Project

General

Profile

Statistics
| Branch: | Tag: | Revision:

haketilo / content @ 50b8bee7

# Date Author Comment
50b8bee7 08/24/2022 12:21 PM koszko

remove unneeded import in policy_enforcing.js

e6fca496 08/24/2022 12:21 PM koszko

force tags

f2cf9f12 06/20/2022 03:26 PM koszko

prevent injected scripts from executing out of order

6cce0301 03/28/2022 05:46 PM koszko

add more tests for CORS bypassing feature

fba67f09 03/26/2022 10:17 PM koszko

allow injected scripts to bypass CORS using provided API

749f1c85 03/24/2022 08:43 PM koszko

prepare for exposing APIs to injected scripts

bbc9fae4 03/24/2022 08:43 PM koszko

serialize and deserialize entire Response object when relaying fetch() calls to other contexts using sendMessage

aacacbb8 03/10/2022 11:43 AM koszko

improvement to also properly sanitize intrinsics in XML documents under older browsers (IceCat 60)

96efcc33 03/05/2022 03:54 PM koszko

improve script blocking in non-HTML documents (XML)

70923829 03/04/2022 06:14 PM koszko

fix setting of 'blocked-blocked<...>-' attributes and add tests

33b6872c 03/04/2022 05:25 PM koszko

for () loop styling

b43acfe3 03/04/2022 05:25 PM koszko

fix setting of 'blocked-' attributes when blocking intrinsic event handlers

4970930c 03/04/2022 05:25 PM koszko

prepend all generated console messages with 'Haketilo:'

7fdb3e84 03/04/2022 04:37 PM koszko

fix comment typo

194f23f4 02/21/2022 09:51 AM koszko

inject scripts to pages utilizing blob: URLs

cf838016 02/14/2022 06:49 PM koszko

restore chromium support

830d22d8 02/02/2022 11:13 AM koszko

support Parabola's Iceweasel in tests

4c6a2323 01/29/2022 12:04 AM koszko

make Haketilo buildable again (for Mozilla)

How cool it is to throw away 5755 lines of code...

fbfddb02 01/27/2022 09:24 PM koszko

add actual payload injection functionality to new content script

9d825eaa 01/26/2022 10:13 PM koszko

add new root content script

046b8a7b 01/18/2022 07:28 PM koszko

facilitate caching repository responses in content scripts

31cc63c2 01/17/2022 02:15 PM koszko

test script blocking with and without the CSP-based approach on

7bedbcbd 01/17/2022 11:24 AM koszko

move policy enforcing code to a new file, include basic test

372d24ea 01/04/2022 09:15 AM koszko

fix license promise typo

702eefd2 12/31/2021 02:23 PM koszko

utilize Pattern Tree to decide the policy to use and modify HTTP response headers according to that policy

This commit also enhances the build script so that preprocessor conditionals can now use operators '&&' and '||'.
The features being developed are not yet included in the actual Haketilo build....

b590eaa2 12/22/2021 04:39 PM koszko

reworked build system; added missing license notices

44bb618a 12/03/2021 09:10 PM koszko

merge master (license notices) and koszko (v1.0 development)

96068ada 11/20/2021 06:29 PM koszko

replace cookies with synchronous XmlHttpRequest as policy smuggling method.

Note: this breaks Mozilla port of Haketilo. Synchronous XmlHttpRequest doesn't work as well there. This will be fixed with dynamically-registered content scripts later.

263d03d5 10/30/2021 02:00 AM jahoti

Fix license notices on JS and SH files

Other files have been left, as no model notice is available

2bd35bc4 09/13/2021 04:56 PM koszko

rename the extension to "Haketilo"

d658cadf 09/10/2021 05:46 PM koszko

disable service workers when scripts are blocked

ed9cc030 09/09/2021 06:51 PM koszko

restore compatibility with IceCat 60

44e89d8e 09/09/2021 06:50 PM koszko

simplify CSP handling

All page's CSP rules are now removed when a payload is to be injected. When there is no payload, CSP rules are not modified but only supplemented with Hachette's own.

e2d26bad 09/08/2021 07:55 PM koszko

Fix sanitizing of non-HTML XMLDocument's

704f2da0 09/06/2021 08:45 PM koszko

re-enable sanitizing of data: URLs and also sanitize intrinsics on non-HTML pages where CSP doesn't work

51d43685 09/04/2021 09:03 PM koszko

fix script blocking bug under Chromium

e48e20de 09/04/2021 12:32 PM koszko

merge changes before version 0.1

c12b9ee3 09/03/2021 07:40 PM koszko

disable payload injection on non-html pages

44958e6a 09/02/2021 09:33 PM koszko

implement rethinked tags sanitizing approach

This has not been tested yet. Additionally, functionality for blocking of `data:' urls needs to be re-enabled.

6247f163 09/02/2021 06:35 PM koszko

enable toggling of global script blocking policy\n\nThis commit also introduces `light_storage' module which is later going to replace the storage code we use right now.\nAlso included is a hack to properly display scrollbars under Mozilla (needs testing on newer Mozilla browsers).

48f76d70 08/27/2021 10:52 AM koszko

add support for `ftp://' protocol

53837634 08/27/2021 10:01 AM koszko

enable whitelisting of `file://' protocol\n\nThis commit additionally also changes the semantics of triple asterisk wildcard in URL path.

2875397f 08/26/2021 11:50 AM koszko

improve signing\n\nSignature timestamp is now handled in a saner way. Sha256 implementation is no longer pulled in contexts that don't require it.

6b53d6c8 08/23/2021 11:05 AM koszko

use StreamFilter under Mozilla to prevent csp tags from blocking our injected scripts

d09b7ee1 08/20/2021 12:57 PM koszko

sanitize `' tags containing CSP rules under Chromium

This commit adds a mechanism of hijacking document when it loads and injecting sanitized nodes to the DOM from the level of content script.

3d0efa15 08/18/2021 08:54 PM koszko

remove unneeded policy-related cosole messages; restore IceCat 60 compatibility

014f2a2f 08/18/2021 05:53 PM koszko

implement smuggling via cookies instead of URL

443bc095 08/14/2021 10:07 AM koszko

merge facility to install from Hydrilla

6fda8ea5 08/14/2021 02:00 AM jahoti

Revert changes to content/main.js to commit 25817b68c*

It turns out modifying the CSP headers in meta tags has no effect.

792fbe18 08/06/2021 05:17 PM koszko

Facilitate installation of scripts from the repository

This commit includes:

  • removal of page_info_server
  • running of storage client in popup context
  • extraction of some common CSS to a separate file
  • extraction of scripts import view to a separate file...
5b419aed 08/02/2021 02:00 AM jahoti

[UNTESTED- will test] Add filtering for http-equiv CSP headers

57e4ed2b 07/26/2021 11:09 AM jahoti

Remove unnecessary imports of url_item and add a CSP header-parsing function

The parsing function isn't used yet; however, it will eventually be as a less
destructive alternative to handling headers as indivisible units.

c483ae19 07/21/2021 10:00 PM koszko

add ability to query page content from repo and display it in the popup

081739e7 07/20/2021 12:03 PM koszko

Merge rebranding to "Hachette"

0c7c1ebd 07/20/2021 10:17 AM koszko

Merge commit 'ecb787046271de708b94da70240713e725299d86'

6b12a034 07/19/2021 02:00 AM jahoti

Refer to the extension consistently as "Hachette" and remove TODOS.org
from the copyright file

ecb78704 07/18/2021 02:00 AM jahoti

Streamline and harden unique values/settings

The base URL is now included in the settings. The unique value no longer uses
it directly, as it is included by virtue of the settings; however, the number
of full hours since the epoch (UTC) is now incorporated.

8b823e1a 07/17/2021 02:00 AM jahoti

Revamp signatures and break header caching on FF

Signatures, instead of consisting of the secure salt followed by the unique
value generated from the URL, are now the unique value generated from the
policy value (which will follow them) succeeded by the URL....

692577bb 07/16/2021 02:00 AM jahoti

Use URL-based policy smuggling

Increase the power of URL-based smuggling by making it (effectively)
compulsory in all cases and adapting a structure. While the details still need to be worked out, the
potential for future expansion is there.

1789f174 07/12/2021 02:22 PM koszko

merge jahoti into master

dcfc78b0 07/12/2021 02:00 AM jahoti

Stop using the nonce consistently for a URL

Nonces are now randomly generated, either in the page (for non-HTTP(S) pages)
or by a background module which stores them by tab and frame IDs. In order to
support the increased variance in nonce-generating methods and allow them to...

0e002513 07/11/2021 02:00 AM jahoti

Remove redundant nonce-based filtering in the script suppressor

b7e2870f 07/06/2021 06:25 PM koszko

show some settings of the current page in the popup

8708ddd3 07/02/2021 11:54 AM koszko

move parsing of url with targets to misc.js

cd5272ac 06/30/2021 02:13 PM koszko

refactor 3 miscellaneous fnctionalities to a their single own file

261548ff 06/30/2021 12:28 PM koszko

emply an sh-based build system; make some changes to blocking

83a8d263 06/28/2021 02:00 AM jahoti

Index two new files intended for the previous commit.

edbbe400 06/28/2021 02:00 AM jahoti

License script-blocking techniques from NoScript in machine-readable format.

In-page blocking now works on Firefox, and JavaScript/data- URLs are properly
blocked to ensure no JavaScript leaks in through backdoors. Blocking of HTML/XML
data: urls should be refined (eventually) to align with current practice for...

b93f26bf 06/25/2021 11:48 AM koszko

gather all copyright info in 'copyright' file

7ee7889a 06/18/2021 11:45 AM Wojtek Kosior

when possible inject CSP as http(s) header using webRequest instead of adding a tag

6bae771d 06/14/2021 05:13 PM Wojtek Kosior

change licenses

c4ed1b8d 05/13/2021 12:32 PM Wojtek Kosior

utilize CSP for blocking

55fb3e4b 05/12/2021 05:25 PM Wojtek Kosior

use unique hashes when smuggling whitelist setting

7f368d46 05/12/2021 04:00 PM Wojtek Kosior

stop using js modules

01937dc9 05/10/2021 06:18 PM Wojtek Kosior

initial commit