Project

General

Profile

Activity

From 08/11/2021 to 09/09/2021

09/09/2021

06:51 PM Revision ed9cc030 (haketilo): restore compatibility with IceCat 60
koszko
06:50 PM Revision 44e89d8e (haketilo): simplify CSP handling
All page's CSP rules are now removed when a payload is to be injected. When there is no payload, CSP rules are not mo... koszko

09/08/2021

07:55 PM Revision e2d26bad (haketilo): Fix sanitizing of non-HTML XMLDocument's
koszko

09/06/2021

08:45 PM Revision 704f2da0 (haketilo): re-enable sanitizing of data: URLs and also sanitize intrinsics on non-HTML pages where CSP doesn't work
koszko
04:45 PM Revision ed08ef1a (haketilo): generate Chromium unique key automatically in `build.sh'
koszko
02:00 AM Revision b1444d9c (haketilo): Incorporate test suite from jahoti branch
jahoti
02:00 AM Revision 5dab077b (haketilo): Replace CSP filtering with blocking
CSP headers are now blocked completely rather than modified.
Also, filtering is applied whenever a payload is injected.
jahoti

09/04/2021

09:03 PM Revision 51d43685 (haketilo): fix script blocking bug under Chromium
koszko
06:41 PM Revision 83039701 (haketilo): update documentation link in the README
koszko
05:44 PM Revision d141aada (haketilo): show appropriate message when repository returns no custom content for given URL
koszko
12:32 PM Revision e48e20de (haketilo): merge changes before version 0.1
koszko
02:00 AM Revision 591c48a6 (haketilo): Make test suite mildly usable
Allow test/server.py to be run as a command and add some "webpages" for it. jahoti

09/03/2021

07:49 PM Revision f0951bce (haketilo): limit width of url in popup heading
koszko
07:40 PM Revision c12b9ee3 (haketilo): disable payload injection on non-html pages
koszko
06:46 PM Revision 03d041ce (haketilo): only apply stream filter modifications when reasonably necessary
koszko

09/02/2021

09:33 PM Revision 44958e6a (haketilo): implement rethinked <meta> tags sanitizing approach
This has not been tested yet. Additionally, functionality for blocking of `data:' urls needs to be re-enabled. koszko
06:39 PM Revision d1d5d4fb (haketilo): also require "unlimitedStorage" permission to avoid surprise later
koszko
06:35 PM Revision 6247f163 (haketilo): enable toggling of global script blocking policy\n\nThis commit also introduces `light_storage' module which is later going to replace the storage code we use right now.\nAlso included is a hack to properly display scrollbars under Mozilla (needs testing on newer Mozilla browsers).
koszko

09/01/2021

02:14 PM Revision 4b59dced (haketilo): add styling to settings install(import) dialog
koszko
11:55 AM Revision d85dcc1e (haketilo): change description
koszko
11:45 AM Revision 453ba039 (haketilo): add styling for popup page\n\nThis does not include styling for contents of the import dialog
koszko

08/30/2021

11:54 AM Revision 544c6df3 (haketilo): add styling for options page\n\nThis does not include styling for contents of the import popup
koszko

08/27/2021

06:45 PM Revision a43c3fe2 (haketilo): reset CSS rules
koszko
06:01 PM Revision 826b4fd8 (haketilo): start using `<template>' tag
koszko
02:54 PM Revision 53891495 (haketilo): put simplest, asynchronous local storage operations in a separate file
koszko
10:52 AM Revision 48f76d70 (haketilo): add support for `ftp://' protocol
koszko
10:01 AM Revision 53837634 (haketilo): enable whitelisting of `file://' protocol\n\nThis commit additionally also changes the semantics of triple asterisk wildcard in URL path.
koszko

08/26/2021

03:53 PM Revision 3303d7d7 (haketilo): filter HTTP request headers to remove Hachette cookies in case they slip through
koszko
11:50 AM Revision 2875397f (haketilo): improve signing\n\nSignature timestamp is now handled in a saner way. Sha256 implementation is no longer pulled in contexts that don't require it.
koszko

08/23/2021

11:05 AM Revision 6b53d6c8 (haketilo): use StreamFilter under Mozilla to prevent csp <meta> tags from blocking our injected scripts
koszko

08/22/2021

02:00 AM Revision 6c69435c (haketilo): Support a custom certificates directory in test/server.py
jahoti
02:00 AM Revision bb550c36 (haketilo): Incorporate patch for test/gorilla.py
Patch by Wojtek provides a bundle-all option and only reads Hydrilla files. jahoti

08/20/2021

12:57 PM Revision d09b7ee1 (haketilo): sanitize `<meta>' tags containing CSP rules under Chromium
This commit adds a mechanism of hijacking document when it loads and injecting sanitized nodes to the DOM from the le... koszko

08/18/2021

08:54 PM Revision 3d0efa15 (haketilo): remove unneeded policy-related cosole messages; restore IceCat 60 compatibility
koszko
05:53 PM Revision 014f2a2f (haketilo): implement smuggling via cookies instead of URL
koszko
05:51 PM Revision 0bbda8fc (haketilo): enhance our bundler to protect top-level `this' from accidental clobbering
koszko

08/17/2021

02:00 AM Revision 9e280d45 (haketilo): Begin work on a Hydrilla-compatible virtual website for testing
The file test/gorilla.py will help with testing respositories.
It also provides a CLI Hydrilla > Hachette fix converter.
jahoti
02:00 AM Revision e9b7f4d7 (haketilo): Enable the hijacking proxy in the test suite to serve responses
jahoti
02:00 AM Revision 5b7c9edb (haketilo): Merge remote-tracking branch 'origin/master' into jahoti
jahoti

08/14/2021

10:07 AM Revision 443bc095 (haketilo): merge facility to install from Hydrilla
koszko
09:54 AM Revision ae1844f9 (haketilo): merge csp-PoC
koszko
02:00 AM Revision 6fda8ea5 (haketilo): Revert changes to content/main.js to commit 25817b68c*
It turns out modifying the CSP headers in meta tags has no effect. jahoti
 

Also available in: Atom