Activity
From 08/14/2021 to 09/12/2021
09/11/2021
09/10/2021
- 05:46 PM Revision d658cadf (haketilo): disable service workers when scripts are blocked
- 04:50 PM Revision 5c75d744 (haketilo): Make it impossible to check "Allow native scripts" for pages with payload.
- 04:18 PM Revision 72cbfa74 (haketilo): limit allowed pattern lengths
09/09/2021
- 06:51 PM Revision ed9cc030 (haketilo): restore compatibility with IceCat 60
- 06:50 PM Revision 44e89d8e (haketilo): simplify CSP handling
- All page's CSP rules are now removed when a payload is to be injected. When there is no payload, CSP rules are not mo...
09/08/2021
09/06/2021
- 08:45 PM Revision 704f2da0 (haketilo): re-enable sanitizing of data: URLs and also sanitize intrinsics on non-HTML pages where CSP doesn't work
- 04:45 PM Revision ed08ef1a (haketilo): generate Chromium unique key automatically in `build.sh'
- 02:00 AM Revision b1444d9c (haketilo): Incorporate test suite from jahoti branch
- 02:00 AM Revision 5dab077b (haketilo): Replace CSP filtering with blocking
- CSP headers are now blocked completely rather than modified.
Also, filtering is applied whenever a payload is injected.
09/04/2021
- 09:03 PM Revision 51d43685 (haketilo): fix script blocking bug under Chromium
- 06:41 PM Revision 83039701 (haketilo): update documentation link in the README
- 05:44 PM Revision d141aada (haketilo): show appropriate message when repository returns no custom content for given URL
- 12:32 PM Revision e48e20de (haketilo): merge changes before version 0.1
- 02:00 AM Revision 591c48a6 (haketilo): Make test suite mildly usable
- Allow test/server.py to be run as a command and add some "webpages" for it.
09/03/2021
- 07:49 PM Revision f0951bce (haketilo): limit width of url in popup heading
- 07:40 PM Revision c12b9ee3 (haketilo): disable payload injection on non-html pages
- 06:46 PM Revision 03d041ce (haketilo): only apply stream filter modifications when reasonably necessary
09/02/2021
- 09:33 PM Revision 44958e6a (haketilo): implement rethinked <meta> tags sanitizing approach
- This has not been tested yet. Additionally, functionality for blocking of `data:' urls needs to be re-enabled.
- 06:39 PM Revision d1d5d4fb (haketilo): also require "unlimitedStorage" permission to avoid surprise later
- 06:35 PM Revision 6247f163 (haketilo): enable toggling of global script blocking policy\n\nThis commit also introduces `light_storage' module which is later going to replace the storage code we use right now.\nAlso included is a hack to properly display scrollbars under Mozilla (needs testing on newer Mozilla browsers).
09/01/2021
- 02:14 PM Revision 4b59dced (haketilo): add styling to settings install(import) dialog
- 11:55 AM Revision d85dcc1e (haketilo): change description
- 11:45 AM Revision 453ba039 (haketilo): add styling for popup page\n\nThis does not include styling for contents of the import dialog
08/30/2021
08/27/2021
- 06:45 PM Revision a43c3fe2 (haketilo): reset CSS rules
- 06:01 PM Revision 826b4fd8 (haketilo): start using `<template>' tag
- 02:54 PM Revision 53891495 (haketilo): put simplest, asynchronous local storage operations in a separate file
- 10:52 AM Revision 48f76d70 (haketilo): add support for `ftp://' protocol
- 10:01 AM Revision 53837634 (haketilo): enable whitelisting of `file://' protocol\n\nThis commit additionally also changes the semantics of triple asterisk wildcard in URL path.
08/26/2021
- 03:53 PM Revision 3303d7d7 (haketilo): filter HTTP request headers to remove Hachette cookies in case they slip through
- 11:50 AM Revision 2875397f (haketilo): improve signing\n\nSignature timestamp is now handled in a saner way. Sha256 implementation is no longer pulled in contexts that don't require it.
08/23/2021
08/22/2021
- 02:00 AM Revision 6c69435c (haketilo): Support a custom certificates directory in test/server.py
- 02:00 AM Revision bb550c36 (haketilo): Incorporate patch for test/gorilla.py
- Patch by Wojtek provides a bundle-all option and only reads Hydrilla files.
08/20/2021
- 12:57 PM Revision d09b7ee1 (haketilo): sanitize `<meta>' tags containing CSP rules under Chromium
- This commit adds a mechanism of hijacking document when it loads and injecting sanitized nodes to the DOM from the le...
08/18/2021
- 08:54 PM Revision 3d0efa15 (haketilo): remove unneeded policy-related cosole messages; restore IceCat 60 compatibility
- 05:53 PM Revision 014f2a2f (haketilo): implement smuggling via cookies instead of URL
- 05:51 PM Revision 0bbda8fc (haketilo): enhance our bundler to protect top-level `this' from accidental clobbering
08/17/2021
- 02:00 AM Revision 9e280d45 (haketilo): Begin work on a Hydrilla-compatible virtual website for testing
- The file test/gorilla.py will help with testing respositories.
It also provides a CLI Hydrilla > Hachette fix converter. - 02:00 AM Revision e9b7f4d7 (haketilo): Enable the hijacking proxy in the test suite to serve responses
- 02:00 AM Revision 5b7c9edb (haketilo): Merge remote-tracking branch 'origin/master' into jahoti
08/14/2021
- 10:07 AM Revision 443bc095 (haketilo): merge facility to install from Hydrilla
- 09:54 AM Revision ae1844f9 (haketilo): merge csp-PoC
- 02:00 AM Revision 6fda8ea5 (haketilo): Revert changes to content/main.js to commit 25817b68c*
- It turns out modifying the CSP headers in meta tags has no effect.
Also available in: Atom