aboutsummaryrefslogtreecommitdiff
path: root/src/acsv-centrum24-pl-fix-authorize/LICENSES
diff options
context:
space:
mode:
authorJacob K <jacobk@disroot.org>2022-09-13 20:14:57 -0500
committerWojtek Kosior <koszko@koszko.org>2022-09-17 20:35:55 +0200
commitff377217d407f842ed0799efe35137a8e9863bca (patch)
tree1d500e5f67618b7bc93d8afcd4596e65f8dd49fa /src/acsv-centrum24-pl-fix-authorize/LICENSES
parentb78daaf2e025e6517d52a8454bab479181f0cd62 (diff)
downloadhydrilla-fixes-bundle-ff377217d407f842ed0799efe35137a8e9863bca.tar.gz
hydrilla-fixes-bundle-ff377217d407f842ed0799efe35137a8e9863bca.zip
[Box] Fix version number (oops!)
Diffstat (limited to 'src/acsv-centrum24-pl-fix-authorize/LICENSES')
0 files changed, 0 insertions, 0 deletions
generated by cgit
91495d6f6b901da3058b1227d326313d922e9'>put simplest, asynchronous local storage operations in a separate fileWojtek Kosior 2021-08-27add support for `ftp://' protocolWojtek Kosior 2021-08-27enable whitelisting of `file://' protocol\n\nThis commit additionally also ↵Wojtek Kosior changes the semantics of triple asterisk wildcard in URL path. 2021-08-26filter HTTP request headers to remove Hachette cookies in case they slip throughWojtek Kosior 2021-08-26improve signing\n\nSignature timestamp is now handled in a saner way. Sha256 ↵Wojtek Kosior implementation is no longer pulled in contexts that don't require it. 2021-08-23use StreamFilter under Mozilla to prevent csp <meta> tags from blocking our ↵Wojtek Kosior injected scripts 2021-08-20sanitize `<meta>' tags containing CSP rules under ChromiumWojtek Kosior This commit adds a mechanism of hijacking document when it loads and injecting sanitized nodes to the DOM from the level of content script. 2021-08-18remove unneeded policy-related cosole messages; restore IceCat 60 compatibilityWojtek Kosior 2021-08-18implement smuggling via cookies instead of URLWojtek Kosior 2021-08-18enhance our bundler to protect top-level `this' from accidental clobberingWojtek Kosior 2021-08-14merge facility to install from HydrillaWojtek Kosior 2021-08-14merge csp-PoCWojtek Kosior 2021-08-14Revert changes to content/main.js to commit 25817b68c*jahoti It turns out modifying the CSP headers in meta tags has no effect. 2021-08-10change default repository URLWojtek Kosior 2021-08-06Facilitate installation of scripts from the repositoryWojtek Kosior This commit includes: * removal of page_info_server * running of storage client in popup context * extraction of some common CSS to a separate file * extraction of scripts import view to a separate file * addition of a facility to conveniently clone complex structures from DOM (in DOM_helpers.js) * addition of hydrilla repo url to default settings * other minor changes and of course changes related to the actual installation of scripts from the repo 2021-08-05enable modularization of html filesWojtek Kosior 2021-08-04make settings_query.js use storage object passed as an argumentWojtek Kosior 2021-08-02[UNTESTED- will test] Add filtering for http-equiv CSP headersjahoti 2021-07-28Rationalize CSP violation report blocking.jahoti Report blocking now applies iff scripts are blocked. 2021-07-27validate settings on importWojtek Kosior 2021-07-26provide a facility to sanitize externally-obtained JSONWojtek Kosior 2021-07-26code maintenanceWojtek Kosior 2021-07-26Squash more CSP-filtering bugsjahoti On Firefox, original CSP headers are now smuggled (signed) in an x-orig-csp header to prevent re-processing issues with caching. Additionally, a default header is added for non-whitelisted domains in case there are no existing headers we can attach to. 2021-07-26Fix some bugs in the refined CSP handlingjahoti 2021-07-26[UNTESTED- will test] Use more nuanced CSP filteringjahoti CSP headers are now parsed and processed, rather than treated as simple units. This allows us to ensure policies delivered as HTTP headers do not interfere with our script filtering, as well as to preserve useful protections while removing the ones that could be problematic. Additionally, prefetching should now be blocked on pages where native scripts aren't allowed, and all reporting of CSP violations has been stripped (is this appropriate?). 2021-07-26Remove unnecessary imports of url_item and add a CSP header-parsing functionjahoti The parsing function isn't used yet; however, it will eventually be as a less destructive alternative to handling headers as indivisible units. 2021-07-23extract observables implementation from storage.jsWojtek Kosior 2021-07-21add ability to query page content from repo and display it in the popupWojtek Kosior 2021-07-21store repository URLs in settingsWojtek Kosior 2021-07-21remove unused variablesWojtek Kosior 2021-07-20Merge rebranding to "Hachette"Wojtek Kosior 2021-07-20fix options_main.js bugsWojtek Kosior 2021-07-20fix page info server bugsWojtek Kosior 2021-07-20Merge commit 'ecb787046271de708b94da70240713e725299d86'Wojtek Kosior 2021-07-19Change the iconjahoti 2021-07-19Refer to the extension consistently as "Hachette" and remove TODOS.orgjahoti from the copyright file 2021-07-18Streamline and harden unique values/settingsjahoti The base URL is now included in the settings. The unique value no longer uses it directly, as it is included by virtue of the settings; however, the number of full hours since the epoch (UTC) is now incorporated. 2021-07-17Revamp signatures and break header caching on FFjahoti Signatures, instead of consisting of the secure salt followed by the unique value generated from the URL, are now the unique value generated from the policy value (which will follow them) succeeded by the URL. CSP headers are now _always_ cleared on FF, regardless of whether the page is whitelisted or not. This means whitelisting takes effect on page reload, rather than only when caching occurs. However, it obviously presents security issues; refinment will occur in a future commit. 2021-07-16Use URL-based policy smugglingjahoti Increase the power of URL-based smuggling by making it (effectively) compulsory in all cases and adapting a <salt><unique value><JSON-encoded settings> structure. While the details still need to be worked out, the potential for future expansion is there. 2021-07-12merge jahoti into masterWojtek Kosior
generated by cgit