allow eval() in injected scripts
support schema v2 and dependencies on mappings
serialize and deserialize entire Response object when relaying fetch() calls to other contexts using sendMessage
make the order of rules in generated CSP deterministic
This is purely to help with automated testing.
treat "view-source:" pages as privileged
prepend all generated console messages with 'Haketilo:'
optimize Pattern Query Tree for size of its JSON.stringify()'ed representation
validate repository responses against JSON schemas
change copyright notice of js-sha256 code to be exactly the same as in upstream's LICENSE.txt
assume and use "$schema" properties in item definitions
fix loading initial data and verify it in automated tests
change store names and data keys to singular
restore chromium support
adapt to changes in file path format
From now on we assume Hydrilla serves file contents at 'file/sha256/' instead of 'file/sha256-'. With this commit we also stop using the "hash_key" property internally.
more improvements for abrowser&librewolf
add support for testing with other browsers (especially Abrowser and Librewolf)
There are still some spurious failures when running under those newer browsers. Those will be systematically investigated and fixed.
make Haketilo buildable again (for Mozilla)
How cool it is to throw away 5755 lines of code...
update error reporting in popup
facilitate querying IndexedDB for script files of resource and its dependencies
add new root content script
add a repo querying HTML interface
add a mapping/resources installation dialog
make blocking rules queryable in pattern tree just as mappings are
facilitate managing script blocking with a list of edtable entries
facilitate managing repository URLs in a list; minor other changes
improve item list styling; add payload creation form; exend dialog mechanism
work on UI components
This commit introduces some HTML and javascript (and tests for it) to use in constructing the new UI. This is partial work that is not yet finished.
fix license promise typo
add "blocking" and "repos" object stores
utilize Pattern Tree to decide the policy to use and modify HTTP response headers according to that policy
This commit also enhances the build script so that preprocessor conditionals can now use operators '&&' and '||'. The features being developed are not yet included in the actual Haketilo build....
facilitate egistering dynamic content scripts with mappings data
reworked build system; added missing license notices
facilitate tracking of IndexedDB item store contents
facilitate mocking imported values
facilitate broadcasting messages to different execution contexts within the webextension
add is_object_empty utility function
is_object_empty
improve IndexedDB use
facilitate initialization of IndexedDB for use by Haketilo
finish implementing more efficient querying of URL patterns
The algorithm is implemented and tested. However, it is yet to be hooked into the actual extension.
merge master (license notices) and koszko (v1.0 development)
master
koszko
start implementing more efficient querying of URL patterns
improve unit testing approach
Unit tests were moved to their own subdirectory. Fixtures common to many unit tests were moved to test/unit/conftest.py. A facility to execute scripts in page's global scope was added. A workaround was employed to present information about errors in injected scripts....
rewrite parts of build script in awk
replace cookies with synchronous XmlHttpRequest as policy smuggling method.
Note: this breaks Mozilla port of Haketilo. Synchronous XmlHttpRequest doesn't work as well there. This will be fixed with dynamically-registered content scripts later.
Fix license notices on JS and SH files
Other files have been left, as no model notice is available
rename the extension to "Haketilo"
limit allowed pattern lengths
simplify CSP handling
All page's CSP rules are now removed when a payload is to be injected. When there is no payload, CSP rules are not modified but only supplemented with Hachette's own.
Fix sanitizing of non-HTML XMLDocument's
generate Chromium unique key automatically in `build.sh'
merge changes before version 0.1
implement rethinked tags sanitizing approach
This has not been tested yet. Additionally, functionality for blocking of `data:' urls needs to be re-enabled.
enable toggling of global script blocking policy\n\nThis commit also introduces `light_storage' module which is later going to replace the storage code we use right now.\nAlso included is a hack to properly display scrollbars under Mozilla (needs testing on newer Mozilla browsers).
put simplest, asynchronous local storage operations in a separate file
add support for `ftp://' protocol
enable whitelisting of `file://' protocol\n\nThis commit additionally also changes the semantics of triple asterisk wildcard in URL path.
improve signing\n\nSignature timestamp is now handled in a saner way. Sha256 implementation is no longer pulled in contexts that don't require it.
sanitize `' tags containing CSP rules under Chromium
This commit adds a mechanism of hijacking document when it loads and injecting sanitized nodes to the DOM from the level of content script.
remove unneeded policy-related cosole messages; restore IceCat 60 compatibility
implement smuggling via cookies instead of URL
merge facility to install from Hydrilla
merge csp-PoC
Facilitate installation of scripts from the repository
This commit includes:
make settings_query.js use storage object passed as an argument
[UNTESTED- will test] Add filtering for http-equiv CSP headers
validate settings on import
provide a facility to sanitize externally-obtained JSON
Fix some bugs in the refined CSP handling
Remove unnecessary imports of url_item and add a CSP header-parsing function
The parsing function isn't used yet; however, it will eventually be as a less destructive alternative to handling headers as indivisible units.
extract observables implementation from storage.js
add ability to query page content from repo and display it in the popup
store repository URLs in settings
Merge rebranding to "Hachette"
fix page info server bugs
Merge commit 'ecb787046271de708b94da70240713e725299d86'
Refer to the extension consistently as "Hachette" and remove TODOS.org from the copyright file
Streamline and harden unique values/settings
The base URL is now included in the settings. The unique value no longer uses it directly, as it is included by virtue of the settings; however, the number of full hours since the epoch (UTC) is now incorporated.
Revamp signatures and break header caching on FF
Signatures, instead of consisting of the secure salt followed by the unique value generated from the URL, are now the unique value generated from the policy value (which will follow them) succeeded by the URL....
Use URL-based policy smuggling
Increase the power of URL-based smuggling by making it (effectively) compulsory in all cases and adapting a structure. While the details still need to be worked out, the potential for future expansion is there.
Stop using the nonce consistently for a URL
Nonces are now randomly generated, either in the page (for non-HTTP(S) pages) or by a background module which stores them by tab and frame IDs. In order to support the increased variance in nonce-generating methods and allow them to...
Integrate browser.js into exports_init.js, and streamline the result
show some settings of the current page in the popup
move parsing of url with targets to misc.js
refactor 3 miscellaneous fnctionalities to a their single own file
emply an sh-based build system; make some changes to blocking
gather all copyright info in 'copyright' file
change licenses
make extension work under IceCat 60
rename "bundles" to "bags"
use unique hashes when smuggling whitelist setting
stop using js modules
initial commit