Activity

From 07/30/2021 to 08/28/2021

08/28/2021

08:56 AM Support #78: Investigate into how browsers handle files that are not HTML: > As for making sure we only filter relevant data, do any browsers try to guess mime types?
By guessing you mean a... koszko
03:00 AM Support #78: Investigate into how browsers handle files that are not HTML: For the second point at least, I know NoScript operates on XML (and will check uBlock Origin for similar behavior). W... jahoti
08:48 AM Feature #13: find some way not to require each chrome user to modify manifest.json: > Wouldn't that still require each user to build the extension themselves?
It would. It would just be less hacky t... koszko
02:54 AM Feature #13: find some way not to require each chrome user to modify manifest.json: > Using a synchronous AJAX call from the content script might allow us to use a bundled file as a secret
Wouldn't ... jahoti

08/27/2021

06:45 PM Revision a43c3fe2 (haketilo): reset CSS rules: koszko
06:01 PM Revision 826b4fd8 (haketilo): start using `<template>' tag: koszko
02:54 PM Revision 53891495 (haketilo): put simplest, asynchronous local storage operations in a separate file: koszko
10:58 AM Feature #79 (Closed): Improve the build script by using awk: Since writing `build.sh` I realized some things could be done a lot easier using awk koszko
10:56 AM Feature #23 (Resolved): also implement support for whitelisting of non-https urls: koszko
10:55 AM Feature #23: also implement support for whitelisting of non-https urls: `ftp://` is now also ready and pushed to this temporary branch. Changes will be merged together with completed Featur... koszko
10:12 AM Feature #23: also implement support for whitelisting of non-https urls: Support for the `file://` protocol is now on the `koszko-smuggle-policy` branch. I re-used the temporarily-unused app... koszko
10:52 AM Revision 48f76d70 (haketilo): add support for `ftp://' protocol: koszko
10:32 AM Support #78 (Rejected): Investigate into how browsers handle files that are not HTML: Our tampering with HTML pages, including rewriting parts of them using the StreamFilter API, might cause problems whe... koszko
10:26 AM Feature #77: Check LibreJS is compatible with this extension.: # History before copying
koszko wrote:
> I assume by compatibility you mean the ability to run side-by-side with ... koszko
10:26 AM Feature #77 (Closed): Check LibreJS is compatible with this extension.: Many swfreedom supporters prefer LibreJS' blocking mechanism. As there's good reason to expect compatability, it woul... koszko
10:07 AM Feature #13: find some way not to require each chrome user to modify manifest.json: Using a synchronous AJAX call from the content script might allow us to use a bundled file as a secret koszko
10:01 AM Revision 53837634 (haketilo): enable whitelisting of `file://' protocol\n\nThis commit additionally also changes the semantics of triple asterisk wildcard in URL path.: koszko

08/26/2021

03:55 PM Bug #65: When a site fails to load, for example due to its IP address not being found, the injected value with settings remains in the URL: > We could use webRequest to remove our cookies from request headers in case they happen to get there
Committed to... koszko
03:53 PM Revision 3303d7d7 (haketilo): filter HTTP request headers to remove Hachette cookies in case they slip through: koszko
11:50 AM Revision 2875397f (haketilo): improve signing\n\nSignature timestamp is now handled in a saner way. Sha256 implementation is no longer pulled in contexts that don't require it.: koszko
09:54 AM Feature #15: make sure page's own csp in <head> doesn't block our scripts: > I'll try and do this today.
If it turns out to work, you should be able to use StreamFilter code from 6b53d6c840... koszko

08/25/2021

12:07 AM Feature #15: make sure page's own csp in <head> doesn't block our scripts: > I instead implemented a hacky way that uses multiple invocations of DOMParser to find where page's <head> ends so t... jahoti
09:55 PM Feature #15: make sure page's own csp in <head> doesn't block our scripts: I instead implemented a hacky way that uses multiple invocations of DOMParser to find where page's `<head>` ends so t... koszko

08/23/2021

11:56 PM Feature #15: make sure page's own csp in <head> doesn't block our scripts: > I hate web browsers. It all grows waaaay more complex than I expected.
Which then wastes half one's energy remem... jahoti
06:18 PM Feature #15: make sure page's own csp in <head> doesn't block our scripts: > I'll investigate possible workarounds for Mozilla.
I did.
* We can make a HTML on-the-fly "parser" by creating ... koszko
11:14 AM Feature #15: make sure page's own csp in <head> doesn't block our scripts: The code that uses StreamFilter is now on my branch. The remaining issues are worth mentioning:
1. Under Chromium ... koszko
11:17 AM Bug #65: When a site fails to load, for example due to its IP address not being found, the injected value with settings remains in the URL: > > Now there is real danger cookie will not get deleted for some reason and will get sent to server. Anyway, I think... koszko
11:05 AM Revision 6b53d6c8 (haketilo): use StreamFilter under Mozilla to prevent csp <meta> tags from blocking our injected scripts: koszko

08/22/2021

02:00 AM Revision 6c69435c (haketilo): Support a custom certificates directory in test/server.py: jahoti
02:00 AM Revision bb550c36 (haketilo): Incorporate patch for test/gorilla.py: Patch by Wojtek provides a bundle-all option and only reads Hydrilla files. jahoti

08/21/2021

08:55 PM Feature #15: make sure page's own csp in <head> doesn't block our scripts: Had some issues again (document created with `DOMParser` can be written to under Chromium but not under IceCat 60). A... koszko

08/20/2021

01:04 PM Feature #15 (In Progress): make sure page's own csp in <head> doesn't block our scripts: > Maybe the *extension* should have been named Hydrilla- whenever one path gets cut off, two more grow in its place :... koszko
12:57 PM Revision d09b7ee1 (haketilo): sanitize `<meta>' tags containing CSP rules under Chromium: This commit adds a mechanism of hijacking document when it loads and injecting sanitized nodes to the DOM from the le... koszko
11:06 AM Bug #65: When a site fails to load, for example due to its IP address not being found, the injected value with settings remains in the URL: Thanks for pointing out. I'll fix it together with some bigger changes for issue 15 https://hachettebugs.koszko.org/i... koszko
07:20 AM Bug #65: When a site fails to load, for example due to its IP address not being found, the injected value with settings remains in the URL: > EDIT: Newest commit on my branch restores compatibility with IceCat 60. Testing on other browsers still welcome :)
... jahoti

08/16/2021

11:24 AM Feature #15: make sure page's own csp in <head> doesn't block our scripts: > I think it will take me a little while to understand exactly what magic you've pulled :).
All that's needed is t... koszko

08/15/2021

12:47 PM Feature #15: make sure page's own csp in <head> doesn't block our scripts: That is genuine genius- I think it will take me a little while to understand exactly what magic you've pulled :). jahoti
09:08 AM Bug #53: Interference with existing CSP headers: No- feel free to delete the csp-PoC branch. jahoti

08/14/2021

01:03 PM Feature #15: make sure page's own csp in <head> doesn't block our scripts: > A spurious `</script>` at the beginning of the document could cause serious issues with my method. There are, howev... koszko
09:42 AM Feature #15: make sure page's own csp in <head> doesn't block our scripts: > > So, in the end, this will not only allow us to modify the offending csp rules but also impose script-blocking and... koszko
03:10 AM Feature #15: make sure page's own csp in <head> doesn't block our scripts: > I started looking for a solution and found out a very good thing. In Chromium at `document_start` we could stop unw... jahoti
10:21 AM Feature #17 (Closed): enable the extension to automatically fetch script substitutes from the repo: Tested with Google Drive fixes. Closing. Documentation will be added at some point. koszko
10:10 AM Bug #53 (Closed): Interference with existing CSP headers: Merged to master. You no longer need the `csp-PoC` branch, do you? koszko
02:25 AM Bug #53: Interference with existing CSP headers: > From what I tested today and yesterday[1], the experimental code in csp-PoC that's responsible for removing the CSP... jahoti
10:07 AM Revision 443bc095 (haketilo): merge facility to install from Hydrilla: koszko
09:54 AM Revision ae1844f9 (haketilo): merge csp-PoC: koszko
02:00 AM Revision 6fda8ea5 (haketilo): Revert changes to content/main.js to commit 25817b68c*: It turns out modifying the CSP headers in meta tags has no effect. jahoti

08/13/2021

06:03 PM Feature #29 (Closed): validate settings data on import: I did it as part of https://hachettebugs.koszko.org/issues/17
For now, it's on `koszko` branch koszko
05:23 PM Bug #53: Interference with existing CSP headers: From what I tested today and yesterday[1], the experimental code in csp-PoC that's responsible for removing the CSP `... koszko
05:13 PM Feature #15: make sure page's own csp in <head> doesn't block our scripts: I see you tried to remove the offending `<meta>` csp tags in the csp-PoC branch. Unfortunately, to the extent I teste... koszko
12:51 PM Feature #34: improve CSP injection blocking: Update: we might be able to just inject `<meta>` at the very beginning of the document. Browsers seem to be able to d... koszko

08/10/2021

08:18 PM Revision 2fbab2f0 (haketilo): change default repository URL: koszko

08/06/2021

05:20 PM Feature #17: enable the extension to automatically fetch script substitutes from the repo: I ended up doing quite a lot of changes as prerequisites of this. The seemingly working product is now on my branch.
... koszko
05:17 PM Revision 792fbe18 (haketilo): Facilitate installation of scripts from the repository: This commit includes:
* removal of page_info_server
* running of storage client in popup context
* extraction of some... koszko
02:42 AM Feature #66: Write tests: > Please for now only focus on things that are not going to change quickly.
I'll make sure to once it gets to tha... jahoti
02:00 AM Revision 7796e554 (haketilo): Add the beginnings of a test suite: jahoti

08/05/2021

08:44 PM Revision 90896bcf (haketilo): enable modularization of html files: koszko
12:30 PM Feature #66: Write tests: jahoti wrote:
> This is now off to a (very slow) start.
>
> It's currently in a separate folder to Hachette; shou... koszko
11:47 AM Feature #66: Write tests: This is now off to a (very slow) start.
It's currently in a separate folder to Hachette; should that continue, or ... jahoti
12:15 PM Feature #71: [Roadmap 5][Milestone] Make it possible for injected scripts to bypass CORS: > > Also, perhaps we'd be able to spoof a `Referer: https://example.com/` header by opening `https://example.com/` in... koszko
11:32 AM Feature #71: [Roadmap 5][Milestone] Make it possible for injected scripts to bypass CORS: > Does WebRequest not allow rewriting of [the referer] header?
WebRequest probably does actually; thanks for point... jahoti

08/04/2021

10:01 PM Revision 5957fbee (haketilo): make settings_query.js use storage object passed as an argument: koszko
10:19 AM Feature #71: [Roadmap 5][Milestone] Make it possible for injected scripts to bypass CORS: > > BTW, we could also facilitate spoofing of the referer header for similar purposes
>
> Are extensions allowed t... koszko

08/03/2021

11:48 PM Feature #71: [Roadmap 5][Milestone] Make it possible for injected scripts to bypass CORS: > BTW, we could also facilitate spoofing of the referer header for similar purposes
Are extensions allowed to spoo... jahoti
11:29 PM Feature #69: [Roadmap 7][Milestone] Facilitate bundling HTML/XML/JSON and other data with a fix: We definitely need to support this; the question is, as you point out, how. Using the `script` tag is probably an abu... jahoti

08/02/2021

01:19 AM Feature #13: find some way not to require each chrome user to modify manifest.json: Please note that under Manifest V3 in Chrome we'll be able to dynamically register content scripts which might solve ... koszko
12:50 AM Feature #71: [Roadmap 5][Milestone] Make it possible for injected scripts to bypass CORS: BTW, we could also facilitate spoofing of the referer header for similar purposes
EDIT: GreaseMonkey actually has ... koszko
11:49 PM Feature #71: [Roadmap 5][Milestone] Make it possible for injected scripts to bypass CORS: While they're not the **only** use (as outlined in the description), meta-sites will almost certainly be the main app... jahoti
04:09 PM Feature #71 (Closed): [Roadmap 5][Milestone] Make it possible for injected scripts to bypass CORS: Cross-Origin Resource Sharing (CORS) is a mechanism through which browsers can decide whether a page should or should... koszko
11:51 PM Feature #69: [Roadmap 7][Milestone] Facilitate bundling HTML/XML/JSON and other data with a fix: I've seen this, and will reply later. jahoti
02:44 PM Feature #69 (New): [Roadmap 7][Milestone] Facilitate bundling HTML/XML/JSON and other data with a fix: Consider fixes like that for Google Sheets[^gsheets_script]. They heavily use `document.createElement()` to construct... koszko
11:47 PM Feature #73 (New): [Roadmap 6] Implement a permissions system: This seems to be a common component of several security- and feature-related powers now. It probably deserves a stand... jahoti
11:38 PM Support #68: Prepare some screenshot documenting sites fixed using Hachette: > Correct assumption [that I'm working on Odyssey]. I should've stated that explicitly
That's OK- it would have be... jahoti
01:18 PM Support #68 (Closed): Prepare some screenshot documenting sites fixed using Hachette: > I've left work on the Odyssey fix to you, on the assumption that you were working on it
Correct assumption. I sh... koszko
11:14 AM Support #68: Prepare some screenshot documenting sites fixed using Hachette: I've left work on the Odyssey fix to you, on the assumption that you were working on it- sorry if I was misunderstand... jahoti
05:00 PM Feature #36 (Closed): prepare application for NLnet fund: koszko
04:24 PM Feature #72 (New): [Roadmap 18][Milestone] Facilitate creation of "meta-sites": Besides making fixes for sites like Odysee, YouTube, Vimeo, etc., we could also go further and create standalone ephe... koszko
02:46 PM Feature #70 (New): [Roadmap 7][Milestone] Add facility to replace sites' original HTML with custom one: So far we were focusing on writing custom javascript for files. However, we often end up implementing our own site in... koszko
02:00 AM Revision 5b419aed (haketilo): [UNTESTED- will test] Add filtering for http-equiv CSP headers: jahoti

08/01/2021

12:26 AM Support #68: Prepare some screenshot documenting sites fixed using Hachette: > They must be using a distinct API to load the videos.
Anyway, we only need video name and the first hex digit of... koszko
02:18 AM Support #68: Prepare some screenshot documenting sites fixed using Hachette: > In case you want to devote some time to improve this fix, here[1] is one video page that doesn't work. I assume it ... jahoti

07/31/2021

11:24 PM Support #68: Prepare some screenshot documenting sites fixed using Hachette: > You did it- it works!
In case you want to devote some time to improve this fix, here[1] is one video page that d... koszko
11:19 PM Support #68: Prepare some screenshot documenting sites fixed using Hachette: Oh, and- while it's definitely not relevant for the preview- I'm working on `pcspecialist.co.uk`.
(the reverted La... jahoti
11:15 PM Support #68: Prepare some screenshot documenting sites fixed using Hachette: You did it- it works! Technically the video never actually played on TBB, given how painfully slow the network is, ye... jahoti
11:07 PM Support #68: Prepare some screenshot documenting sites fixed using Hachette: > I'll do this right now.
No need to hurry - I already have a screenshot sufficient for the preview.
I would be... koszko
10:52 PM Support #68: Prepare some screenshot documenting sites fixed using Hachette: > No, it's not what I meant :D
> I was referring to "would that need a settings screenshot too". I meant an addition... jahoti
01:16 PM Support #68: Prepare some screenshot documenting sites fixed using Hachette: > > I don't think this is needed.
>
> OK- I've stripped that out entirely and just left the `ask ubuntu` (is that ... koszko
12:31 PM Support #68: Prepare some screenshot documenting sites fixed using Hachette: > I don't think this is needed.
OK- I've stripped that out entirely and just left the `ask ubuntu` (is that what y... jahoti
12:22 PM Support #68: Prepare some screenshot documenting sites fixed using Hachette: > Making `losedows phone exchange` the main `stackexchange` example, and then using `ask ubuntu` to show how Hachette... koszko
02:32 AM Support #68: Prepare some screenshot documenting sites fixed using Hachette: While applying the modifications, I also made some changes to try and differentiate the examples:
* Removing the `ba... jahoti
02:24 AM Support #68: Prepare some screenshot documenting sites fixed using Hachette: > > One would expect that Google's CSP rule from http-equiv tag would be blocking our injected script - but it doesn'... koszko
11:36 AM Feature #14: test with more browser forks (Abrowser, newest Parabola IceWeasel, LibreWolf): Other major ones left are Abrowser, Pure Browser (even though Pure OS by itself is misbehaving), maybe also Brave and... koszko
03:14 AM Feature #37 (Closed): prepare some website fixes usable with this extension: <https://git.koszko.org/hachette_fixes_tmp>
IMO, there's enough fixes available now to consider this complete. jahoti
03:11 AM Feature #64 (Closed): Plan the update system: jahoti

07/30/2021

11:31 PM Support #68: Prepare some screenshot documenting sites fixed using Hachette: > One would expect that Google's CSP rule from http-equiv tag would be blocking our injected script - but it doesn't.... jahoti
10:56 PM Support #68: Prepare some screenshot documenting sites fixed using Hachette: > There are only really two small changes I can suggest, which I can make if you want
Go on with all you suggested... koszko
10:49 PM Support #68: Prepare some screenshot documenting sites fixed using Hachette: > What do you think of the pdf in its current form?
It genuinely looks *amazing*, and the summaries are really eff... jahoti
06:23 PM Support #68: Prepare some screenshot documenting sites fixed using Hachette: What do you think of the pdf in its current form?
https://koszko.org/preview.pdf
EDIT: Also, I put all the fi... koszko
06:23 PM Support #68 (In Progress): Prepare some screenshot documenting sites fixed using Hachette: koszko
12:00 PM Support #68: Prepare some screenshot documenting sites fixed using Hachette: > File attachment here seems to be timing out for me
Probably not really the matter of time. Apache log:
```
[Fr... koszko
10:12 AM Support #68: Prepare some screenshot documenting sites fixed using Hachette: Those are looking good- nevertheless, I'll probably leave styling to you, seeing as I am terrible at it! File attachm... jahoti

Also available in: Atom

Project

General

Profile

Haketilo

Activity

Activity

08/28/2021

08/27/2021

08/26/2021

08/25/2021

08/23/2021

08/22/2021

08/21/2021

08/20/2021

08/19/2021

08/18/2021

08/17/2021

08/16/2021

08/15/2021

08/14/2021

08/13/2021

08/10/2021

08/06/2021

08/05/2021

08/04/2021

08/03/2021

08/02/2021

08/01/2021

07/31/2021

07/30/2021