make Haketilo buildable again (for Mozilla)
How cool it is to throw away 5755 lines of code...
facilitate querying IndexedDB for script files of resource and its dependencies
add new root content script
add a mapping/resources installation dialog
facilitate caching repository responses in content scripts
facilitate making CORS-agnostic requests through background script
make blocking rules queryable in pattern tree just as mappings are
fix license promise typo
improve and test the dafult policy dialog
This commit also fixes some bugs that manifested themselves spuriously.
utilize Pattern Tree to decide the policy to use and modify HTTP response headers according to that policy
This commit also enhances the build script so that preprocessor conditionals can now use operators '&&' and '||'. The features being developed are not yet included in the actual Haketilo build....
facilitate egistering dynamic content scripts with mappings data
reworked build system; added missing license notices
facilitate broadcasting messages to different execution contexts within the webextension
facilitate initialization of IndexedDB for use by Haketilo
merge master (license notices) and koszko (v1.0 development)
master
koszko
facilitate testing javascript functions
Haketilo's .js files can now be loaded together with their dependencies and executed on a page opened in a selenium-driven Firefox instance.
replace cookies with synchronous XmlHttpRequest as policy smuggling method.
Note: this breaks Mozilla port of Haketilo. Synchronous XmlHttpRequest doesn't work as well there. This will be fixed with dynamically-registered content scripts later.
Fix license notices on JS and SH files
Other files have been left, as no model notice is available
rename the extension to "Haketilo"
Make it impossible to check "Allow native scripts" for pages with payload.
simplify CSP handling
All page's CSP rules are now removed when a payload is to be injected. When there is no payload, CSP rules are not modified but only supplemented with Hachette's own.
merge changes before version 0.1
only apply stream filter modifications when reasonably necessary
enable toggling of global script blocking policy\n\nThis commit also introduces `light_storage' module which is later going to replace the storage code we use right now.\nAlso included is a hack to properly display scrollbars under Mozilla (needs testing on newer Mozilla browsers).
put simplest, asynchronous local storage operations in a separate file
filter HTTP request headers to remove Hachette cookies in case they slip through
improve signing\n\nSignature timestamp is now handled in a saner way. Sha256 implementation is no longer pulled in contexts that don't require it.
use StreamFilter under Mozilla to prevent csp tags from blocking our injected scripts
sanitize `' tags containing CSP rules under Chromium
This commit adds a mechanism of hijacking document when it loads and injecting sanitized nodes to the DOM from the level of content script.
remove unneeded policy-related cosole messages; restore IceCat 60 compatibility
implement smuggling via cookies instead of URL
merge facility to install from Hydrilla
Facilitate installation of scripts from the repository
This commit includes:
make settings_query.js use storage object passed as an argument
[UNTESTED- will test] Add filtering for http-equiv CSP headers
Rationalize CSP violation report blocking.
Report blocking now applies iff scripts are blocked.
code maintenance
Squash more CSP-filtering bugs
On Firefox, original CSP headers are now smuggled (signed) in an x-orig-csp header to prevent re-processing issues with caching. Additionally, a default header is added for non-whitelisted domains in case there are no existing...
Fix some bugs in the refined CSP handling
[UNTESTED- will test] Use more nuanced CSP filtering
CSP headers are now parsed and processed, rather than treated as simple units. This allows us to ensure policies delivered as HTTP headers do not interfere with our script filtering, as well as to preserve useful protections...
Remove unnecessary imports of url_item and add a CSP header-parsing function
The parsing function isn't used yet; however, it will eventually be as a less destructive alternative to handling headers as indivisible units.
extract observables implementation from storage.js
add ability to query page content from repo and display it in the popup
store repository URLs in settings
remove unused variables
Merge rebranding to "Hachette"
fix page info server bugs
Merge commit 'ecb787046271de708b94da70240713e725299d86'
Refer to the extension consistently as "Hachette" and remove TODOS.org from the copyright file
Streamline and harden unique values/settings
The base URL is now included in the settings. The unique value no longer uses it directly, as it is included by virtue of the settings; however, the number of full hours since the epoch (UTC) is now incorporated.
Revamp signatures and break header caching on FF
Signatures, instead of consisting of the secure salt followed by the unique value generated from the URL, are now the unique value generated from the policy value (which will follow them) succeeded by the URL....
Use URL-based policy smuggling
Increase the power of URL-based smuggling by making it (effectively) compulsory in all cases and adapting a structure. While the details still need to be worked out, the potential for future expansion is there.
merge jahoti into master
Stop using the nonce consistently for a URL
Nonces are now randomly generated, either in the page (for non-HTTP(S) pages) or by a background module which stores them by tab and frame IDs. In order to support the increased variance in nonce-generating methods and allow them to...
Merge popup display
show some settings of the current page in the popup
Revamp default settings
Default settings are now provided in the same format as data exported from the extension, incorporating them into the main program as part of the build process. Also, modify their contents; the apparently non-functional FSF stuff is gone, replaced with fixes for BandCamp, WorldCat, and SumOfUs.
fix whitelisting under Firefox
refactor 3 miscellaneous fnctionalities to a their single own file
emply an sh-based build system; make some changes to blocking
gather all copyright info in 'copyright' file
Fix storage initialization on Icecat 60
This patch fixes storage initialization on Gecko browsers by switching from using a background page to using a list of scripts. It remains a mystery why that should have any effect; the only hint is that browser.runtime.onInstalled...
remove unused source files
when possible inject CSP as http(s) header using webRequest instead of adding a tag
change licenses
support wildcard urls in settings
only allow a single injection payload for page, rely on script bags for complex payloads
rename "bundles" to "bags"
use unique hashes when smuggling whitelist setting
stop using js modules
remove remnants of LibreJS
initial commit