Rename the "csspp0" capability to "unchecked_css".
This commit is contained in:
hackademix
parent
182cd5fcaa
commit
d97b2f6d18
|
|
@ -551,6 +551,9 @@
|
||||||
"cap_noscript": {
|
"cap_noscript": {
|
||||||
"message": "noscript"
|
"message": "noscript"
|
||||||
},
|
},
|
||||||
|
"cap_unchecked_css": {
|
||||||
|
"message": "unchecked CSS"
|
||||||
|
},
|
||||||
"cap_other": {
|
"cap_other": {
|
||||||
"message": "other"
|
"message": "other"
|
||||||
},
|
},
|
||||||
|
|
|
||||||
|
|
@ -240,23 +240,37 @@ var LifeCycle = (() => {
|
||||||
|
|
||||||
// put here any version specific upgrade adjustment in stored data
|
// put here any version specific upgrade adjustment in stored data
|
||||||
|
|
||||||
let configureNewCap = async(cap, presets, presetFilter) => {
|
let forEachPreset = async (callback, presetNames = "*") => {
|
||||||
log(`Upgrading from ${previousVersion}: configure the "${cap}" capability.`);
|
|
||||||
await ns.initializing;
|
await ns.initializing;
|
||||||
let policy = ns.policy;
|
let changed = false;
|
||||||
let customIdx = presets.indexOf("CUSTOM");
|
for (let p of ns.policy.getPresets(presetNames)) {
|
||||||
presets = presets.map(p => policy[p])
|
if (callback(p)) changed = true;
|
||||||
if (customIdx !== -1) {
|
|
||||||
let { TRUSTED, UNTRUSTED } = policy;
|
|
||||||
// insert custom presets, if any
|
|
||||||
presets.splice(customIdx, 1, ...[...policy.sites.values()].filter(p => p !== TRUSTED && p !== UNTRUSTED));
|
|
||||||
}
|
|
||||||
if (presetFilter) presets = presets.filter(presetFilter);
|
|
||||||
for (let p of presets) {
|
|
||||||
p.capabilities.add(cap);
|
|
||||||
}
|
}
|
||||||
|
if (changed) {
|
||||||
await ns.savePolicy();
|
await ns.savePolicy();
|
||||||
}
|
}
|
||||||
|
};
|
||||||
|
|
||||||
|
let configureNewCap = async (cap, presetNames, capsFilter) => {
|
||||||
|
log(`Upgrading from ${previousVersion}: configure the "${cap}" capability.`);
|
||||||
|
await forEachPreset(({capabilities}) => {
|
||||||
|
if (capsFilter(capabilities) && !capabilities.has(cap)) {
|
||||||
|
capabilities.add(cap);
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
}, presetNames);
|
||||||
|
};
|
||||||
|
|
||||||
|
let renameCap = async (oldName, newName) => {
|
||||||
|
log(`Upgrading from ${previousVersion}: rename capability "${oldName}" to "${newName}`);
|
||||||
|
await forEachPreset(({capabilities}) => {
|
||||||
|
if (capabilities.has(oldName)) {
|
||||||
|
capabilities.delete(oldName);
|
||||||
|
capabilities.add(newName);
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
});
|
||||||
|
};
|
||||||
|
|
||||||
if (Ver.is(previousVersion, "<=", "11.0.10")) {
|
if (Ver.is(previousVersion, "<=", "11.0.10")) {
|
||||||
await configureNewCap("ping", ["TRUSTED"]);
|
await configureNewCap("ping", ["TRUSTED"]);
|
||||||
|
|
@ -265,8 +279,11 @@ var LifeCycle = (() => {
|
||||||
await configureNewCap("noscript", ["DEFAULT", "TRUSTED", "CUSTOM"])
|
await configureNewCap("noscript", ["DEFAULT", "TRUSTED", "CUSTOM"])
|
||||||
}
|
}
|
||||||
if (Ver.is(previousVersion, "<=", "11.2.4")) {
|
if (Ver.is(previousVersion, "<=", "11.2.4")) {
|
||||||
// add the csspp0 capability to any preset which already has the script capability
|
// add the unchecked_css capability to any preset which already has the script capability
|
||||||
await configureNewCap("csspp0", ["TRUSTED", "CUSTOM", "DEFAULT"], p => p.capabilities.has("script"));
|
await configureNewCap("unchecked_css", ["DEFAULT", "TRUSTED", "CUSTOM"], caps => caps.has("script"));
|
||||||
|
}
|
||||||
|
if (Ver.is(previousVersion, "<=", "11.2.5rc1")) {
|
||||||
|
await renameCap("csspp0", "unchecked_css");
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -163,7 +163,7 @@ ns.on("capabilities", () => {
|
||||||
allowed: ns.canScript
|
allowed: ns.canScript
|
||||||
});
|
});
|
||||||
|
|
||||||
if (!(ns.policy.isTorBrowser || ns.allows("csspp0"))) {
|
if (!(ns.policy.isTorBrowser || ns.allows("unchecked_css"))) {
|
||||||
// protection against CSS PP0, not needed on the Tor Browser because of its
|
// protection against CSS PP0, not needed on the Tor Browser because of its
|
||||||
// noisy DNS resolution: https://orenlab.sise.bgu.ac.il/p/PP0
|
// noisy DNS resolution: https://orenlab.sise.bgu.ac.il/p/PP0
|
||||||
let prefetchCallback =
|
let prefetchCallback =
|
||||||
|
|
|
||||||
2
src/nscl
2
src/nscl
|
|
@ -1 +1 @@
|
||||||
Subproject commit 97c2a54550a2d8c2eb06ddad6c11651eb0f06439
|
Subproject commit efa5fbede1c54f0a9cd0b0ad54b10772a60dfb09
|
||||||
|
|
@ -362,7 +362,7 @@ var UI = (() => {
|
||||||
capInput.id = `capability-${capability}-${idSuffix}`
|
capInput.id = `capability-${capability}-${idSuffix}`
|
||||||
capLabel.setAttribute("for", capInput.id);
|
capLabel.setAttribute("for", capInput.id);
|
||||||
capInput.value = capability;
|
capInput.value = capability;
|
||||||
capInput.title = capLabel.textContent = _(`cap_${capability}`) || capability;
|
capInput.title = capLabel.textContent = _(`cap_${capability}`) || capability.replace(/_/g, ' ');
|
||||||
let clone = capParent.appendChild(cap.cloneNode(true));
|
let clone = capParent.appendChild(cap.cloneNode(true));
|
||||||
clone.classList.add(capability);
|
clone.classList.add(capability);
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue