);
-	    }
-	    if (pattern_path[i] === "***")
-		return length_difference >= 0;
-	    return length_difference === 0 &&
-		pattern_path[i] === url_path[i] && dashes_ok;
+	if (deco.path.length > MAX_URL_PATH_CHARS) {
+	    deco.path = deco.path.substring(0, deco.path.lastIndexOf("/"));
+	    deco.path_truncated = true;
 	}
-
-	if (pattern_path[i] !== url_path[i])
-	    return false;
     }
 
-    return false;
-}
-
-function url_matches(url, pattern)
-{
-    const url_deco = deconstruct_url(url);
-    const pattern_deco = deconstruct_url(pattern);
-
-    if (url_deco === undefined || pattern_deco === undefined) {
-	console.log(`bad comparison: ${url} and ${pattern}`);
-	return false
+    if (typeof deco.domain === "string") {
+	deco.domain = deco.domain.split(".");
+	if (deco.domain.splice(0, deco.domain.length - MAX_DOMAIN_LEN).length
+	    > 0)
+	    deco.domain_truncated = true;
     }
 
-    return pattern_deco.proto === url_deco.proto &&
-	!(pattern_deco.proto === "file" && pattern_deco.trailing_dash) &&
-	!!url_deco.domain === !!pattern_deco.domain &&
-	(!url_deco.domain ||
-	 domain_matches(url_deco.domain, pattern_deco.domain)) &&
-	path_matches(url_deco.path, url_deco.trailing_dash,
-		     pattern_deco.path, pattern_deco.trailing_dash);
+    deco.path = deco.path.split("/").filter(s => s !== "");
+    if (deco.domain && deco.path.splice(MAX_URL_PATH_LEN).length > 0)
+	deco.path_truncated = true;
+    if (leading_dash || deco.path.length === 0)
+	deco.path.unshift("");
+
+    return deco;
 }
 
-function* each_domain_pattern(domain_segments)
+function* each_domain_pattern(deco)
 {
-    for (let slice = 0; slice < domain_segments.length; slice++) {
-	const domain_part = domain_segments.slice(slice).join(".");
+    for (let slice = 0; slice < deco.domain.length - 1; slice++) {
+	const domain_part = deco.domain.slice(slice).join(".");
 	const domain_wildcards = [];
-	if (slice === 0)
+	if (slice === 0 && !deco.domain_truncated)
 	    yield domain_part;
-	if (slice === 1)
+	if (slice === 1 && !deco.domain_truncated)
 	    yield "*." + domain_part;
 	if (slice > 1)
 	    yield "**." + domain_part;
@@ -141,22 +94,23 @@ function* each_domain_pattern(domain_segments)
     }
 }
 
-function* each_path_pattern(path_segments, trailing_dash)
+function* each_path_pattern(deco)
 {
-    for (let slice = path_segments.length; slice > 0; slice--) {
-	const path_part = path_segments.slice(0, slice).join("/");
+    for (let slice = deco.path.length; slice > 0; slice--) {
+	const path_part = deco.path.slice(0, slice).join("/");
 	const path_wildcards = [];
-	if (slice === path_segments.length) {
-	    if (trailing_dash)
+	if (slice === deco.path.length && !deco.path_truncated) {
+	    if (deco.trailing_dash)
 		yield path_part + "/";
 	    yield path_part;
 	}
-	if (slice === path_segments.length - 1 && path_segments[slice] !== "*")
+	if (slice === deco.path.length - 1 && !deco.path_truncated &&
+	    deco.path[slice] !== "*")
 	    yield path_part + "/*";
-	if (slice < path_segments.length - 1)
+	if (slice < deco.path.length - 1)
 	    yield path_part + "/**";
-	if (slice < path_segments.length - 1 ||
-	    path_segments[path_segments.length - 1] !== "***")
+	if (slice !== deco.path.length - 1 || deco.path_truncated ||
+	    deco.path[slice] !== "***")
 	    yield path_part + "/***";
     }
 }
@@ -167,20 +121,19 @@ function* each_url_pattern(url)
     const deco = deconstruct_url(url);
 
     if (deco === undefined) {
-	console.log("bad url format", url);
+	console.error("bad url format", url);
 	return false;
     }
 
-    const all_domains = deco.domain ? each_domain_pattern(deco.domain) : [""];
+    const all_domains = deco.domain ? each_domain_pattern(deco) : [""];
     for (const domain of all_domains) {
-	for (const path of each_path_pattern(deco.path, deco.trailing_dash))
+	for (const path of each_path_pattern(deco))
 	    yield `${deco.proto}://${domain}${path}`;
     }
 }
 
 /*
  * EXPORTS_START
- * EXPORT url_matches
  * EXPORT each_url_pattern
  * EXPORTS_END
  */
diff --git a/html/display-panel.js b/html/display-panel.js
index 623ff36..84c922f 100644
--- a/html/display-panel.js
+++ b/html/display-panel.js
@@ -21,7 +21,6 @@
  * IMPORT TYPE_PREFIX
  * IMPORT nice_name
  * IMPORT open_in_settings
- * IMPORT url_matches
  * IMPORT each_url_pattern
  * IMPORT by_id
  * IMPORT clone_template
@@ -114,36 +113,21 @@ function add_pattern_to_list(pattern)
     return template;
 }
 
-function ensure_pattern_exists(pattern)
-{
-    let entry_object = known_patterns.get(pattern);
-    /*
-     * As long as pattern computation works well, we should never get into this
-     * conditional block. This is just a safety measure. To be removed as part
-     * of a bigger rework when we start taking iframes into account.
-     */
-    if (entry_object === undefined) {
-	console.log(`unknown pattern: ${pattern}`);
-	entry_object = add_pattern_to_list(pattern);
-    }
-
-    return entry_object;
-}
-
 function style_possible_pattern_entry(pattern, exists_in_settings)
 {
     const [text, class_action] = exists_in_settings ?
 	  ["Edit", "add"] : ["Add", "remove"];
-    const entry_object = ensure_pattern_exists(pattern);
+    const entry_object = known_patterns.get(pattern);
 
-    entry_object.button.textContent = `${text} setting`;
-    entry_object.entry.classList[class_action]("matched_pattern");
+    if (entry_object) {
+	entry_object.button.textContent = `${text} setting`;
+	entry_object.entry.classList[class_action]("matched_pattern");
+    }
 }
 
 function handle_page_change(change)
 {
-    if (url_matches(tab_url, change.item))
-        style_possible_pattern_entry(change.item, change.new_val !== undefined);
+    style_possible_pattern_entry(change.item, change.new_val !== undefined);
 }
 
 function populate_possible_patterns_list(url)
-- 
cgit v1.2.3


From 2bd35bc4b0d32b70320b06d932db90e75e89373e Mon Sep 17 00:00:00 2001
From: Wojtek Kosior <koszko@koszko.org>
Date: Mon, 13 Sep 2021 16:56:44 +0200
Subject: rename the extension to "Haketilo"

---
 README.txt                        |   6 +-
 background/cookie_filter.js       |  17 ++---
 background/main.js                |   4 +-
 background/page_actions_server.js |   4 +-
 background/policy_injector.js     |  26 ++++----
 background/storage.js             |   4 +-
 background/storage_server.js      |   4 +-
 background/stream_filter.js       |   6 +-
 common/ajax.js                    |   5 +-
 common/connection_types.js        |   4 +-
 common/lock.js                    |   4 +-
 common/message_server.js          |   4 +-
 common/misc.js                    |   4 +-
 common/observable.js              |   5 +-
 common/once.js                    |   5 +-
 common/patterns.js                |   4 +-
 common/sanitize_JSON.js           |   5 +-
 common/settings_query.js          |   4 +-
 common/signing.js                 |   7 ++-
 common/storage_client.js          |   4 +-
 common/storage_light.js           |   5 +-
 common/storage_raw.js             |   5 +-
 common/stored_types.js            |   4 +-
 content/activity_info_server.js   |   7 ++-
 content/main.js                   |  22 ++++---
 content/page_actions.js           |   6 +-
 content/repo_query.js             |   5 +-
 copyright                         |   2 +-
 html/DOM_helpers.js               |   4 +-
 html/MOZILLA_scrollbar_fix.css    |   6 +-
 html/back_button.css              |   5 +-
 html/base.css                     |   4 +-
 html/default_blocking_policy.js   |   5 +-
 html/display-panel.html           |   8 ++-
 html/display-panel.js             |   4 +-
 html/import_frame.js              |   4 +-
 html/options.html                 |   6 +-
 html/options_main.js              |   4 +-
 icons/hachette.svg                | 127 --------------------------------------
 icons/hachette128.png             | Bin 6031 -> 0 bytes
 icons/hachette16.png              | Bin 752 -> 0 bytes
 icons/hachette32.png              | Bin 1358 -> 0 bytes
 icons/hachette48.png              | Bin 2154 -> 0 bytes
 icons/hachette64.png              | Bin 2908 -> 0 bytes
 icons/haketilo.svg                | 127 ++++++++++++++++++++++++++++++++++++++
 icons/haketilo128.png             | Bin 0 -> 6031 bytes
 icons/haketilo16.png              | Bin 0 -> 752 bytes
 icons/haketilo32.png              | Bin 0 -> 1358 bytes
 icons/haketilo48.png              | Bin 0 -> 2154 bytes
 icons/haketilo64.png              | Bin 0 -> 2908 bytes
 manifest.json                     |  28 +++++----
 re-generate_icons.sh              |   2 +-
 52 files changed, 292 insertions(+), 224 deletions(-)
 delete mode 100644 icons/hachette.svg
 delete mode 100644 icons/hachette128.png
 delete mode 100644 icons/hachette16.png
 delete mode 100644 icons/hachette32.png
 delete mode 100644 icons/hachette48.png
 delete mode 100644 icons/hachette64.png
 create mode 100644 icons/haketilo.svg
 create mode 100644 icons/haketilo128.png
 create mode 100644 icons/haketilo16.png
 create mode 100644 icons/haketilo32.png
 create mode 100644 icons/haketilo48.png
 create mode 100644 icons/haketilo64.png

(limited to 'html/display-panel.js')

diff --git a/README.txt b/README.txt
index ad640b0..1aec0ba 100644
--- a/README.txt
+++ b/README.txt
@@ -1,4 +1,4 @@
-# Hachette - Make The Web Great Again! #
+# Haketilo - Make The Web Great Again! #
 
 This extension's goal is to allow replacing javascript served by websites
 with scripts specified by user. Something like NoScript and Greasemonkey
@@ -9,7 +9,7 @@ Currently, the target browsers for this extension are Ungoogled Chromium
 and various forks of Firefox (version 60+).
 
 This extension is still in an early stage. Also see
-`https://hachettebugs.koszko.org/projects/hachette/wiki/' for documentation in
+`https://hydrillabugs.koszko.org/projects/haketilo/wiki/' for documentation in
 development.
 
 ## Installation ##
@@ -28,6 +28,6 @@ various additional licenses and permissions for particular files.
 
 ## Contributing ##
 Get the code from: https://git.koszko.org/browser-extension/
-Come to: https://hachettebugs.koszko.org/projects/hachette
+Come to: https://hydrillabugs.koszko.org/projects/haketilo
 
 Optionally, write to $(echo a29zemtvQGtvc3prby5vcmcK | base64 -d)
diff --git a/background/cookie_filter.js b/background/cookie_filter.js
index fea2d23..64d18b2 100644
--- a/background/cookie_filter.js
+++ b/background/cookie_filter.js
@@ -1,7 +1,8 @@
 /**
- * part of Hachette
- * Filtering request headers to remove hachette cookies that might have slipped
- * through.
+ * This file is part of Haketilo.
+ *
+ * Function: Filtering request headers to remove haketilo cookies that might
+ *     have slipped through.
  *
  * Copyright (C) 2021 Wojtek Kosior
  * Redistribution terms are gathered in the `copyright' file.
@@ -13,29 +14,29 @@
  * IMPORTS_END
  */
 
-function is_valid_hachette_cookie(cookie)
+function is_valid_haketilo_cookie(cookie)
 {
-    const match = /^hachette-(\w*)=(.*)$/.exec(cookie);
+    const match = /^haketilo-(\w*)=(.*)$/.exec(cookie);
     if (!match)
 	return false;
 
     return !extract_signed(match.slice(1, 3)).fail;
 }
 
-function remove_hachette_cookies(header)
+function remove_haketilo_cookies(header)
 {
     if (header.name !== "Cookie")
 	return header;
 
     const cookies = header.value.split("; ");
-    const value = cookies.filter(c => !is_valid_hachette_cookie(c)).join("; ");
+    const value = cookies.filter(c => !is_valid_haketilo_cookie(c)).join("; ");
 
     return value ? {name: "Cookie", value} : null;
 }
 
 function filter_cookie_headers(headers)
 {
-    return headers.map(remove_hachette_cookies).filter(h => h);
+    return headers.map(remove_haketilo_cookies).filter(h => h);
 }
 
 /*
diff --git a/background/main.js b/background/main.js
index 03cd5d7..40b3a9e 100644
--- a/background/main.js
+++ b/background/main.js
@@ -1,5 +1,7 @@
 /**
- * Hachette main background script
+ * This file is part of Haketilo.
+ *
+ * Function: Main background script.
  *
  * Copyright (C) 2021 Wojtek Kosior
  * Redistribution terms are gathered in the `copyright' file.
diff --git a/background/page_actions_server.js b/background/page_actions_server.js
index e21ca6e..156a79f 100644
--- a/background/page_actions_server.js
+++ b/background/page_actions_server.js
@@ -1,5 +1,7 @@
 /**
- * Hachette serving of page actions to content scripts
+ * This file is part of Haketilo.
+ *
+ * Function: Serving page actions to content scripts.
  *
  * Copyright (C) 2021 Wojtek Kosior
  * Redistribution terms are gathered in the `copyright' file.
diff --git a/background/policy_injector.js b/background/policy_injector.js
index e5af055..881595b 100644
--- a/background/policy_injector.js
+++ b/background/policy_injector.js
@@ -1,5 +1,7 @@
 /**
- * Hachette injecting policy to page using webRequest
+ * This file is part of Haketilo.
+ *
+ * Function: Injecting policy to page by modifying HTTP headers.
  *
  * Copyright (C) 2021 Wojtek Kosior
  * Copyright (C) 2021 jahoti
@@ -19,10 +21,10 @@ function inject_csp_headers(headers, policy)
 {
     let csp_headers;
     let old_signature;
-    let hachette_header;
+    let haketilo_header;
 
-    for (const header of headers.filter(h => h.name === "x-hachette")) {
-	/* x-hachette header has format: <signature>_0_<data> */
+    for (const header of headers.filter(h => h.name === "x-haketilo")) {
+	/* x-haketilo header has format: <signature>_0_<data> */
 	const match = /^([^_]+)_(0_.*)$/.exec(header.value);
 	if (!match)
 	    continue;
@@ -38,7 +40,7 @@ function inject_csp_headers(headers, policy)
 	csp_headers = old_data.csp_headers;
 	old_signature = old_data.policy_sig;
 
-	hachette_header = header;
+	haketilo_header = header;
 	break;
     }
 
@@ -53,9 +55,9 @@ function inject_csp_headers(headers, policy)
 	headers.push(...csp_headers || []);
     }
 
-    if (!hachette_header) {
-	hachette_header = {name: "x-hachette"};
-	headers.push(hachette_header);
+    if (!haketilo_header) {
+	haketilo_header = {name: "x-haketilo"};
+	headers.push(haketilo_header);
     }
 
     if (old_signature)
@@ -66,7 +68,7 @@ function inject_csp_headers(headers, policy)
     const later_30sec = new Date(new Date().getTime() + 30000).toGMTString();
     headers.push({
 	name: "Set-Cookie",
-	value: `hachette-${signed_policy.join("=")}; Expires=${later_30sec};`
+	value: `haketilo-${signed_policy.join("=")}; Expires=${later_30sec};`
     });
 
     /*
@@ -74,9 +76,9 @@ function inject_csp_headers(headers, policy)
      * These are signed with a time of 0, as it's not clear there is a limit on
      * how long Firefox might retain headers in the cache.
      */
-    let hachette_data = {csp_headers, policy_sig: signed_policy[0]};
-    hachette_data = encodeURIComponent(JSON.stringify(hachette_data));
-    hachette_header.value = sign_data(hachette_data, 0).join("_");
+    let haketilo_data = {csp_headers, policy_sig: signed_policy[0]};
+    haketilo_data = encodeURIComponent(JSON.stringify(haketilo_data));
+    haketilo_header.value = sign_data(haketilo_data, 0).join("_");
 
     if (!policy.allow) {
 	headers.push({
diff --git a/background/storage.js b/background/storage.js
index 12c0c61..a4e626a 100644
--- a/background/storage.js
+++ b/background/storage.js
@@ -1,5 +1,7 @@
 /**
- * Hachette storage manager
+ * This file is part of Haketilo.
+ *
+ * Function: Storage manager.
  *
  * Copyright (C) 2021 Wojtek Kosior
  * Redistribution terms are gathered in the `copyright' file.
diff --git a/background/storage_server.js b/background/storage_server.js
index 2252eb5..73126d4 100644
--- a/background/storage_server.js
+++ b/background/storage_server.js
@@ -1,5 +1,7 @@
 /**
- * Hachette storage through connection (server side)
+ * This file is part of Haketilo.
+ *
+ * Function: Storage through messages (server side).
  *
  * Copyright (C) 2021 Wojtek Kosior
  * Redistribution terms are gathered in the `copyright' file.
diff --git a/background/stream_filter.js b/background/stream_filter.js
index 3e30a4b..e5e0827 100644
--- a/background/stream_filter.js
+++ b/background/stream_filter.js
@@ -1,5 +1,7 @@
 /**
- * Hachette modifying a web page using the StreamFilter API
+ * This file is part of Haketilo.
+ *
+ * Function: Modifying a web page using the StreamFilter API.
  *
  * Copyright (C) 2018 Giorgio Maone <giorgio@maone.net>
  * Copyright (C) 2021 Wojtek Kosior
@@ -173,7 +175,7 @@ function filter_data(properties, event)
 	 */
 
 	const dummy_script =
-	      `<script data-hachette-deleteme="${properties.policy.nonce}" nonce="${properties.policy.nonce}">null</script>`;
+	      `<script data-haketilo-deleteme="${properties.policy.nonce}" nonce="${properties.policy.nonce}">null</script>`;
 	const doctype_decl = /^(\s*<!doctype[^<>"']*>)?/i.exec(decoded)[0];
 	decoded = doctype_decl + dummy_script +
 	    decoded.substring(doctype_decl.length);
diff --git a/common/ajax.js b/common/ajax.js
index 8082bbe..7269a8a 100644
--- a/common/ajax.js
+++ b/common/ajax.js
@@ -1,6 +1,7 @@
 /**
- * part of Hachette
- * Wrapping XMLHttpRequest into a Promise.
+ * This file is part of Haketilo.
+ *
+ * Function: Wrapping XMLHttpRequest into a Promise.
  *
  * Copyright (C) 2021 Wojtek Kosior
  * Redistribution terms are gathered in the `copyright' file.
diff --git a/common/connection_types.js b/common/connection_types.js
index 88c6964..3e9df56 100644
--- a/common/connection_types.js
+++ b/common/connection_types.js
@@ -1,5 +1,7 @@
 /**
- * Hachette background scripts message connection types "enum"
+ * This file is part of Haketilo.
+ *
+ * Function: Define an "enum" of message connection types.
  *
  * Copyright (C) 2021 Wojtek Kosior
  * Redistribution terms are gathered in the `copyright' file.
diff --git a/common/lock.js b/common/lock.js
index 822ad1b..6cf0835 100644
--- a/common/lock.js
+++ b/common/lock.js
@@ -1,5 +1,7 @@
 /**
- * Hachette lock (aka binary semaphore aka mutex)
+ * This file is part of Haketilo.
+ *
+ * Function: Implement a lock (aka binary semaphore aka mutex).
  *
  * Copyright (C) 2021 Wojtek Kosior
  * Redistribution terms are gathered in the `copyright' file.
diff --git a/common/message_server.js b/common/message_server.js
index ea40487..c8c6696 100644
--- a/common/message_server.js
+++ b/common/message_server.js
@@ -1,5 +1,7 @@
 /**
- * Hachette message server
+ * This file is part of Haketilo.
+ *
+ * Function: Message server.
  *
  * Copyright (C) 2021 Wojtek Kosior
  * Redistribution terms are gathered in the `copyright' file.
diff --git a/common/misc.js b/common/misc.js
index 6cded84..9ffb7ff 100644
--- a/common/misc.js
+++ b/common/misc.js
@@ -1,5 +1,7 @@
 /**
- * Hachette miscellaneous operations refactored to a separate file
+ * This file is part of Haketilo.
+ *
+ * Function: Miscellaneous operations refactored to a separate file.
  *
  * Copyright (C) 2021 Wojtek Kosior
  * Copyright (C) 2021 jahoti
diff --git a/common/observable.js b/common/observable.js
index 02f1c1b..ab3b444 100644
--- a/common/observable.js
+++ b/common/observable.js
@@ -1,6 +1,7 @@
 /**
- * part of Hachette
- * Facilitate listening to events
+ * This file is part of Haketilo.
+ *
+ * Function: Facilitate listening to (internal, self-generated) events.
  *
  * Copyright (C) 2021 Wojtek Kosior
  * Redistribution terms are gathered in the `copyright' file.
diff --git a/common/once.js b/common/once.js
index 098b43f..93e842f 100644
--- a/common/once.js
+++ b/common/once.js
@@ -1,5 +1,8 @@
 /**
- * Hachette feature initialization promise
+ * This file is part of Haketilo.
+ *
+ * Function: Wrap APIs that depend on some asynchronous initialization into
+ *     promises.
  *
  * Copyright (C) 2021 Wojtek Kosior
  * Redistribution terms are gathered in the `copyright' file.
diff --git a/common/patterns.js b/common/patterns.js
index ae29fcd..625be05 100644
--- a/common/patterns.js
+++ b/common/patterns.js
@@ -1,5 +1,7 @@
 /**
- * Hachette operations on page url patterns
+ * This file is part of Haketilo.
+ *
+ * Function: Operations on page URL patterns.
  *
  * Copyright (C) 2021 Wojtek Kosior
  * Redistribution terms are gathered in the `copyright' file.
diff --git a/common/sanitize_JSON.js b/common/sanitize_JSON.js
index 8b86d2d..4cf1ef4 100644
--- a/common/sanitize_JSON.js
+++ b/common/sanitize_JSON.js
@@ -1,6 +1,7 @@
 /**
- * part of Hachette
- * Powerful, full-blown format enforcer for externally-obtained JSON
+ * This file is part of Haketilo.
+ *
+ * Function: Powerful, full-blown format enforcer for externally-obtained JSON.
  *
  * Copyright (C) 2021 Wojtek Kosior
  * Redistribution terms are gathered in the `copyright' file.
diff --git a/common/settings_query.js b/common/settings_query.js
index b54e580..7e1315e 100644
--- a/common/settings_query.js
+++ b/common/settings_query.js
@@ -1,5 +1,7 @@
 /**
- * Hachette querying page settings with regard to wildcard records
+ * This file is part of Haketilo.
+ *
+ * Function: Querying page settings.
  *
  * Copyright (C) 2021 Wojtek Kosior
  * Redistribution terms are gathered in the `copyright' file.
diff --git a/common/signing.js b/common/signing.js
index 1904bcd..11cd442 100644
--- a/common/signing.js
+++ b/common/signing.js
@@ -1,6 +1,7 @@
 /**
- * part of Hachette
- * Functions related to "signing" of data, refactored to a separate file.
+ * This file is part of Haketilo.
+ *
+ * Functions: Operations related to "signing" of data.
  *
  * Copyright (C) 2021 Wojtek Kosior
  * Redistribution terms are gathered in the `copyright' file.
@@ -16,7 +17,7 @@
 
 /*
  * In order to make certain data synchronously accessible in certain contexts,
- * hachette smuggles it in string form in places like cookies, URLs and headers.
+ * Haketilo smuggles it in string form in places like cookies, URLs and headers.
  * When using the smuggled data, we first need to make sure it isn't spoofed.
  * For that, we use this pseudo-signing mechanism.
  *
diff --git a/common/storage_client.js b/common/storage_client.js
index 2b2f495..ef4a0b8 100644
--- a/common/storage_client.js
+++ b/common/storage_client.js
@@ -1,5 +1,7 @@
 /**
- * Hachette storage through connection (client side)
+ * This file is part of Haketilo.
+ *
+ * Function: Storage through messages (client side).
  *
  * Copyright (C) 2021 Wojtek Kosior
  * Redistribution terms are gathered in the `copyright' file.
diff --git a/common/storage_light.js b/common/storage_light.js
index 067bf0c..32e3b1f 100644
--- a/common/storage_light.js
+++ b/common/storage_light.js
@@ -1,6 +1,7 @@
 /**
- * part of Hachette
- * Storage manager, lighter than the previous one.
+ * This file is part of Haketilo.
+ *
+ * Function: Storage manager, lighter than the previous one.
  *
  * Copyright (C) 2021 Wojtek Kosior
  * Redistribution terms are gathered in the `copyright' file.
diff --git a/common/storage_raw.js b/common/storage_raw.js
index 4c02ee4..e354b6b 100644
--- a/common/storage_raw.js
+++ b/common/storage_raw.js
@@ -1,6 +1,7 @@
 /**
- * part of Hachette
- * Basic wrappers for storage API functions.
+ * This file is part of Haketilo.
+ *
+ * Function: Basic wrappers for storage API functions.
  *
  * Copyright (C) 2021 Wojtek Kosior
  * Redistribution terms are gathered in the `copyright' file.
diff --git a/common/stored_types.js b/common/stored_types.js
index bfceba6..a693b1c 100644
--- a/common/stored_types.js
+++ b/common/stored_types.js
@@ -1,5 +1,7 @@
 /**
- * Hachette stored item types "enum"
+ * This file is part of Haketilo.
+ *
+ * Function: Define an "enum" of stored item types.
  *
  * Copyright (C) 2021 Wojtek Kosior
  * Redistribution terms are gathered in the `copyright' file.
diff --git a/content/activity_info_server.js b/content/activity_info_server.js
index 1b69703..d1dfe36 100644
--- a/content/activity_info_server.js
+++ b/content/activity_info_server.js
@@ -1,7 +1,8 @@
 /**
- * part of Hachette
- * Informing about activities performed by content script (script injection,
- * script blocking).
+ * This file is part of Haketilo.
+ *
+ * Function: Informing the popup about what happens in the content script
+ *     (script injection, script blocking, etc.).
  *
  * Copyright (C) 2021 Wojtek Kosior
  * Redistribution terms are gathered in the `copyright' file.
diff --git a/content/main.js b/content/main.js
index 6478ea0..cec9943 100644
--- a/content/main.js
+++ b/content/main.js
@@ -1,5 +1,7 @@
 /**
- * Hachette main content script run in all frames
+ * This file is part of Haketilo.
+ *
+ * Function: Main content script that runs in all frames.
  *
  * Copyright (C) 2021 Wojtek Kosior
  * Copyright (C) 2021 jahoti
@@ -33,7 +35,7 @@ function extract_cookie_policy(cookie, min_time)
     let policy = null;
     const extracted_signatures = [];
 
-    for (const match of cookie.matchAll(/hachette-(\w*)=([^;]*)/g)) {
+    for (const match of cookie.matchAll(/haketilo-(\w*)=([^;]*)/g)) {
 	const new_result = extract_signed(...match.slice(1, 3));
 	if (new_result.fail)
 	    continue;
@@ -60,7 +62,7 @@ function extract_url_policy(url, min_time)
     const [base_url, payload, anchor] =
 	  /^([^#]*)#?([^#]*)(#?.*)$/.exec(url).splice(1, 4);
 
-    const match = /^hachette_([^_]+)_(.*)$/.exec(payload);
+    const match = /^haketilo_([^_]+)_(.*)$/.exec(payload);
     if (!match)
 	return [null, url];
 
@@ -83,7 +85,7 @@ function employ_nonhttp_policy(policy)
     policy.nonce = gen_nonce();
     const [base_url, target] = /^([^#]*)(#?.*)$/.exec(policy.url).slice(1, 3);
     const encoded_policy = encodeURIComponent(JSON.stringify(policy));
-    const payload = "hachette_" +
+    const payload = "haketilo_" +
 	  sign_data(encoded_policy, new Date().getTime()).join("_");
     const resulting_url = `${base_url}#${payload}${target}`;
     location.href = resulting_url;
@@ -187,7 +189,7 @@ function sanitize_meta(meta)
 
 function sanitize_script(script)
 {
-    script.hachette_blocked_type = script.getAttribute("type");
+    script.haketilo_blocked_type = script.getAttribute("type");
     script.type = "text/plain";
 }
 
@@ -197,12 +199,12 @@ function sanitize_script(script)
  */
 function desanitize_script(script)
 {
-    script.setAttribute("type", script.hachette_blocked_type);
+    script.setAttribute("type", script.haketilo_blocked_type);
 
-    if ([null, undefined].includes(script.hachette_blocked_type))
+    if ([null, undefined].includes(script.haketilo_blocked_type))
 	script.removeAttribute("type");
 
-    delete script.hachette_blocked_type;
+    delete script.haketilo_blocked_type;
 }
 
 const bad_url_reg = /^data:([^,;]*ml|unknown-content-type)/i;
@@ -235,7 +237,7 @@ function start_data_urls_sanitizing(doc)
  */
 function prevent_script_execution(event)
 {
-    if (!event.target._hachette_payload)
+    if (!event.target.haketilo_payload)
 	event.preventDefault();
 }
 
@@ -336,7 +338,7 @@ if (!is_privileged_url(document.URL)) {
 	let signatures;
 	[policy, signatures] = extract_cookie_policy(document.cookie, min_time);
 	for (const signature of signatures)
-	    document.cookie = `hachette-${signature}=; Max-Age=-1;`;
+	    document.cookie = `haketilo-${signature}=; Max-Age=-1;`;
     } else {
 	const scheme = /^([^:]*)/.exec(document.URL)[1];
 	const known_scheme = ["file", "ftp"].includes(scheme);
diff --git a/content/page_actions.js b/content/page_actions.js
index 040b4ab..db7c352 100644
--- a/content/page_actions.js
+++ b/content/page_actions.js
@@ -1,5 +1,7 @@
 /**
- * Hachette handling of page actions in content scripts
+ * This file is part of Haketilo.
+ *
+ * Function: Handle page actions in a content script.
  *
  * Copyright (C) 2021 Wojtek Kosior
  * Redistribution terms are gathered in the `copyright' file.
@@ -60,7 +62,7 @@ function add_script(script_text)
     let script = document.createElement("script");
     script.textContent = script_text;
     script.setAttribute("nonce", nonce);
-    script._hachette_payload = true;
+    script.haketilo_payload = true;
     document.body.appendChild(script);
 
     report_script(script_text);
diff --git a/content/repo_query.js b/content/repo_query.js
index 3708108..637282c 100644
--- a/content/repo_query.js
+++ b/content/repo_query.js
@@ -1,6 +1,7 @@
 /**
- * part of Hachette
- * Getting available content for site from remote repositories.
+ * This file is part of Haketilo.
+ *
+ * Function: Getting available content for site from remote repositories.
  *
  * Copyright (C) 2021 Wojtek Kosior
  * Redistribution terms are gathered in the `copyright' file.
diff --git a/copyright b/copyright
index 4c37eb3..fe2aed7 100644
--- a/copyright
+++ b/copyright
@@ -1,5 +1,5 @@
 Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
-Upstream-Name: Hachette
+Upstream-Name: Haketilo
 Source: https://git.koszko.org/browser-extension/
 
 Files: *
diff --git a/html/DOM_helpers.js b/html/DOM_helpers.js
index 01e2be9..4fe118d 100644
--- a/html/DOM_helpers.js
+++ b/html/DOM_helpers.js
@@ -1,5 +1,7 @@
 /**
- * Hachette operations on DOM elements
+ * This file is part of Haketilo.
+ *
+ * Function: Operations on DOM elements.
  *
  * Copyright (C) 2021 Wojtek Kosior
  * Redistribution terms are gathered in the `copyright' file.
diff --git a/html/MOZILLA_scrollbar_fix.css b/html/MOZILLA_scrollbar_fix.css
index 5feb7c3..cdbd5c6 100644
--- a/html/MOZILLA_scrollbar_fix.css
+++ b/html/MOZILLA_scrollbar_fix.css
@@ -1,6 +1,8 @@
 /**
- * Hachette
- * Hacky fix for vertical scrollbar width being included in child's width.
+ * This file is part of Haketilo.
+ *
+ * Function: Hacky fix for vertical scrollbar width being included in child's
+ *     width.
  *
  * Copyright (C) 2021 Wojtek Kosior
  * Redistribution terms are gathered in the `copyright' file.
diff --git a/html/back_button.css b/html/back_button.css
index 1ddc5da..b83e834 100644
--- a/html/back_button.css
+++ b/html/back_button.css
@@ -1,6 +1,7 @@
 /**
- * part of Hachette
- * Style for a "back" button with a CSS arrow image.
+ * This file is part of Haketilo.
+ *
+ * Function: Style for a "back" button with a CSS arrow image.
  *
  * Copyright (C) 2021 Wojtek Kosior
  * Redistribution terms are gathered in the `copyright' file.
diff --git a/html/base.css b/html/base.css
index df52f7c..517a5c1 100644
--- a/html/base.css
+++ b/html/base.css
@@ -1,5 +1,7 @@
 /**
- * Hachette base styles
+ * This file is part of Haketilo.
+ *
+ * Function: Base styles.
  *
  * Copyright (C) 2021 Wojtek Kosior
  * Copyright (C) 2021 Nicholas Johnson
diff --git a/html/default_blocking_policy.js b/html/default_blocking_policy.js
index 2f49bac..b6458f3 100644
--- a/html/default_blocking_policy.js
+++ b/html/default_blocking_policy.js
@@ -1,6 +1,7 @@
 /**
- * part of Hachette
- * Default policy dialog logic.
+ * This file is part of Haketilo.
+ *
+ * Function: Logic for the dialog of default policy selection.
  *
  * Copyright (C) 2021 Wojtek Kosior
  * Redistribution terms are gathered in the `copyright' file.
diff --git a/html/display-panel.html b/html/display-panel.html
index 3ed1b7a..ee9e767 100644
--- a/html/display-panel.html
+++ b/html/display-panel.html
@@ -1,12 +1,16 @@
 <!doctype html>
 <!--
+    This file is part of Haketilo.
+
+    Function: Extension's popup page.
+
     Copyright (C) 2021 Wojtek Kosior
     Redistribution terms are gathered in the `copyright' file.
   -->
 <html>
   <head>
     <meta charset="utf-8"/>
-    <title>Hachette - page settings</title>
+    <title>Haketilo - page settings</title>
     <link type="text/css" rel="stylesheet" href="reset.css" />
     <link type="text/css" rel="stylesheet" href="base.css" />
     <link type="text/css" rel="stylesheet" href="back_button.css" />
@@ -331,7 +335,7 @@
 
       <div class="footer padding_inline has_upper_thin_line">
 	<button id="settings_but" type="button">
-	  Open Hachette settings
+	  Open Haketilo settings
 	</button>
       </div>
     </div>
diff --git a/html/display-panel.js b/html/display-panel.js
index 84c922f..c078850 100644
--- a/html/display-panel.js
+++ b/html/display-panel.js
@@ -1,5 +1,7 @@
 /**
- * Hachette display panel logic
+ * This file is part of Haketilo.
+ *
+ * Function: Popup logic.
  *
  * Copyright (C) 2021 Wojtek Kosior
  * Redistribution terms are gathered in the `copyright' file.
diff --git a/html/import_frame.js b/html/import_frame.js
index c0eb2f0..ae6fab4 100644
--- a/html/import_frame.js
+++ b/html/import_frame.js
@@ -1,5 +1,7 @@
 /**
- * Hachette HTML import frame script
+ * This file is part of Haketilo.
+ *
+ * Function: Logic for the settings import frame.
  *
  * Copyright (C) 2021 Wojtek Kosior
  * Redistribution terms are gathered in the `copyright' file.
diff --git a/html/options.html b/html/options.html
index 54ab9e8..2e8317c 100644
--- a/html/options.html
+++ b/html/options.html
@@ -1,12 +1,16 @@
 <!doctype html>
 <!--
+    This file is part of Haketilo.
+
+    Function: Extension's settings page.
+
     Copyright (C) 2021 Wojtek Kosior
     Redistribution terms are gathered in the `copyright' file.
   -->
 <html>
   <head>
     <meta charset="utf-8"/>
-    <title>Hachette options</title>
+    <title>Haketilo options</title>
     <link type="text/css" rel="stylesheet" href="reset.css" />
     <link type="text/css" rel="stylesheet" href="base.css" />
     <link type="text/css" rel="stylesheet" href="table.css" />
diff --git a/html/options_main.js b/html/options_main.js
index 27ab0ec..f8faf9b 100644
--- a/html/options_main.js
+++ b/html/options_main.js
@@ -1,5 +1,7 @@
 /**
- * Hachette HTML options page main script
+ * This file is part of Haketilo.
+ *
+ * Function: Settings page logic.
  *
  * Copyright (C) 2021 Wojtek Kosior
  * Redistribution terms are gathered in the `copyright' file.
diff --git a/icons/hachette.svg b/icons/hachette.svg
deleted file mode 100644
index 6e8948d..0000000
--- a/icons/hachette.svg
+++ /dev/null
@@ -1,127 +0,0 @@
-<?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<svg
-   xmlns:dc="http://purl.org/dc/elements/1.1/"
-   xmlns:cc="http://creativecommons.org/ns#"
-   xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
-   xmlns:svg="http://www.w3.org/2000/svg"
-   xmlns="http://www.w3.org/2000/svg"
-   width="128"
-   height="128"
-   viewBox="0 -0.6 33.866668 33.866666"
-   version="1.1"
-   id="svg8">
-  <title
-     id="title1418">Hatchet</title>
-  <defs
-     id="defs2">
-    <filter
-       style="color-interpolation-filters:sRGB"
-       id="filter994"
-       x="-0.78125864"
-       width="2.5625174"
-       y="-0.25392297"
-       height="1.5078459">
-      <feGaussianBlur
-         stdDeviation="1.7304741"
-         id="feGaussianBlur996" />
-    </filter>
-    <filter
-       style="color-interpolation-filters:sRGB"
-       id="filter1401"
-       x="-0.43681362"
-       width="1.8736273"
-       y="-0.032828163"
-       height="1.0656563">
-      <feGaussianBlur
-         stdDeviation="2.2606587"
-         id="feGaussianBlur1403" />
-    </filter>
-  </defs>
-  <metadata
-     id="metadata5">
-    <rdf:RDF>
-      <cc:Work
-         rdf:about="">
-        <dc:format>image/svg+xml</dc:format>
-        <dc:type
-           rdf:resource="http://purl.org/dc/dcmitype/StillImage" />
-        <dc:title>Hatchet</dc:title>
-        <dc:creator>
-          <cc:Agent>
-            <dc:title>David Lyons</dc:title>
-          </cc:Agent>
-        </dc:creator>
-        <dc:publisher>
-          <cc:Agent>
-            <dc:title>dlyons</dc:title>
-          </cc:Agent>
-        </dc:publisher>
-        <cc:license
-           rdf:resource="http://creativecommons.org/licenses/by-sa/4.0/" />
-        <dc:date>2017-05</dc:date>
-        <dc:subject>
-          <rdf:Bag>
-            <rdf:li>hatchet</rdf:li>
-            <rdf:li>ax</rdf:li>
-            <rdf:li>wood</rdf:li>
-          </rdf:Bag>
-        </dc:subject>
-        <dc:description>Hatchet</dc:description>
-      </cc:Work>
-      <cc:License
-         rdf:about="http://creativecommons.org/licenses/by-sa/4.0/">
-        <cc:permits
-           rdf:resource="http://creativecommons.org/ns#Reproduction" />
-        <cc:permits
-           rdf:resource="http://creativecommons.org/ns#Distribution" />
-        <cc:requires
-           rdf:resource="http://creativecommons.org/ns#Notice" />
-        <cc:requires
-           rdf:resource="http://creativecommons.org/ns#Attribution" />
-        <cc:permits
-           rdf:resource="http://creativecommons.org/ns#DerivativeWorks" />
-        <cc:requires
-           rdf:resource="http://creativecommons.org/ns#ShareAlike" />
-      </cc:License>
-    </rdf:RDF>
-  </metadata>
-  <g
-     transform="matrix(0.18053177,-0.14666587,0.14666587,0.18053177,-0.67884005,5.998568)"
-     id="g4514">
-    <path
-       style="fill:#d38d5f;stroke-width:0.23824416"
-       d="M 7.30405,153.7586 C 20.54927,112.215 15.59359,34.229537 16.31646,33.113187 c 0.87975,-1.35862 11.98736,-0.3859 11.70824,-0.21673 0.17326,45.22237 7.01132,84.510963 -0.71993,131.991763 l -9.29885,-5.88681 z"
-       id="rect7" />
-    <path
-       style="stroke-width:0.27389684"
-       d="m 63.328435,18.175599 c 0,0 -18.017818,8.640905 -27.631388,12.644707 -3.823279,1.592294 -7.11998,3.047871 -9.996289,4.376476 -11.35319,0.247708 -19.4479991,0.01005 -19.8799245,1.450041 l 0.01602,16.049149 c 0.1225108,1.704999 8.9933655,2.136989 19.9713905,3.333131 6.538886,4.233937 13.307605,8.532834 17.153475,10.714075 9.058079,5.13742 18.504813,7.823295 18.504813,7.823295 0,0 5.056977,-21.237215 4.911847,-31.707625 C 66.23324,32.388436 63.328435,18.175599 63.328435,18.175599 Z"
-       id="rect9" />
-    <path
-       id="path35"
-       d="m 63.328435,18.175599 c 0,0 2.905055,14.268926 3.050195,24.739336 0.14513,10.47041 -4.912098,31.651538 -4.912098,31.651538 -11.67798,-3.788669 -16.221256,-6.527691 -16.221256,-6.527691 0,0 7.434244,-7.591907 9.174294,-22.366997 1.1592,-16.80443 -4.045711,-21.40711 -4.045711,-21.40711 3.905919,-1.879065 11.01257,-5.216217 12.954576,-6.089076 z"
-       style="opacity:0.45500004;fill:#ffffff;stroke-width:0.26458335" />
-    <path
-       style="opacity:0.45500004;fill:#ffffff;stroke-width:0.26458335"
-       d="m 63.208938,17.51176 c 0,0 3.024552,14.932765 3.169692,25.403175 0.14513,10.47041 -4.912098,31.621519 -4.912098,31.621519 -1.568463,-0.523507 -1.541936,-0.491688 -1.541936,-0.491688 0,0 5.456154,-26.034461 5.211644,-30.225191 -0.0315,-4.2355 -1.218109,-20.314453 -3.453104,-24.783592 0,0 0.723943,-0.407792 1.645299,-0.860384 z"
-       id="path1427" />
-    <path
-       style="fill:#784421;stroke:none;stroke-width:0.26458335px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1"
-       d="m 7.30405,153.7586 10.40103,5.0627 c 0,0 9.14195,5.35641 9.55606,6.02467 0.41411,0.66827 -4.66818,-0.88342 -7.90926,-2.11367 -3.24108,-1.23026 -8.21159,-4.9245 -10.36004,-6.6929 -2.14844,-1.76841 -1.68779,-2.2808 -1.68779,-2.2808 z"
-       id="path1407" />
-    <path
-       id="path999"
-       d="M 7.30405,153.7586 C 17.372688,112.40594 21.015256,78.343761 17.898744,32.568697 l 3.350934,-0.138515 c 0.131707,45.014525 3.851339,79.911868 -2.025736,127.174438 z"
-       style="opacity:0.3;fill:#2b1100;stroke-width:0.20724197" />
-    <path
-       style="opacity:1;fill:#1a1a1a;stroke:none;stroke-width:0.1832249"
-       d="m 37.364038,35.560531 9.400174,-5.992052 c 4.831746,9.986754 3.508267,19.973509 -0.303231,29.960263 l -9.096943,-5.992051 z"
-       id="rect4493" />
-    <rect
-       style="opacity:1;fill:#1a1a1a;stroke:none;stroke-width:0.37082145"
-       id="rect4504"
-       width="7.4658442"
-       height="15.338916"
-       x="23.754957"
-       y="38.224262" />
-  </g>
-</svg>
diff --git a/icons/hachette128.png b/icons/hachette128.png
deleted file mode 100644
index 18816e9..0000000
Binary files a/icons/hachette128.png and /dev/null differ
diff --git a/icons/hachette16.png b/icons/hachette16.png
deleted file mode 100644
index 182ede5..0000000
Binary files a/icons/hachette16.png and /dev/null differ
diff --git a/icons/hachette32.png b/icons/hachette32.png
deleted file mode 100644
index ffaa84b..0000000
Binary files a/icons/hachette32.png and /dev/null differ
diff --git a/icons/hachette48.png b/icons/hachette48.png
deleted file mode 100644
index 1ffcd38..0000000
Binary files a/icons/hachette48.png and /dev/null differ
diff --git a/icons/hachette64.png b/icons/hachette64.png
deleted file mode 100644
index a02abb0..0000000
Binary files a/icons/hachette64.png and /dev/null differ
diff --git a/icons/haketilo.svg b/icons/haketilo.svg
new file mode 100644
index 0000000..6e8948d
--- /dev/null
+++ b/icons/haketilo.svg
@@ -0,0 +1,127 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<svg
+   xmlns:dc="http://purl.org/dc/elements/1.1/"
+   xmlns:cc="http://creativecommons.org/ns#"
+   xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
+   xmlns:svg="http://www.w3.org/2000/svg"
+   xmlns="http://www.w3.org/2000/svg"
+   width="128"
+   height="128"
+   viewBox="0 -0.6 33.866668 33.866666"
+   version="1.1"
+   id="svg8">
+  <title
+     id="title1418">Hatchet</title>
+  <defs
+     id="defs2">
+    <filter
+       style="color-interpolation-filters:sRGB"
+       id="filter994"
+       x="-0.78125864"
+       width="2.5625174"
+       y="-0.25392297"
+       height="1.5078459">
+      <feGaussianBlur
+         stdDeviation="1.7304741"
+         id="feGaussianBlur996" />
+    </filter>
+    <filter
+       style="color-interpolation-filters:sRGB"
+       id="filter1401"
+       x="-0.43681362"
+       width="1.8736273"
+       y="-0.032828163"
+       height="1.0656563">
+      <feGaussianBlur
+         stdDeviation="2.2606587"
+         id="feGaussianBlur1403" />
+    </filter>
+  </defs>
+  <metadata
+     id="metadata5">
+    <rdf:RDF>
+      <cc:Work
+         rdf:about="">
+        <dc:format>image/svg+xml</dc:format>
+        <dc:type
+           rdf:resource="http://purl.org/dc/dcmitype/StillImage" />
+        <dc:title>Hatchet</dc:title>
+        <dc:creator>
+          <cc:Agent>
+            <dc:title>David Lyons</dc:title>
+          </cc:Agent>
+        </dc:creator>
+        <dc:publisher>
+          <cc:Agent>
+            <dc:title>dlyons</dc:title>
+          </cc:Agent>
+        </dc:publisher>
+        <cc:license
+           rdf:resource="http://creativecommons.org/licenses/by-sa/4.0/" />
+        <dc:date>2017-05</dc:date>
+        <dc:subject>
+          <rdf:Bag>
+            <rdf:li>hatchet</rdf:li>
+            <rdf:li>ax</rdf:li>
+            <rdf:li>wood</rdf:li>
+          </rdf:Bag>
+        </dc:subject>
+        <dc:description>Hatchet</dc:description>
+      </cc:Work>
+      <cc:License
+         rdf:about="http://creativecommons.org/licenses/by-sa/4.0/">
+        <cc:permits
+           rdf:resource="http://creativecommons.org/ns#Reproduction" />
+        <cc:permits
+           rdf:resource="http://creativecommons.org/ns#Distribution" />
+        <cc:requires
+           rdf:resource="http://creativecommons.org/ns#Notice" />
+        <cc:requires
+           rdf:resource="http://creativecommons.org/ns#Attribution" />
+        <cc:permits
+           rdf:resource="http://creativecommons.org/ns#DerivativeWorks" />
+        <cc:requires
+           rdf:resource="http://creativecommons.org/ns#ShareAlike" />
+      </cc:License>
+    </rdf:RDF>
+  </metadata>
+  <g
+     transform="matrix(0.18053177,-0.14666587,0.14666587,0.18053177,-0.67884005,5.998568)"
+     id="g4514">
+    <path
+       style="fill:#d38d5f;stroke-width:0.23824416"
+       d="M 7.30405,153.7586 C 20.54927,112.215 15.59359,34.229537 16.31646,33.113187 c 0.87975,-1.35862 11.98736,-0.3859 11.70824,-0.21673 0.17326,45.22237 7.01132,84.510963 -0.71993,131.991763 l -9.29885,-5.88681 z"
+       id="rect7" />
+    <path
+       style="stroke-width:0.27389684"
+       d="m 63.328435,18.175599 c 0,0 -18.017818,8.640905 -27.631388,12.644707 -3.823279,1.592294 -7.11998,3.047871 -9.996289,4.376476 -11.35319,0.247708 -19.4479991,0.01005 -19.8799245,1.450041 l 0.01602,16.049149 c 0.1225108,1.704999 8.9933655,2.136989 19.9713905,3.333131 6.538886,4.233937 13.307605,8.532834 17.153475,10.714075 9.058079,5.13742 18.504813,7.823295 18.504813,7.823295 0,0 5.056977,-21.237215 4.911847,-31.707625 C 66.23324,32.388436 63.328435,18.175599 63.328435,18.175599 Z"
+       id="rect9" />
+    <path
+       id="path35"
+       d="m 63.328435,18.175599 c 0,0 2.905055,14.268926 3.050195,24.739336 0.14513,10.47041 -4.912098,31.651538 -4.912098,31.651538 -11.67798,-3.788669 -16.221256,-6.527691 -16.221256,-6.527691 0,0 7.434244,-7.591907 9.174294,-22.366997 1.1592,-16.80443 -4.045711,-21.40711 -4.045711,-21.40711 3.905919,-1.879065 11.01257,-5.216217 12.954576,-6.089076 z"
+       style="opacity:0.45500004;fill:#ffffff;stroke-width:0.26458335" />
+    <path
+       style="opacity:0.45500004;fill:#ffffff;stroke-width:0.26458335"
+       d="m 63.208938,17.51176 c 0,0 3.024552,14.932765 3.169692,25.403175 0.14513,10.47041 -4.912098,31.621519 -4.912098,31.621519 -1.568463,-0.523507 -1.541936,-0.491688 -1.541936,-0.491688 0,0 5.456154,-26.034461 5.211644,-30.225191 -0.0315,-4.2355 -1.218109,-20.314453 -3.453104,-24.783592 0,0 0.723943,-0.407792 1.645299,-0.860384 z"
+       id="path1427" />
+    <path
+       style="fill:#784421;stroke:none;stroke-width:0.26458335px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1"
+       d="m 7.30405,153.7586 10.40103,5.0627 c 0,0 9.14195,5.35641 9.55606,6.02467 0.41411,0.66827 -4.66818,-0.88342 -7.90926,-2.11367 -3.24108,-1.23026 -8.21159,-4.9245 -10.36004,-6.6929 -2.14844,-1.76841 -1.68779,-2.2808 -1.68779,-2.2808 z"
+       id="path1407" />
+    <path
+       id="path999"
+       d="M 7.30405,153.7586 C 17.372688,112.40594 21.015256,78.343761 17.898744,32.568697 l 3.350934,-0.138515 c 0.131707,45.014525 3.851339,79.911868 -2.025736,127.174438 z"
+       style="opacity:0.3;fill:#2b1100;stroke-width:0.20724197" />
+    <path
+       style="opacity:1;fill:#1a1a1a;stroke:none;stroke-width:0.1832249"
+       d="m 37.364038,35.560531 9.400174,-5.992052 c 4.831746,9.986754 3.508267,19.973509 -0.303231,29.960263 l -9.096943,-5.992051 z"
+       id="rect4493" />
+    <rect
+       style="opacity:1;fill:#1a1a1a;stroke:none;stroke-width:0.37082145"
+       id="rect4504"
+       width="7.4658442"
+       height="15.338916"
+       x="23.754957"
+       y="38.224262" />
+  </g>
+</svg>
diff --git a/icons/haketilo128.png b/icons/haketilo128.png
new file mode 100644
index 0000000..18816e9
Binary files /dev/null and b/icons/haketilo128.png differ
diff --git a/icons/haketilo16.png b/icons/haketilo16.png
new file mode 100644
index 0000000..182ede5
Binary files /dev/null and b/icons/haketilo16.png differ
diff --git a/icons/haketilo32.png b/icons/haketilo32.png
new file mode 100644
index 0000000..ffaa84b
Binary files /dev/null and b/icons/haketilo32.png differ
diff --git a/icons/haketilo48.png b/icons/haketilo48.png
new file mode 100644
index 0000000..1ffcd38
Binary files /dev/null and b/icons/haketilo48.png differ
diff --git a/icons/haketilo64.png b/icons/haketilo64.png
new file mode 100644
index 0000000..a02abb0
Binary files /dev/null and b/icons/haketilo64.png differ
diff --git a/manifest.json b/manifest.json
index ce2577e..9d34732 100644
--- a/manifest.json
+++ b/manifest.json
@@ -1,18 +1,20 @@
+// This is the manifest file of Haketilo.
+//
 // Copyright (C) 2021 Wojtek Kosior
 // Redistribution terms are gathered in the `copyright' file.
 {
     "manifest_version": 2,
-    "name": "Hachette",
-    "short_name": "Hachette",
+    "name": "Haketilo",
+    "short_name": "Haketilo",
     "version": "0.0.1",
     "author": "various",
     "description": "Control your \"Web\" browsing.",_GECKO_APPLICATIONS_
     "icons":{
-	"128": "icons/hachette128.png",
-	"64": "icons/hachette64.png",
-	"48": "icons/hachette48.png",
-	"32": "icons/hachette32.png",
-	"16": "icons/hachette16.png"
+	"128": "icons/haketilo128.png",
+	"64": "icons/haketilo64.png",
+	"48": "icons/haketilo48.png",
+	"32": "icons/haketilo32.png",
+	"16": "icons/haketilo16.png"
     },
     "permissions": [
 	"contextMenus",
@@ -29,13 +31,13 @@
     "browser_action": {
 	"browser_style": true,
 	"default_icon": {
-	    "128": "icons/hachette128.png",
-	    "64": "icons/hachette64.png",
-	    "48": "icons/hachette48.png",
-	    "32": "icons/hachette32.png",
-	    "16": "icons/hachette16.png"
+	    "128": "icons/haketilo128.png",
+	    "64": "icons/haketilo64.png",
+	    "48": "icons/haketilo48.png",
+	    "32": "icons/haketilo32.png",
+	    "16": "icons/haketilo16.png"
 	},
-	"default_title": "Hachette",
+	"default_title": "Haketilo",
 	"default_popup": "html/display-panel.html"
     },
     "options_ui": {
diff --git a/re-generate_icons.sh b/re-generate_icons.sh
index ba0c28a..e557ad0 100755
--- a/re-generate_icons.sh
+++ b/re-generate_icons.sh
@@ -4,5 +4,5 @@
 # Redistribution terms are gathered in the `copyright' file.
 
 for SIZE in 128 64 48 32 16; do
-    inkscape -z -e icons/hachette$SIZE.png -w $SIZE -h $SIZE icons/hachette.svg
+    inkscape -z -e icons/haketilo$SIZE.png -w $SIZE -h $SIZE icons/haketilo.svg
 done
-- 
cgit v1.2.3


From 96068ada37bfa1d7e6485551138ba36600664caf Mon Sep 17 00:00:00 2001
From: Wojtek Kosior <koszko@koszko.org>
Date: Sat, 20 Nov 2021 18:29:59 +0100
Subject: replace cookies with synchronous XmlHttpRequest as policy smuggling
 method.

Note: this breaks Mozilla port of Haketilo. Synchronous XmlHttpRequest doesn't work as well there. This will be fixed with dynamically-registered content scripts later.
---
 background/cookie_filter.js       |  46 -------------
 background/main.js                | 120 +++++++++++++++++++++++++++------
 background/page_actions_server.js |  32 ++-------
 background/policy_injector.js     |  67 +++---------------
 background/stream_filter.js       |   6 +-
 build.sh                          |  16 +----
 common/misc.js                    |   2 +-
 common/signing.js                 |  74 --------------------
 content/activity_info_server.js   |   4 +-
 content/main.js                   | 138 +++++++++++---------------------------
 content/page_actions.js           |  27 ++++----
 dummy                             |   0
 html/display-panel.js             |  13 ++--
 manifest.json                     |   3 +-
 14 files changed, 180 insertions(+), 368 deletions(-)
 delete mode 100644 background/cookie_filter.js
 delete mode 100644 common/signing.js
 create mode 100644 dummy

(limited to 'html/display-panel.js')

diff --git a/background/cookie_filter.js b/background/cookie_filter.js
deleted file mode 100644
index 64d18b2..0000000
--- a/background/cookie_filter.js
+++ /dev/null
@@ -1,46 +0,0 @@
-/**
- * This file is part of Haketilo.
- *
- * Function: Filtering request headers to remove haketilo cookies that might
- *     have slipped through.
- *
- * Copyright (C) 2021 Wojtek Kosior
- * Redistribution terms are gathered in the `copyright' file.
- */
-
-/*
- * IMPORTS_START
- * IMPORT extract_signed
- * IMPORTS_END
- */
-
-function is_valid_haketilo_cookie(cookie)
-{
-    const match = /^haketilo-(\w*)=(.*)$/.exec(cookie);
-    if (!match)
-	return false;
-
-    return !extract_signed(match.slice(1, 3)).fail;
-}
-
-function remove_haketilo_cookies(header)
-{
-    if (header.name !== "Cookie")
-	return header;
-
-    const cookies = header.value.split("; ");
-    const value = cookies.filter(c => !is_valid_haketilo_cookie(c)).join("; ");
-
-    return value ? {name: "Cookie", value} : null;
-}
-
-function filter_cookie_headers(headers)
-{
-    return headers.map(remove_haketilo_cookies).filter(h => h);
-}
-
-/*
- * EXPORTS_START
- * EXPORT filter_cookie_headers
- * EXPORTS_END
- */
diff --git a/background/main.js b/background/main.js
index 40b3a9e..9cdfb97 100644
--- a/background/main.js
+++ b/background/main.js
@@ -17,11 +17,10 @@
  * IMPORT browser
  * IMPORT is_privileged_url
  * IMPORT query_best
- * IMPORT gen_nonce
  * IMPORT inject_csp_headers
  * IMPORT apply_stream_filter
- * IMPORT filter_cookie_headers
  * IMPORT is_chrome
+ * IMPORT is_mozilla
  * IMPORTS_END
  */
 
@@ -51,34 +50,53 @@ async function init_ext(install_details)
 
 browser.runtime.onInstalled.addListener(init_ext);
 
+/*
+ * The function below implements a more practical interface for what it does by
+ * wrapping the old query_best() function.
+ */
+function decide_policy_for_url(storage, policy_observable, url)
+{
+    if (storage === undefined)
+	return {allow: false};
+
+    const settings =
+	{allow: policy_observable !== undefined && policy_observable.value};
+
+    const [pattern, queried_settings] = query_best(storage, url);
+
+    if (queried_settings) {
+	settings.payload = queried_settings.components;
+	settings.allow = !!queried_settings.allow && !settings.payload;
+	settings.pattern = pattern;
+    }
+
+    return settings;
+}
 
 let storage;
 let policy_observable = {};
 
-function on_headers_received(details)
+function sanitize_web_page(details)
 {
     const url = details.url;
     if (is_privileged_url(details.url))
 	return;
 
-    const [pattern, settings] = query_best(storage, details.url);
-    const has_payload = !!(settings && settings.components);
-    const allow = !has_payload &&
-	  !!(settings ? settings.allow : policy_observable.value);
-    const nonce = gen_nonce();
-    const policy = {allow, url, nonce, has_payload};
+    const policy =
+	  decide_policy_for_url(storage, policy_observable, details.url);
 
     let headers = details.responseHeaders;
+
+    headers = inject_csp_headers(headers, policy);
+
     let skip = false;
     for (const header of headers) {
 	if ((header.name.toLowerCase().trim() === "content-disposition" &&
 	     /^\s*attachment\s*(;.*)$/i.test(header.value)))
 	    skip = true;
     }
-
-    headers = inject_csp_headers(headers, policy);
-
     skip = skip || (details.statusCode >= 300 && details.statusCode < 400);
+
     if (!skip) {
 	/* Check for API availability. */
 	if (browser.webRequest.filterResponseData)
@@ -88,11 +106,49 @@ function on_headers_received(details)
     return {responseHeaders: headers};
 }
 
-function on_before_send_headers(details)
+const request_url_regex = /^[^?]*\?url=(.*)$/;
+const redirect_url_template = browser.runtime.getURL("dummy") + "?settings=";
+
+function synchronously_smuggle_policy(details)
 {
-    let headers = details.requestHeaders;
-    headers = filter_cookie_headers(headers);
-    return {requestHeaders: headers};
+    /*
+     * Content script will make a synchronous XmlHttpRequest to extension's
+     * `dummy` file to query settings for given URL. We smuggle that
+     * information in query parameter of the URL we redirect to.
+     * A risk of fingerprinting arises if a page with script execution allowed
+     * guesses the dummy file URL and makes an AJAX call to it. It is currently
+     * a problem in ManifestV2 Chromium-family port of Haketilo because Chromium
+     * uses predictable URLs for web-accessible resources. We plan to fix it in
+     * the future ManifestV3 port.
+     */
+    if (details.type !== "xmlhttprequest")
+	return {cancel: true};
+
+    console.debug(`Settings queried using XHR for '${details.url}'.`);
+
+    let policy = {allow: false};
+
+    try {
+	/*
+	 * request_url should be of the following format:
+	 *     <url_for_extension's_dummy_file>?url=<valid_urlencoded_url>
+	 */
+	const match = request_url_regex.exec(details.url);
+	const queried_url = decodeURIComponent(match[1]);
+
+	if (details.initiator && !queried_url.startsWith(details.initiator)) {
+	    console.warn(`Blocked suspicious query of '${url}' by '${details.initiator}'. This might be the result of page fingerprinting the browser.`);
+	    return {cancel: true};
+	}
+
+	policy = decide_policy_for_url(storage, policy_observable, queried_url);
+    } catch (e) {
+	console.warn(`Bad request! Expected ${browser.runtime.getURL("dummy")}?url=<valid_urlencoded_url>. Got ${request_url}. This might be the result of page fingerprinting the browser.`);
+    }
+
+    const encoded_policy = encodeURIComponent(JSON.stringify(policy));
+
+    return {redirectUrl: redirect_url_template + encoded_policy};
 }
 
 const all_types = [
@@ -110,18 +166,40 @@ async function start_webRequest_operations()
 	extra_opts.push("extraHeaders");
 
     browser.webRequest.onHeadersReceived.addListener(
-	on_headers_received,
+	sanitize_web_page,
 	{urls: ["<all_urls>"], types: ["main_frame", "sub_frame"]},
 	extra_opts.concat("responseHeaders")
     );
 
-    browser.webRequest.onBeforeSendHeaders.addListener(
-	on_before_send_headers,
-	{urls: ["<all_urls>"], types: all_types},
-	extra_opts.concat("requestHeaders")
+    const dummy_url_pattern = browser.runtime.getURL("dummy") + "?url=*";
+    browser.webRequest.onBeforeRequest.addListener(
+	synchronously_smuggle_policy,
+	{urls: [dummy_url_pattern], types: ["xmlhttprequest"]},
+	extra_opts
     );
 
     policy_observable = await light_storage.observe_var("default_allow");
 }
 
 start_webRequest_operations();
+
+const code = `\
+console.warn("Hi, I'm Mr Dynamic!");
+
+console.debug("let's see how window.killtheweb looks like now");
+
+console.log("killtheweb", window.killtheweb);
+`
+
+async function test_dynamic_content_scripts()
+{
+    browser.contentScripts.register({
+	"js": [{code}],
+	"matches": ["<all_urls>"],
+	"allFrames": true,
+	"runAt": "document_start"
+});
+}
+
+if (is_mozilla)
+    test_dynamic_content_scripts();
diff --git a/background/page_actions_server.js b/background/page_actions_server.js
index 156a79f..74783c9 100644
--- a/background/page_actions_server.js
+++ b/background/page_actions_server.js
@@ -16,34 +16,12 @@
  * IMPORT browser
  * IMPORT listen_for_connection
  * IMPORT sha256
- * IMPORT query_best
  * IMPORT make_ajax_request
  * IMPORTS_END
  */
 
 var storage;
 var handler;
-let policy_observable;
-
-function send_actions(url, port)
-{
-    const [pattern, queried_settings] = query_best(storage, url);
-
-    const settings = {allow: policy_observable && policy_observable.value};
-    Object.assign(settings, queried_settings);
-    if (settings.components)
-	settings.allow = false;
-
-    const repos = storage.get_all(TYPE_PREFIX.REPO);
-
-    port.postMessage(["settings", [pattern, settings, repos]]);
-
-    const components = settings.components;
-    const processed_bags = new Set();
-
-    if (components !== undefined)
-	send_scripts([components], port, processed_bags);
-}
 
 // TODO: parallelize script fetching
 async function send_scripts(components, port, processed_bags)
@@ -116,9 +94,11 @@ async function fetch_remote_script(script_data)
 function handle_message(port, message, handler)
 {
     port.onMessage.removeListener(handler[0]);
-    let url = message.url;
-    console.log({url});
-    send_actions(url, port);
+    console.debug(`Loading payload '${message.payload}'.`);
+
+    const processed_bags = new Set();
+
+    send_scripts([message.payload], port, processed_bags);
 }
 
 function new_connection(port)
@@ -134,8 +114,6 @@ async function start_page_actions_server()
     storage = await get_storage();
 
     listen_for_connection(CONNECTION_TYPE.PAGE_ACTIONS, new_connection);
-
-    policy_observable = await light_storage.observe_var("default_allow");
 }
 
 /*
diff --git a/background/policy_injector.js b/background/policy_injector.js
index 881595b..b49ec47 100644
--- a/background/policy_injector.js
+++ b/background/policy_injector.js
@@ -10,77 +10,28 @@
 
 /*
  * IMPORTS_START
- * IMPORT sign_data
- * IMPORT extract_signed
  * IMPORT make_csp_rule
  * IMPORT csp_header_regex
+ * Re-enable the import below once nonce stuff here is ready
+ * !mport gen_nonce
  * IMPORTS_END
  */
 
 function inject_csp_headers(headers, policy)
 {
     let csp_headers;
-    let old_signature;
-    let haketilo_header;
 
-    for (const header of headers.filter(h => h.name === "x-haketilo")) {
-	/* x-haketilo header has format: <signature>_0_<data> */
-	const match = /^([^_]+)_(0_.*)$/.exec(header.value);
-	if (!match)
-	    continue;
+    if (policy.payload) {
+	headers = headers.filter(h => !csp_header_regex.test(h.name));
 
-	const result = extract_signed(...match.slice(1, 3));
-	if (result.fail)
-	    continue;
+	// TODO: make CSP rules with nonces and facilitate passing them to
+	// content scripts via dynamic content script registration or
+	// synchronous XHRs
 
-	/* This should succeed - it's our self-produced valid JSON. */
-	const old_data = JSON.parse(decodeURIComponent(result.data));
-
-	/* Confirmed- it's the originals, smuggled in! */
-	csp_headers = old_data.csp_headers;
-	old_signature = old_data.policy_sig;
-
-	haketilo_header = header;
-	break;
+	// policy.nonce = gen_nonce();
     }
 
-    if (policy.has_payload) {
-	csp_headers = [];
-	const non_csp_headers = [];
-	const header_list =
-	      h => csp_header_regex.test(h) ? csp_headers : non_csp_headers;
-	headers.forEach(h => header_list(h.name).push(h));
-	headers = non_csp_headers;
-    } else {
-	headers.push(...csp_headers || []);
-    }
-
-    if (!haketilo_header) {
-	haketilo_header = {name: "x-haketilo"};
-	headers.push(haketilo_header);
-    }
-
-    if (old_signature)
-	headers = headers.filter(h => h.value.search(old_signature) === -1);
-
-    const policy_str = encodeURIComponent(JSON.stringify(policy));
-    const signed_policy = sign_data(policy_str, new Date().getTime());
-    const later_30sec = new Date(new Date().getTime() + 30000).toGMTString();
-    headers.push({
-	name: "Set-Cookie",
-	value: `haketilo-${signed_policy.join("=")}; Expires=${later_30sec};`
-    });
-
-    /*
-     * Smuggle in the signature and the original CSP headers for future use.
-     * These are signed with a time of 0, as it's not clear there is a limit on
-     * how long Firefox might retain headers in the cache.
-     */
-    let haketilo_data = {csp_headers, policy_sig: signed_policy[0]};
-    haketilo_data = encodeURIComponent(JSON.stringify(haketilo_data));
-    haketilo_header.value = sign_data(haketilo_data, 0).join("_");
-
-    if (!policy.allow) {
+    if (!policy.allow && (policy.nonce || !policy.payload)) {
 	headers.push({
 	    name: "content-security-policy",
 	    value: make_csp_rule(policy)
diff --git a/background/stream_filter.js b/background/stream_filter.js
index e5e0827..e5d124c 100644
--- a/background/stream_filter.js
+++ b/background/stream_filter.js
@@ -174,8 +174,7 @@ function filter_data(properties, event)
 	 * as harmless anyway).
 	 */
 
-	const dummy_script =
-	      `<script data-haketilo-deleteme="${properties.policy.nonce}" nonce="${properties.policy.nonce}">null</script>`;
+	const dummy_script = `<script>null</script>`;
 	const doctype_decl = /^(\s*<!doctype[^<>"']*>)?/i.exec(decoded)[0];
 	decoded = doctype_decl + dummy_script +
 	    decoded.substring(doctype_decl.length);
@@ -189,11 +188,10 @@ function filter_data(properties, event)
 
 function apply_stream_filter(details, headers, policy)
 {
-    if (!policy.has_payload)
+    if (!policy.payload)
 	return headers;
 
     const properties = properties_from_headers(headers);
-    properties.policy = policy;
 
     properties.filter =
 	browser.webRequest.filterResponseData(details.requestId);
diff --git a/build.sh b/build.sh
index 936ab06..ed6a141 100755
--- a/build.sh
+++ b/build.sh
@@ -180,7 +180,6 @@ build_main() {
 	mkdir -p "$BUILDDIR"/$DIR
     done
 
-    CHROMIUM_KEY=''
     CHROMIUM_UPDATE_URL=''
     GECKO_APPLICATIONS=''
 
@@ -189,20 +188,7 @@ build_main() {
     fi
 
     if [ "$BROWSER" = "chromium" ]; then
-	CHROMIUM_KEY="$(dd if=/dev/urandom bs=32 count=1 2>/dev/null | base64)"
-	CHROMIUM_KEY=$(echo chromium-key-dummy-file-$CHROMIUM_KEY | tr / -)
-	touch "$BUILDDIR"/$CHROMIUM_KEY
-
 	CHROMIUM_UPDATE_URL="$UPDATE_URL"
-
-	CHROMIUM_KEY="\n\
-	// WARNING!!!\n\
-	// EACH USER SHOULD REPLACE DUMMY FILE's VALUE WITH A UNIQUE ONE!!!\n\
-	// OTHERWISE, SECURITY CAN BE TRIVIALLY COMPROMISED!\n\
-	// Only relevant to users of chrome-based browsers.\n\
-	// Users of Firefox forks are safe.\n\
-	\"$CHROMIUM_KEY\"\
-"
     else
 	GECKO_APPLICATIONS="\n\
     \"applications\": {\n\
@@ -215,7 +201,6 @@ build_main() {
 
     sed "\
 s^_GECKO_APPLICATIONS_^$GECKO_APPLICATIONS^
-s^_CHROMIUM_KEY_^$CHROMIUM_KEY^
 s^_CHROMIUM_UPDATE_URL_^$CHROMIUM_UPDATE_URL^
 s^_BGSCRIPTS_^$BGSCRIPTS^
 s^_CONTENTSCRIPTS_^$CONTENTSCRIPTS^" \
@@ -279,6 +264,7 @@ EOF
     fi
 
     cp -r copyright licenses/ "$BUILDDIR"
+    cp dummy "$BUILDDIR"
     cp html/*.css "$BUILDDIR"/html
     mkdir "$BUILDDIR"/icons
     cp icons/*.png "$BUILDDIR"/icons
diff --git a/common/misc.js b/common/misc.js
index 9ffb7ff..5b0addb 100644
--- a/common/misc.js
+++ b/common/misc.js
@@ -49,7 +49,7 @@ function gen_nonce(length=16)
 function make_csp_rule(policy)
 {
     let rule = "prefetch-src 'none'; script-src-attr 'none';";
-    const script_src = policy.has_payload ?
+    const script_src = policy.nonce !== undefined ?
 	  `'nonce-${policy.nonce}'` : "'none'";
     rule += ` script-src ${script_src}; script-src-elem ${script_src};`;
     return rule;
diff --git a/common/signing.js b/common/signing.js
deleted file mode 100644
index 11cd442..0000000
--- a/common/signing.js
+++ /dev/null
@@ -1,74 +0,0 @@
-/**
- * This file is part of Haketilo.
- *
- * Functions: Operations related to "signing" of data.
- *
- * Copyright (C) 2021 Wojtek Kosior
- * Redistribution terms are gathered in the `copyright' file.
- */
-
-/*
- * IMPORTS_START
- * IMPORT sha256
- * IMPORT browser
- * IMPORT is_mozilla
- * IMPORTS_END
- */
-
-/*
- * In order to make certain data synchronously accessible in certain contexts,
- * Haketilo smuggles it in string form in places like cookies, URLs and headers.
- * When using the smuggled data, we first need to make sure it isn't spoofed.
- * For that, we use this pseudo-signing mechanism.
- *
- * Despite what name suggests, no assymetric cryptography is involved, as it
- * would bring no additional benefits and would incur bigger performance
- * overhead. Instead, we hash the string data together with some secret value
- * that is supposed to be known only by this browser instance. Resulting hash
- * sum plays the role of the signature. In the hash we also include current
- * time. This way, even if signed data leaks (which shouldn't happen in the
- * first place), an attacker won't be able to re-use it indefinitely.
- *
- * The secret shared between execution contexts has to be available
- * synchronously. Under Mozilla, this is the extension's per-session id. Under
- * Chromium, this is a dummy web-accessible-resource name that resides in the
- * manifest and is supposed to be constructed by each user using a unique value
- * (this is done automatically by `build.sh').
- */
-
-function get_secret()
-{
-    if (is_mozilla)
-	return browser.runtime.getURL("dummy");
-
-    return chrome.runtime.getManifest().web_accessible_resources
-	.map(r => /^chromium-key-dummy-file-(.*)/.exec(r)).filter(r => r)[0][1];
-}
-
-function extract_signed(signature, signed_data)
-{
-    const match = /^([1-9][0-9]{12}|0)_(.*)$/.exec(signed_data);
-    if (!match)
-	return {fail: "bad format"};
-
-    const result = {time: parseInt(match[1]), data: match[2]};
-    if (sign_data(result.data, result.time)[0] !== signature)
-	result.fail = "bad signature";
-
-    return result;
-}
-
-/*
- * Sign a given string for a given time. Time should be either 0 or in the range
- * 10^12 <= time < 10^13.
- */
-function sign_data(data, time) {
-    return [sha256(get_secret() + time + data), `${time}_${data}`];
-}
-
-/*
- * EXPORTS_START
- * EXPORT extract_signed
- * EXPORT sign_data
- * EXPORTS_END
- */
diff --git a/content/activity_info_server.js b/content/activity_info_server.js
index d1dfe36..aa92b75 100644
--- a/content/activity_info_server.js
+++ b/content/activity_info_server.js
@@ -42,7 +42,9 @@ function report_script(script_data)
 
 function report_settings(settings)
 {
-    report_activity("settings", settings);
+    const settings_clone = {};
+    Object.assign(settings_clone, settings)
+    report_activity("settings", settings_clone);
 }
 
 function report_document_type(is_html)
diff --git a/content/main.js b/content/main.js
index cec9943..ce1ff7a 100644
--- a/content/main.js
+++ b/content/main.js
@@ -11,15 +11,15 @@
 /*
  * IMPORTS_START
  * IMPORT handle_page_actions
- * IMPORT extract_signed
- * IMPORT sign_data
  * IMPORT gen_nonce
  * IMPORT is_privileged_url
+ * IMPORT browser
  * IMPORT is_chrome
  * IMPORT is_mozilla
  * IMPORT start_activity_info_server
  * IMPORT make_csp_rule
  * IMPORT csp_header_regex
+ * IMPORT report_settings
  * IMPORTS_END
  */
 
@@ -29,69 +29,6 @@ const wait_loaded = e => e.content_loaded ? Promise.resolve() :
 
 wait_loaded(document).then(() => document.content_loaded = true);
 
-function extract_cookie_policy(cookie, min_time)
-{
-    let best_result = {time: -1};
-    let policy = null;
-    const extracted_signatures = [];
-
-    for (const match of cookie.matchAll(/haketilo-(\w*)=([^;]*)/g)) {
-	const new_result = extract_signed(...match.slice(1, 3));
-	if (new_result.fail)
-	    continue;
-
-	extracted_signatures.push(match[1]);
-
-	if (new_result.time < Math.max(min_time, best_result.time))
-	    continue;
-
-	/* This should succeed - it's our self-produced valid JSON. */
-	const new_policy = JSON.parse(decodeURIComponent(new_result.data));
-	if (new_policy.url !== document.URL)
-	    continue;
-
-	best_result = new_result;
-	policy = new_policy;
-    }
-
-    return [policy, extracted_signatures];
-}
-
-function extract_url_policy(url, min_time)
-{
-    const [base_url, payload, anchor] =
-	  /^([^#]*)#?([^#]*)(#?.*)$/.exec(url).splice(1, 4);
-
-    const match = /^haketilo_([^_]+)_(.*)$/.exec(payload);
-    if (!match)
-	return [null, url];
-
-    const result = extract_signed(...match.slice(1, 3));
-    if (result.fail)
-	return [null, url];
-
-    const original_url = base_url + anchor;
-    const policy = result.time < min_time ? null :
-	  JSON.parse(decodeURIComponent(result.data));
-
-    return [policy.url === original_url ? policy : null, original_url];
-}
-
-function employ_nonhttp_policy(policy)
-{
-    if (!policy.allow)
-	return;
-
-    policy.nonce = gen_nonce();
-    const [base_url, target] = /^([^#]*)(#?.*)$/.exec(policy.url).slice(1, 3);
-    const encoded_policy = encodeURIComponent(JSON.stringify(policy));
-    const payload = "haketilo_" +
-	  sign_data(encoded_policy, new Date().getTime()).join("_");
-    const resulting_url = `${base_url}#${payload}${target}`;
-    location.href = resulting_url;
-    location.reload();
-}
-
 /*
  * In the case of HTML documents:
  * 1. When injecting some payload we need to sanitize <meta> CSP tags before
@@ -306,7 +243,7 @@ http-equiv="Content-Security-Policy" content="${make_csp_rule(policy)}"\
     start_data_urls_sanitizing(doc);
 }
 
-async function disable_service_workers()
+async function _disable_service_workers()
 {
     if (!navigator.serviceWorker)
 	return;
@@ -315,7 +252,7 @@ async function disable_service_workers()
     if (registrations.length === 0)
 	return;
 
-    console.warn("Service Workers detected on this page! Unregistering and reloading");
+    console.warn("Service Workers detected on this page! Unregistering and reloading.");
 
     try {
 	await Promise.all(registrations.map(r => r.unregister()));
@@ -327,50 +264,57 @@ async function disable_service_workers()
     return new Promise(() => 0);
 }
 
-if (!is_privileged_url(document.URL)) {
-    let policy_received_callback = () => undefined;
-    let policy;
-
-    /* Signature valid for half an hour. */
-    const min_time = new Date().getTime() - 1800 * 1000;
-
-    if (/^https?:/.test(document.URL)) {
-	let signatures;
-	[policy, signatures] = extract_cookie_policy(document.cookie, min_time);
-	for (const signature of signatures)
-	    document.cookie = `haketilo-${signature}=; Max-Age=-1;`;
-    } else {
-	const scheme = /^([^:]*)/.exec(document.URL)[1];
-	const known_scheme = ["file", "ftp"].includes(scheme);
-
-	if (!known_scheme)
-	    console.warn(`Unknown url scheme: \`${scheme}'!`);
-
-	let original_url;
-	[policy, original_url] = extract_url_policy(document.URL, min_time);
-	history.replaceState(null, "", original_url);
-
-	if (known_scheme && !policy)
-	    policy_received_callback = employ_nonhttp_policy;
+/*
+ * Trying to use servce workers APIs might result in exceptions, for example
+ * when in a non-HTML document. Because of this, we wrap the function that does
+ * the actual work in a try {} block.
+ */
+async function disable_service_workers()
+{
+    try {
+	await _disable_service_workers()
+    } catch (e) {
+	console.debug("Exception thrown during an attempt to detect and disable service workers.", e);
     }
+}
 
-    if (!policy) {
-	console.debug("Using fallback policy!");
-	policy = {allow: false, nonce: gen_nonce()};
+function synchronously_get_policy(url)
+{
+    const encoded_url = encodeURIComponent(url);
+    const request_url = `${browser.runtime.getURL("dummy")}?url=${encoded_url}`;
+
+    try {
+	var xhttp = new XMLHttpRequest();
+	xhttp.open("GET", request_url, false);
+	xhttp.send();
+    } catch(e) {
+	console.error("Failure to synchronously fetch policy for url.", e);
+	return {allow: false};
     }
 
+    const policy = /^[^?]*\?settings=(.*)$/.exec(xhttp.responseURL)[1];
+    return JSON.parse(decodeURIComponent(policy));
+}
+
+if (!is_privileged_url(document.URL)) {
+    const policy = synchronously_get_policy(document.URL);
+
     if (!(document instanceof HTMLDocument))
-	policy.has_payload = false;
+	delete policy.payload;
 
     console.debug("current policy", policy);
 
+    report_settings(policy);
+
+    policy.nonce = gen_nonce();
+
     const doc_ready = Promise.all([
 	policy.allow ? Promise.resolve() : sanitize_document(document, policy),
 	policy.allow ? Promise.resolve() : disable_service_workers(),
 	wait_loaded(document)
     ]);
 
-    handle_page_actions(policy.nonce, policy_received_callback, doc_ready);
+    handle_page_actions(policy, doc_ready);
 
     start_activity_info_server();
 }
diff --git a/content/page_actions.js b/content/page_actions.js
index db7c352..845e452 100644
--- a/content/page_actions.js
+++ b/content/page_actions.js
@@ -12,19 +12,17 @@
  * IMPORT CONNECTION_TYPE
  * IMPORT browser
  * IMPORT report_script
- * IMPORT report_settings
  * IMPORT report_document_type
  * IMPORTS_END
  */
 
-let policy_received_callback;
+let policy;
 /* Snapshot url and content type early; these can be changed by other code. */
 let url;
 let is_html;
 let port;
 let loaded = false;
 let scripts_awaiting = [];
-let nonce;
 
 function handle_message(message)
 {
@@ -38,9 +36,8 @@ function handle_message(message)
 		scripts_awaiting.push(script_text);
 	}
     }
-    if (action === "settings") {
-	report_settings(data);
-	policy_received_callback({url, allow: data[1].allow});
+    else {
+	console.error(`Bad page action '${action}'.`);
     }
 }
 
@@ -61,27 +58,27 @@ function add_script(script_text)
 
     let script = document.createElement("script");
     script.textContent = script_text;
-    script.setAttribute("nonce", nonce);
+    script.setAttribute("nonce", policy.nonce);
     script.haketilo_payload = true;
     document.body.appendChild(script);
 
     report_script(script_text);
 }
 
-function handle_page_actions(script_nonce, policy_received_cb,
-			     doc_ready_promise) {
-    policy_received_callback = policy_received_cb;
+function handle_page_actions(_policy, doc_ready_promise) {
+    policy = _policy;
+
     url = document.URL;
     is_html = document instanceof HTMLDocument;
     report_document_type(is_html);
 
     doc_ready_promise.then(document_ready);
 
-    port = browser.runtime.connect({name : CONNECTION_TYPE.PAGE_ACTIONS});
-    port.onMessage.addListener(handle_message);
-    port.postMessage({url});
-
-    nonce = script_nonce;
+    if (policy.payload) {
+	port = browser.runtime.connect({name : CONNECTION_TYPE.PAGE_ACTIONS});
+	port.onMessage.addListener(handle_message);
+	port.postMessage({payload: policy.payload});
+    }
 }
 
 /*
diff --git a/dummy b/dummy
new file mode 100644
index 0000000..e69de29
diff --git a/html/display-panel.js b/html/display-panel.js
index c078850..4fe0173 100644
--- a/html/display-panel.js
+++ b/html/display-panel.js
@@ -229,14 +229,14 @@ function handle_activity_report(message)
     const [type, data] = message;
 
     if (type === "settings") {
-	let [pattern, settings] = data;
+	const settings = data;
 
 	blocked_span.textContent = settings.allow ? "no" : "yes";
 
-	if (pattern) {
+	if (settings.pattern) {
 	    pattern_span.textContent = pattern;
 	    const settings_opener =
-		  () => open_in_settings(TYPE_PREFIX.PAGE, pattern);
+		  () => open_in_settings(TYPE_PREFIX.PAGE, settings.pattern);
 	    view_pattern_but.classList.remove("hide");
 	    view_pattern_but.addEventListener("click", settings_opener);
 	} else {
@@ -244,11 +244,10 @@ function handle_activity_report(message)
 	    blocked_span.textContent = blocked_span.textContent + " (default)";
 	}
 
-	const components = settings.components;
-	if (components) {
-	    payload_span.textContent = nice_name(...components);
+	if (settings.payload) {
+	    payload_span.textContent = nice_name(...settings.payload);
 	    payload_buttons_div.classList.remove("hide");
-	    const settings_opener = () => open_in_settings(...components);
+	    const settings_opener = () => open_in_settings(...settings.payload);
 	    view_payload_but.addEventListener("click", settings_opener);
 	} else {
 	    payload_span.textContent = "none";
diff --git a/manifest.json b/manifest.json
index b18ea3e..7b4cb26 100644
--- a/manifest.json
+++ b/manifest.json
@@ -44,8 +44,7 @@
 	"page": "html/options.html",
 	"open_in_tab": true
     }_CHROMIUM_UPDATE_URL_,
-    "web_accessible_resources": [_CHROMIUM_KEY_
-    ],
+    "web_accessible_resources": ["dummy"],
     "background": {
 	"persistent": true,
 	"scripts": [_BGSCRIPTS_]
-- 
cgit v1.2.3