hackademix 2019-05-22 18:26:05 +02:00
parent c84673b110
commit 0eb42450d4
22 changed files with 9 additions and 238 deletions

View File

@ -359,18 +359,6 @@
"message": "Treuzfurmiñ ar rekedoù POST dreuz-lec'hiennoù e-barzh rekedoù GET diroadenn",
"description": ""
},
"OptScanXUpload": {
"message": "Skanañ an uskargadennoù evit diguzhañ tagadennoù etre lec'hienn a c'hall bezañ",
"description": ""
},
"OptBlockUnscannedXPost": {
"message": "Goulenn kadarnaat ar goulennoù POST etre-lec'hienn n'o deus ket gallet bezañ skanet",
"description": ""
},
"UnscannedXPost": {
"message": "Ar goulenn etre-lec'hienn-mañ n'hall ket bezañ skanet evit an XSS.\nGellout a ra bezañ un hanter-dra, met NoScript n'hall ket touiñ en un doare sur. Aotreit an dra-se m'ho peus fiziañs e-barzh an div lec'hienn, hepken.",
"description": ""
},
"OptOverrideTorBrowserPolicy": {
"message": "Erlec'hiañ rak-arventennoù live surentez ar Merdeer Tor",
"description": ""
@ -911,4 +899,4 @@
"message": "v $1",
"description": ""
}
}
}

View File

@ -359,18 +359,6 @@
"message": "Converteix sol·licituds «POST» entre llocs en sol·licituds «GET» sense dades",
"description": ""
},
"OptScanXUpload": {
"message": "Escaneja les pujades per a possibles atacs entre llocs",
"description": ""
},
"OptBlockUnscannedXPost": {
"message": "Solicita confirmació de sol·licituds POST entre llocs que no s'han pogut analitzar.",
"description": ""
},
"UnscannedXPost": {
"message": "No s'ha pogut escanejar aquesta sol·licitud entre llocs per a XSS.\nPot ser que sigui innocu, però el NoScript no pot dir-ho amb seguretat. Permeteu-ho només si confieu en els dos llocs.",
"description": ""
},
"OptOverrideTorBrowserPolicy": {
"message": "Anul·la el nivell de seguretat del navegador Tor",
"description": ""

View File

@ -359,18 +359,6 @@
"message": "Webseitenübergreifende POST-Anfragen in datenlose GET-Anfragen umwandeln",
"description": ""
},
"OptScanXUpload": {
"message": "Uploads auf potenzielle webseitenübergreifende Angriffe überprüfen",
"description": ""
},
"OptBlockUnscannedXPost": {
"message": "Rückfrage bei webseitenübergreifenden POST-Anfragen, die nicht überprüft werden konnten",
"description": ""
},
"UnscannedXPost": {
"message": "Diese webseitenübergreifende Anfrage konnte nicht auf XSS überprüft werden.\nSie könnte harmlos sein, aber NoScript kann das nicht sicher feststellen. Nur zulassen, wenn Sie beiden Webseiten vertrauen.",
"description": ""
},
"OptOverrideTorBrowserPolicy": {
"message": "Die Sicherheitsstufe des Tor Browsers übersteuern",
"description": ""

View File

@ -359,18 +359,6 @@
"message": "Turn cross-site POST requests into data-less GET requests",
"description": ""
},
"OptScanXUpload": {
"message": "Scan uploads for potential cross-site attacks",
"description": ""
},
"OptBlockUnscannedXPost": {
"message": "Ask confirmation for cross-site POST requests which could not be scanned",
"description": ""
},
"UnscannedXPost": {
"message": "This cross-site request could not be scanned for XSS.\nIt might be innocuous, but NoScript cannot tell for sure. Allow only if you trust both sites.",
"description": ""
},
"OptOverrideTorBrowserPolicy": {
"message": "Override Tor Browser's Security Level preset",
"description": ""

View File

@ -270,15 +270,6 @@
"OptFilterXPost": {
"message": "Turn cross-site POST requests into data-less GET requests"
},
"OptScanXUpload": {
"message": "Scan uploads for potential cross-site attacks"
},
"OptBlockUnscannedXPost": {
"message": "Ask confirmation for cross-site POST requests which could not be scanned"
},
"UnscannedXPost": {
"message": "This cross-site request could not be scanned for XSS.\nIt might be innocuous, but NoScript cannot tell for sure. Allow only if you trust both sites."
},
"OptOverrideTorBrowserPolicy": {
"message": "Override Tor Browser's Security Level preset"
},

View File

@ -359,18 +359,6 @@
"message": "Convertir peticiones POST de sitios entrecruzados en peticiones GET sin datos",
"description": ""
},
"OptScanXUpload": {
"message": "Escanear subidas por potenciales ataques de sitios cruzados",
"description": ""
},
"OptBlockUnscannedXPost": {
"message": "Preguntar por confirmación de solicitudes POST de sitio cruzado que no pudieron ser escaneadas.",
"description": ""
},
"UnscannedXPost": {
"message": "Esta solicitud de sitio cruzado no pudo ser escaneada por XSS.\nPodría ser inocua, pero NoScript no puede afirmarlo. Permítela solamente si confías en ambos sitios.",
"description": ""
},
"OptOverrideTorBrowserPolicy": {
"message": "Sobreponer al Nivel de Seguridad predeterminado del Navegador Tor",
"description": ""

View File

@ -359,18 +359,6 @@
"message": "Transformer les requêtes POST intersites en requêtes GET sans données",
"description": ""
},
"OptScanXUpload": {
"message": "Chercher des attaques potentielles par script intersites dans les téléversements",
"description": ""
},
"OptBlockUnscannedXPost": {
"message": "Demander une confirmation pour les requêtes POST intersites qui nont pas pu être analysées",
"description": ""
},
"UnscannedXPost": {
"message": "La recherche de scripts intersites na pas pu être effectuée pour cette requête intersites.\nElle pourrait être inoffensive, mais NoScript ne peut pas en être certain. Ne lautorisez que si vous faites confiance aux deux sites.",
"description": ""
},
"OptOverrideTorBrowserPolicy": {
"message": "Remplacer le préréglage du niveau de sécurité du Navigateur Tor",
"description": ""

View File

@ -359,18 +359,6 @@
"message": "הפוך בקשות POST חוצות־אתרים אל בקשות GET מופחתות־נתונים",
"description": ""
},
"OptScanXUpload": {
"message": "סרוק העלאות עבור מתקפות חוצות־אתרים פוטנציאליות",
"description": ""
},
"OptBlockUnscannedXPost": {
"message": "בקש אימות עבור בקשות POST חוצות־אתרים שאינן יכולות להיסרק",
"description": ""
},
"UnscannedXPost": {
"message": "בקשת חוצת־אתרים זו לא יכלה להיסרק עבור XSS.\nהיא עשויה להיות בלתי־מזיקה, אבל NoScript אינו יכול לדעת בוודאות. התר רק אם אתה בוטח בשני האתרים.",
"description": ""
},
"OptOverrideTorBrowserPolicy": {
"message": "דרוס הגדרה של רמת אבטחה של דפדפן Tor",
"description": ""

View File

@ -359,18 +359,6 @@
"message": "Trasforma le richieste POST cross-site in richieste GET",
"description": ""
},
"OptScanXUpload": {
"message": "Ispeziona gli upload cercando potenziali attacchi XSS",
"description": ""
},
"OptBlockUnscannedXPost": {
"message": "Chiedi conferma per gli upload potenzialmente pericolosi che non si sono potuti ispezionare",
"description": ""
},
"UnscannedXPost": {
"message": "NoScript non ha potuto ispezionare questo caricamento da un sito ad un'altro. \nPotrebbe essere innocuo, ma NoScript non può assicurarlo con certezza.\nPermettilo solo se ti fidi di entrambi i siti.",
"description": ""
},
"OptOverrideTorBrowserPolicy": {
"message": "Fai prevalere le mie impostazioni sul \"Livello di Sicurezza\" del Tor Browser",
"description": ""
@ -911,4 +899,4 @@
"message": "v $1",
"description": ""
}
}
}

View File

@ -359,19 +359,7 @@
"message": "Ubah permohonan HANTARAN laman-silang menjadi pemohonan GET kurang-data",
"description": ""
},
"OptScanXUpload": {
"message": "Imbas muat naik bagi serang laman-silang yang berpotensi",
"description": ""
},
"OptBlockUnscannedXPost": {
"message": "Tanya pengesahan untuk permohonan HANTARAN laman-silang yang tidak diimbas",
"description": ""
},
"UnscannedXPost": {
"message": "Pemohonan laman-silang ini tidak diimbas bagi XSS.\nIa mungkin tidak merbahaya, tetapi NoScript tidak pasti berkenaannya. Hanya beri kebenaran sekiranya anda benar-benar mempercayai kedua-dua laman.",
"description": ""
},
"OptOverrideTorBrowserPolicy": {
"OptOverrideTorBrowserPolicy": {
"message": "Batalkan praset Aras Keselamatan Pelayar Tor",
"description": ""
},

View File

@ -359,18 +359,6 @@
"message": "Gjør mellomsidige POST-forespørsler til mindre datakrevende GET-forepørsler",
"description": ""
},
"OptScanXUpload": {
"message": "Scan uploads for potential cross-site attacks",
"description": ""
},
"OptBlockUnscannedXPost": {
"message": "Ask confirmation for cross-site POST requests which could not be scanned",
"description": ""
},
"UnscannedXPost": {
"message": "This cross-site request could not be scanned for XSS.\nIt might be innocuous, but NoScript cannot tell for sure. Allow only if you trust both sites.",
"description": ""
},
"OptOverrideTorBrowserPolicy": {
"message": "Override Tor Browser's Security Level preset",
"description": ""
@ -911,4 +899,4 @@
"message": "v $1",
"description": ""
}
}
}

View File

@ -359,18 +359,6 @@
"message": "Cross-site-POST-aanvragen omzetten naar gegevensarme GET-aanvragen",
"description": ""
},
"OptScanXUpload": {
"message": "Uploads scannen op potentiële cross-site-aanvallen",
"description": ""
},
"OptBlockUnscannedXPost": {
"message": "Bevestiging vragen voor cross-site-POST-aanvragen die niet konden worden gescand",
"description": ""
},
"UnscannedXPost": {
"message": "Deze cross-site-aanvraag kon niet op XSS worden gescand.\nDit kan onschuldig zijn, maar NoScript weet het niet zeker. Sta dit alleen toe als u beide websites vertrouwt.",
"description": ""
},
"OptOverrideTorBrowserPolicy": {
"message": "Voorkeuze van beveiligingsniveau van Tor Browser negeren",
"description": ""

View File

@ -359,18 +359,6 @@
"message": "Transformar solicitações POST entre sites em solicitações GET sem dados",
"description": ""
},
"OptScanXUpload": {
"message": "Scan uploads for potential cross-site attacks",
"description": ""
},
"OptBlockUnscannedXPost": {
"message": "Ask confirmation for cross-site POST requests which could not be scanned",
"description": ""
},
"UnscannedXPost": {
"message": "This cross-site request could not be scanned for XSS.\nIt might be innocuous, but NoScript cannot tell for sure. Allow only if you trust both sites.",
"description": ""
},
"OptOverrideTorBrowserPolicy": {
"message": "Override Tor Browser's Security Level preset",
"description": ""

View File

@ -359,18 +359,6 @@
"message": "Заменять межсайтовые POST-запросы на GET-запросы без данных",
"description": ""
},
"OptScanXUpload": {
"message": "Сканирование загрузок на предмет возможных межсайтовых атак",
"description": ""
},
"OptBlockUnscannedXPost": {
"message": "Спрашивать подтверждение для межсайтовых POST-запросов, которые не могут быть просканированы",
"description": ""
},
"UnscannedXPost": {
"message": "Этот межсайтовый запрос не может быть просканирован на наличие XSS.\nОн может быть безвредным, но NoScript не может определить точно.\nРазрешайте, только если доверяете обоим сайтам.",
"description": ""
},
"OptOverrideTorBrowserPolicy": {
"message": "Переопределить заданный уровень безопасности Tor Browserа",
"description": ""

View File

@ -359,18 +359,6 @@
"message": "Förvandla webbplatsöverskridande POST-förfrågningar till mindre-data GET-förfrågningar",
"description": ""
},
"OptScanXUpload": {
"message": "Scan uploads for potential cross-site attacks",
"description": ""
},
"OptBlockUnscannedXPost": {
"message": "Ask confirmation for cross-site POST requests which could not be scanned",
"description": ""
},
"UnscannedXPost": {
"message": "This cross-site request could not be scanned for XSS.\nIt might be innocuous, but NoScript cannot tell for sure. Allow only if you trust both sites.",
"description": ""
},
"OptOverrideTorBrowserPolicy": {
"message": "Override Tor Browser's Security Level preset",
"description": ""
@ -911,4 +899,4 @@
"message": "v $1",
"description": ""
}
}
}

View File

@ -359,18 +359,6 @@
"message": "Siteler arası POST istekleri veriden arındırılmış GET isteklerine dönüştürülsün",
"description": ""
},
"OptScanXUpload": {
"message": "Yüklenen dosyalar olası siteler arası saldırılara karşı taransın",
"description": ""
},
"OptBlockUnscannedXPost": {
"message": "Taranamayan siteler arası POST istekleri için onay istensin",
"description": ""
},
"UnscannedXPost": {
"message": "Bu siteler arası istek XSS saldırılarına karşı taranamadı.\nZararsız olabilir ancak NoScript kesin olarak bir şey söyleyemiyor. Ancak her iki siteye de güveniyorsanız onaylayın.",
"description": ""
},
"OptOverrideTorBrowserPolicy": {
"message": "Tor Browser Güvenlik Duvarı ayarı değiştirilsin",
"description": ""
@ -911,4 +899,4 @@
"message": "v $1",
"description": ""
}
}
}

View File

@ -359,18 +359,6 @@
"message": "将跨网站的 POST 请求转换为无数据的 GET 请求",
"description": ""
},
"OptScanXUpload": {
"message": "Scan uploads for potential cross-site attacks",
"description": ""
},
"OptBlockUnscannedXPost": {
"message": "Ask confirmation for cross-site POST requests which could not be scanned",
"description": ""
},
"UnscannedXPost": {
"message": "This cross-site request could not be scanned for XSS.\nIt might be innocuous, but NoScript cannot tell for sure. Allow only if you trust both sites.",
"description": ""
},
"OptOverrideTorBrowserPolicy": {
"message": "Override Tor Browser's Security Level preset",
"description": ""
@ -911,4 +899,4 @@
"message": "v $1",
"description": ""
}
}
}

View File

@ -13,8 +13,6 @@ var Defaults = {
global: false,
xss: true,
cascadeRestrictions : false,
xssScanRequestBody: true,
xssBlockUnscannedPOST: false,
overrideTorBrowserPolicy: false, // note: Settings.update() on reset will flip this to true
clearclick: true,
}

View File

@ -113,8 +113,6 @@ var Settings = {
},
sync: {
cascadeRestrictions: true,
xssScanRequestBody: false,
xssBlockUnscannedPOST: true,
}
}
for (let [storage, prefs] of Object.entries(torBrowserSettings)) {

View File

@ -109,15 +109,6 @@
<span id="xssFaq">(<a href="https://noscript.net/faq#xss" title="https://noscript.net/faq#xss">__MSG_XssFaq__</a>)</span>
</span>
<button id="btn-delete-xss-choices" disabled>__MSG_XSS_clearUserChoices__</button>
<br />
<span id="xssScanRequestBody-opt">
<input type="checkbox" id="opt-xssScanRequestBody">
<label for="opt-xssScanRequestBody" id="lbl-opt-xssScanRequestBody">__MSG_OptScanXUpload__</label>
</span>
<span id="xssBlockUnscannedPOST-opt">
<input type="checkbox" id="opt-xssBlockUnscannedPOST">
<label for="opt-xssBlockUnscannedPOST" id="lbl-opt-xssBlockUnscannedPOST">__MSG_OptBlockUnscannedXPost__</label>
</span>
</div>
<div id="clearclick-options" class="opt-group">
<input type="checkbox" id="opt-clearclick"><label for="opt-clearclick" id="lbl-clearclick">ClearClick</label>

View File

@ -35,8 +35,6 @@
opt("cascadeRestrictions");
opt("xss");
opt("xssScanRequestBody");
opt("xssBlockUnscannedPOST");
opt("overrideTorBrowserPolicy");

View File

@ -116,12 +116,6 @@ var XSS = (() => {
if (!UA.isMozilla) return; // async webRequest is supported on Mozilla only
let {onBeforeRequest} = browser.webRequest;
let {xssScanRequestBody} = ns.sync;
if (xssScanRequestBody !== this.xssScanRequestBody) {
this.stop();
this.xssScanRequestBody = xssScanRequestBody;
}
this.xssBlockUnscannedPOST = ns.sync.xssBlockUnscannedPOST;
if (onBeforeRequest.hasListener(requestListener)) return;
@ -144,9 +138,7 @@ var XSS = (() => {
onBeforeRequest.addListener(requestListener, {
urls: ["*://*/*"],
types: ["main_frame", "sub_frame", "object"]
},
// work-around for https://bugzilla.mozilla.org/show_bug.cgi?id=1532530
xssScanRequestBody ? ["blocking", "requestBody"] : ["blocking"]);
}, ["blocking", "requestBody"]);
},
stop() {
@ -247,13 +239,8 @@ var XSS = (() => {
ic.reset();
let postInjection = xssReq.isPost &&
(XSS.xssScanRequestBody ?
request.requestBody && request.requestBody.formData &&
ic.checkPost(request.requestBody.formData, skipParams)
: XSS.xssBlockUnscannedPOST &&
(request.originUrl || request.documentUrl) && // exclude non-document POSTs, such as url bar searches
ns.requestCan(request, "script") && ("\n" + _("UnscannedXPost"))
);
ic.checkPost(request.requestBody.formData, skipParams);
let protectName = ic.nameAssignment;
let urlInjection = ic.checkUrl(destUrl, skipRx);