Commit Graph

1552 Commits

Author SHA1 Message Date
hackademix cfd9ba740c Version bump: 11.0rc1. 2019-06-24 19:22:01 +02:00
hackademix fa264f8157 Version bump: 10.6.3. 2019-06-15 22:41:20 +02:00
hackademix 4491d2f81b Updated TLDs. 2019-06-15 20:59:00 +02:00
hackademix 48d03247ff Fixed media replacement broken when <source> elements are used. 2019-06-15 20:42:39 +02:00
hackademix a4f088211e Fixed regression in full embedding document replacement due to timing changes. 2019-06-15 20:41:26 +02:00
hackademix 04baf1a3f8 Version bump: 10.6.3rc8. 2019-06-15 17:52:18 +02:00
hackademix fba660149e Further work-around for setting importation file picking inconsistencies on Android. 2019-05-30 13:23:35 +02:00
hackademix 18c0cdc590 Updated TLDs. 2019-05-30 12:52:35 +02:00
hackademix 9a44bf8900 Version bump: 10.6.3rc7. 2019-05-30 09:40:26 +02:00
hackademix fc72add8a9 Fixed [Import] button on Android (issue #76). 2019-05-28 23:32:19 +02:00
hackademix b89b161d9b Version bump: 10.6.3rc6. 2019-05-28 23:16:10 +02:00
hackademix 22bceb6c97 Further JSON reduction optimizations. 2019-05-28 16:48:58 +02:00
hackademix b935c22f55 Version bump: 10.6.3rc5. 2019-05-28 16:48:30 +02:00
hackademix cd44c749f4 Timing cap inferenced by call numbers when using low-resolution timers. 2019-05-28 01:35:44 +02:00
hackademix 4d4fa3c6ed Make XSS timeouts fatal and reported. 2019-05-28 01:35:44 +02:00
hackademix 37d148e3af Fixed JSON parsing preamble regression. 2019-05-28 01:35:44 +02:00
hackademix c2f0ce0dfc Version bump: 10.6.3rc4. 2019-05-28 01:35:44 +02:00
hackademix 5597c4b0e5 XSS Filter made further asynchronous, prevents freezes on complex JSON payloads. 2019-05-27 00:28:01 +02:00
hackademix 4826128e43 Version bump: 10.6.3rc3. 2019-05-27 00:27:51 +02:00
hackademix 23fb55bf38 More accurate algorithm to account for permissions changes in the UI triggering automatic reloads. 2019-05-26 15:42:00 +02:00
hackademix b06ec5d1c8 Version bump: 10.6.3rc2. 2019-05-26 15:40:41 +02:00
hackademix 947a2684af Updated TLDs. 2019-05-26 00:13:52 +02:00
hackademix 78a5600d47 Skip page autoreloads on transitions between temporary and permanent presets of the same kind. 2019-05-26 00:07:55 +02:00
hackademix f11d4243bc Version bump: 10.6.3rc1. 2019-05-26 00:05:07 +02:00
hackademix 5c44687f18 Version bump: 10.6.2. 2019-05-22 18:54:48 +02:00
hackademix 3f48f4d5a0 Updated InjectionChecker's HTML5 events. 2019-05-22 18:45:58 +02:00
hackademix 0eb42450d4 Removed work-around for https://bugzilla.mozilla.org/show_bug.cgi?id=1532530 (see https://trac.torproject.org/projects/tor/ticket/29969#comment:9). 2019-05-22 18:45:34 +02:00
hackademix c84673b110 Removed legacy DomNode.replaceChild() usage. 2019-05-22 16:59:18 +02:00
hackademix 732ba767a6 Version bump: 10.6.2rc2. 2019-05-22 16:58:11 +02:00
hackademix c2be460915 Fix mozwebext class added to content pages (Issue #80). 2019-05-06 12:11:31 +02:00
hackademix 7b35acdab0 Updated TLDs. 2019-04-29 15:38:17 +02:00
hackademix d0bcf7c975 Updated Transifex-managed locales (es, ms, tr). 2019-04-29 15:37:58 +02:00
hackademix 4fa4e55b62 Skip MediaSource patching where it's disabled by browser settings. 2019-04-29 10:31:19 +02:00
hackademix 43770cbc85 Skip dev-mode XSS tests unless the browser is Firefox. 2019-04-29 09:45:59 +02:00
hackademix 0c2df08d78 Reference internal pages as absolute URLs for Chromium compatibility. 2019-04-29 09:43:14 +02:00
hackademix 225ce1e6c8 Version bump: 10.6.2rc1. 2019-04-29 09:41:44 +02:00
hackademix 8aab462b44 Version bump: 10.6.1. 2019-04-08 23:21:40 +02:00
hackademix cf6ef3bed5 Updated Transifex-managed nl locale. 2019-04-08 15:51:32 +02:00
hackademix 7ab201e133 Catch SecurityException thrown on cross-origin wrappedJSObject access. 2019-04-08 15:46:52 +02:00
hackademix a489c192d6 Make RequestGuard's header processing synchronous on non-supporting browsers. 2019-04-08 13:08:17 +02:00
hackademix 5ffd53ee89 Fixed inconsistencies in handling of browser-internal URLs. 2019-04-08 11:44:08 +02:00
hackademix 9493978473 Fixed resetting options works just once per session (defaults reference current settings) - issue #69. 2019-04-06 10:49:57 +02:00
hackademix db85a7cb01 Updated Transifex-managed locales (de, fr, it, tr). 2019-04-06 10:42:04 +02:00
hackademix bd38efde03 Version bump: 10.6.1rc1. 2019-04-01 23:20:35 +02:00
hackademix 7754ad0f45 Version bump: 10.6. 2019-04-01 21:53:54 +02:00
hackademix aadde8b693 Version bump: 10.6rc2. 2019-04-01 19:12:54 +02:00
hackademix f145e625e4 Limit wrappedJSObject usages to compatible browsers. 2019-04-01 19:12:20 +02:00
hackademix 688f7a31fa Version bump: 10.6rc1. 2019-04-01 13:20:54 +02:00
hackademix 76c959ec30 Updated TLDs. 2019-04-01 12:52:44 +02:00
hackademix 68a06fa546 Updated de, fr, he, ru locales. 2019-04-01 12:46:54 +02:00
hackademix 661a2a436b Chromium-compatible popup closure handling. 2019-03-28 13:04:36 +01:00
hackademix c806c6bbff Work-around for potential issues with legacy prefs. 2019-03-28 13:04:36 +01:00
hackademix 5327505fba Chromium-compatible version number. 2019-03-28 13:04:36 +01:00
hackademix 75ea681b9f Remove source map reference because of https://bugzilla.mozilla.org/show_bug.cgi?id=1437937 2019-03-28 13:04:36 +01:00
hackademix c003a5123a Fixed manifest description for cross-browser and chrome web store usage. 2019-03-28 13:04:05 +01:00
hackademix b9373c65b1 Merge branch 'chromium' into merge/chromium 2019-03-27 23:43:34 +01:00
hackademix d77df5c9e4 Version bump: 10.2.5. 2019-03-24 23:55:06 +01:00
hackademix d299436a08 Better detection of privileged URLs in the XSS filter. 2019-03-24 23:35:05 +01:00
hackademix b825935788 Version bump: 10.2.5rc1. 2019-03-24 23:06:50 +01:00
hackademix c2ec91f7a6 Version bump: 10.2.4. 2019-03-20 23:46:25 +01:00
hackademix 4f95364bbf Improved prompts layout. 2019-03-20 23:42:10 +01:00
hackademix 169d5f085a Improved unscanned POST blocking. 2019-03-20 23:34:32 +01:00
hackademix cab9d0ea74 Version bump: 10.2.4rc1. 2019-03-20 23:32:46 +01:00
hackademix 8c8dc258eb Version bump: 10.2.3. 2019-03-19 23:23:56 +01:00
hackademix 3bb748fda2 Version bump: 10.2.3rc3. 2019-03-19 23:19:25 +01:00
hackademix 57b222c48b Updated Transifex-managed locales. 2019-03-19 23:19:10 +01:00
hackademix fa623fe400 Fixed searches from the url bar causing XSS warnings in the Tor Browser. 2019-03-19 23:11:18 +01:00
hackademix c505c3e999 Version bump: 10.2.3rc2. 2019-03-19 23:10:19 +01:00
hackademix ea894393f1 Improved popup initialization perceived speed. 2019-03-19 13:46:58 +01:00
hackademix f04fbd790e Fixed popup top buttons not visible in high contrast appearance mode. 2019-03-19 13:46:19 +01:00
hackademix 0052e4b702 Version bump: 10.2.3rc1. 2019-03-19 13:42:09 +01:00
hackademix ab65a0a423 Version bump: 10.2.2. 2019-03-17 23:21:20 +01:00
hackademix 84fc537101 Updated Transifex-managed locales. 2019-03-17 23:06:50 +01:00
hackademix 4f901eb1fa Fixed ns.requestCan() using hardcoded "script" rather than its capability argument. 2019-03-16 15:48:55 +01:00
hackademix 19d41bcc4e Version bump: 10.2.2rc5. 2019-03-16 15:47:30 +01:00
hackademix 921a7910f0 "General/Cascade top document's restrictions to subdocuments" option (default true on the Tor Browser). 2019-03-15 23:55:50 +01:00
hackademix c3c3a6a769 Remove double quotes around property names for consistency. 2019-03-15 23:34:09 +01:00
hackademix 6edf62ca12 Version bump: 10.2.2rc4. 2019-03-15 23:02:50 +01:00
hackademix e0a2e34d9a Added "incognito" manifest.json key. 2019-03-14 02:07:45 +01:00
hackademix d1dd278a81 Selective handling of Tor Browser options and work-around for https://bugzilla.mozilla.org/show_bug.cgi?id=1532530 2019-03-14 01:57:58 +01:00
hackademix 3f2453053b Updated TLDs. 2019-03-14 00:22:43 +01:00
hackademix 3bb9699ec7 Updated event names handled by InjectionChecker. 2019-03-14 00:22:06 +01:00
hackademix 295d681c1b Added missing await to async options saving. 2019-03-14 00:09:45 +01:00
hackademix 0878ad2b0a Remove usage of non-standard Array methods. 2019-02-01 01:17:58 +01:00
hackademix d152a53871 Removed non-standard uneval() usage. 2019-02-01 01:17:09 +01:00
hackademix 20b689d015 Fallback XSS filtering to XSS Auditor since asynchronous webRequest handlers are not supported by Chromium. 2019-02-01 01:16:33 +01:00
hackademix 2fa009673f Conditional CSS toggle for non-mozilla browsers. 2019-02-01 01:13:26 +01:00
hackademix 9b5bd1c775 Chromium-compatible UI stylesheets. 2019-02-01 00:31:43 +01:00
hackademix 4e5f12a6c2 Differentiate Chromium restricted URLs (where extensions cannot operate). 2019-02-01 00:31:00 +01:00
hackademix 781514cfb9 Graceful degradation for missing WebExtensions APIs on Chromium. 2019-02-01 00:28:33 +01:00
hackademix d076a517ba Generic shims for Chromium derivatives. 2019-02-01 00:26:40 +01:00
hackademix 82313cc766 Version bump: 10.2.2rc3. 2018-12-31 00:21:04 +01:00
hackademix c0956b20b9 Safer cookie-less check for unrestricted tabs from subdocuments. 2018-12-27 10:54:45 +01:00
hackademix 8493f63e25 Version bump: 10.2.2rc2. 2018-12-27 10:47:05 +01:00
hackademix 74f08a58d0 [Locale] Added sv_SE (by Jonatan Nyberg). 2018-12-27 00:16:45 +01:00
hackademix 357906df78 Fix for unrestricted tabs not affecting about:blank subframes (issue #48). 2018-12-26 23:44:36 +01:00
hackademix f341217e0a [XSS] Updated known HTML events lists. 2018-12-26 22:35:10 +01:00
hackademix 33447ef6c2 Version bump: 10.2.2rc1. 2018-12-25 23:30:07 +01:00
hackademix 35faebf81b Version bump: 10.2.1. 2018-12-23 14:42:48 +01:00
hackademix bbd050a174 Cascade top document's restrictions to subframes (Tor issue #28873). 2018-12-17 17:43:19 +01:00
hackademix c3e803a7dc Version bump: 10.2.1rc3. 2018-12-17 17:42:53 +01:00
hackademix 8f0bdc1493 Fix restored media element from placeholder not loading previously blocked content. 2018-12-06 22:51:53 +01:00
hackademix 07b9084829 Version bump: 10.2.1rc2. 2018-12-05 15:25:23 +01:00
hackademix c94cd48752 Fixed placeholders missing for some blocked embeddings (Tor ticket #28720). 2018-12-05 10:10:26 +01:00
hackademix 68d0cd0568 Version bump: 10.2.1rc1. 2018-12-05 10:10:26 +01:00
hackademix 9e70392b90 Version bump: 10.2.0. 2018-11-25 23:40:39 +01:00
hackademix e20acbcb99 Version bump: 10.2. 2018-11-25 23:34:11 +01:00
hackademix 82bed35e6c Limit fix for issue #41 to origin-less fetch (exclude frames). 2018-11-25 23:00:08 +01:00
hackademix d93c87954c [L10n] Updated fr, he. 2018-11-25 19:19:16 +01:00
hackademix 5c5c06f0c3 Version bump: 10.2rc2. 2018-11-25 19:19:06 +01:00
hackademix 83979c532e Allow extensions to perform origin-less fetching and framing (issue #41). 2018-11-24 23:43:32 +01:00
hackademix 1dcbc7ebfc Fixed meta refresh inside <NOSCRIPT> emulation breaking Firefox's built-in refresh blocking. 2018-11-17 22:56:30 +01:00
hackademix 24f738337b Fixed issue #35 "tabId is not defined" on startup. 2018-11-12 02:18:58 +01:00
hackademix 6860ee2a40 Darker red badge background to ensure text is kept white across browsers. 2018-10-26 01:36:11 +02:00
hackademix c1f359ddf4 Version bump: 10.2rc1. 2018-10-26 01:34:51 +02:00
hackademix 9afc2e7f2b Version bump: 10.1.9.9. 2018-10-16 13:24:50 +02:00
hackademix f9703b2bcb Fixed potential race condition in per-tab configuration cookie hack. 2018-10-14 23:18:31 +02:00
hackademix e3dc784cd4 Version bump: 10.1.9.9rc2. 2018-10-14 23:18:23 +02:00
hackademix 808fd652be Use cookie instead of window.name as a tab-configuration hack. 2018-10-13 10:08:37 +02:00
hackademix e44fce3ebd Set tab restrictions status across all frames. 2018-10-12 22:35:46 +02:00
hackademix 8c37d74a19 Version bump: 10.1.9.9rc1. 2018-10-12 22:21:23 +02:00
hackademix ec997edc10 Version bump to 10.1.9.8 because of erronous self-hosting AMO signing. 2018-10-06 18:27:17 +02:00
hackademix bb4660e89f Version bump: 10.1.9.7. 2018-10-06 18:20:02 +02:00
hackademix fc4ab21b2d [L10n] Updated ru (thanks fatboy). 2018-10-06 18:13:27 +02:00
hackademix 209d50b0c1 Simplified CSP HTTP header injection, avoiding report-to until actually supported by browsers. 2018-10-06 18:13:27 +02:00
hackademix c9c7b7aefe Fixed preset customization UI showing inherited DEFAULT permissions if a protocol-level preset exists. 2018-10-06 18:13:19 +02:00
hackademix 4bd8da62b8 Version bump: 10.1.9.7rc3. 2018-10-06 12:28:26 +02:00
hackademix 55ccd14dfe Better UX for overriding protocol-level permissions. 2018-10-06 02:11:49 +02:00
hackademix ddbd70416c [L10n] Updated (es, ru) and new (el, he, ms, nb) locales from OTF's Localization Lab Transifex project. 2018-10-06 02:06:38 +02:00
hackademix ffc0b0d8b0 Version bump: 10.1.9.7rc2. 2018-10-04 23:11:15 +02:00
Allan Nordhøy f9a05c7361
Norwegian Bokmål translation 2018-10-03 14:21:15 +02:00
hackademix 321401f60e [XSS] Updated HTML5 events matching. 2018-09-26 17:42:07 +02:00
hackademix 92eed7d700 FTP directory UI emulation on script-disabled domains. 2018-09-26 17:19:44 +02:00
hackademix 8b36446fc9 Include ftp:// URLs in non-secure domain matching. 2018-09-26 16:52:06 +02:00
hackademix f4055263c7 Version bump: 10.1.9.7rc1. 2018-09-26 15:59:36 +02:00
hackademix e4e1c83f2c Fixed line endings. 2018-09-15 22:11:31 +02:00
hackademix 297fec781f Version bump: 10.1.9.6. 2018-09-14 07:36:13 +02:00
hackademix 98528299cd [XSS] Updated known HTML5 events. 2018-09-14 07:21:22 +02:00
hackademix fcb9fb8452 Version bump: 10.1.9.6rc3. 2018-09-14 07:19:03 +02:00
hackademix 71c82b5084 Gracefully handle legacy message recipients. 2018-09-14 07:18:10 +02:00
hackademix 8c739b064c Removed unused regexp. 2018-09-10 19:23:47 +02:00
hackademix 48053d96d4 Better IPV6 support. 2018-09-10 19:10:32 +02:00
hackademix 2b45fcb9a4 Version bump: 10.1.9.6rc2. 2018-09-10 19:09:46 +02:00
hackademix f88a6a6d6d Streamlined child policy content scripts. 2018-09-10 11:34:22 +02:00
hackademix 6414195445 Version bump: 10.1.9.6rc1. 2018-09-09 23:47:15 +02:00
hackademix 050aa8b83b SUpport for protocol-only entries in UI. 2018-09-09 23:46:49 +02:00
hackademix 16d1b03062 Version bump: 10.1.9.5. 2018-09-09 19:07:28 +02:00
hackademix 305c6779a7 Fix for various content script timing related issues. 2018-09-09 18:59:52 +02:00
hackademix 193e706a99 Version bump: 10.1.9.5rc1. 2018-09-09 17:41:39 +02:00
hackademix 5629377921 Version bump: 10.1.9.4. 2018-09-09 15:04:17 +02:00
hackademix 9b3b5e0503 Prevent total breakages when policies accidentally map to invalid match patterns. 2018-09-09 15:00:08 +02:00
hackademix 1cfb3117ef Prevent multiple CSP entries to be injected in the DOM on each reload if scripting is disabled. 2018-09-09 14:58:55 +02:00
hackademix 002c8f8b67 Message loops checks coping with multiple options window. 2018-09-09 14:57:09 +02:00
hackademix c5cbb8abfc Version bump: 10.1.9.4rc1. 2018-09-09 12:23:33 +02:00
hackademix 1323fb8142 Version bump: 10.1.9.3. 2018-09-09 08:23:06 +02:00
hackademix eb85395a01 Fixed message handling regression causing incompatibilities with embedders and potential internal loops. 2018-09-09 08:21:03 +02:00
hackademix ffc688d57a Version bump: 10.1.9.3rc1. 2018-09-09 08:04:55 +02:00
hackademix 5a76ed6778 Version bump: 10.1.9.2. 2018-09-09 00:55:41 +02:00
hackademix 4f7d8579af More efficient window.name persistence for tab-scoped permissions. 2018-09-08 23:09:39 +02:00
hackademix b60cbbd49e Site parsing more resilient to bogus input. 2018-09-08 14:37:33 +02:00
hackademix 746655c885 Fixed regression: undefined fake request.url ends to for inline scripts CSP reports. 2018-09-08 14:36:47 +02:00
hackademix 28c9a50b17 Version bump: 10.1.9.2rc4. 2018-09-08 13:03:25 +02:00
hackademix 7514aa20f9 Saner message dispatching. 2018-09-08 11:50:40 +02:00
hackademix 9edcf2f1f7 Restored it locale. 2018-09-05 17:09:45 +02:00
hackademix 97d4c22669 Work-around for a potential race condition in message handling on extension updates. 2018-09-05 15:51:43 +02:00
hackademix ec0d7b4aff Fixed possible null reference errors in Sites.origin(). 2018-09-05 15:50:27 +02:00
hackademix ce5d46ead2 Init the CUSTOM preset not just with the capabilities, but also with the "temporary" status of the previously selected one. 2018-09-05 15:43:55 +02:00
hackademix b779e7122f Fixed bug in requestKey generation. 2018-09-05 11:31:28 +02:00
hackademix c98bddeb4d Version bump: 10.1.9.2rc3. 2018-09-05 11:26:04 +02:00
hackademix 3bf909c927 [l10n] Transifex integration. 2018-09-05 00:44:27 +02:00
hackademix f95f7b809d Ensure we remove the HEAD element parent of our META CSP policy only if we created it. 2018-09-04 22:43:00 +02:00
hackademix 1814bfa03d Work-around for CSP not being honored when the HEAD element has not been inserted yet. 2018-09-04 19:48:07 +02:00
hackademix 26470b84f6 Transparent support for FQDNs and better management of file:/// URLs. 2018-09-04 19:28:16 +02:00
hackademix df149a5a55 Version bump: 10.1.9.2rc2. 2018-09-04 01:41:52 +02:00
hackademix 81ac052e1d Better file: protocol support. 2018-09-04 00:22:39 +02:00
hackademix 16cdbbe1cb Full-page placeholders for embedding documents. 2018-09-03 14:04:00 +02:00
hackademix b5d1fe6269 Version bump: 10.1.9.2rc1. 2018-09-03 13:50:09 +02:00
hackademix 1f71590a48 Version bump: 10.1.9.1. 2018-08-30 17:37:43 +02:00
hackademix 87d3401c0b Merge branch 'master' of https://github.com/hackademix/noscript
Merge pull request #17 from Lekensteyn/fix-serviceworker-check
2018-08-30 17:26:13 +02:00
hackademix 00444819fb Version bump: 10.1.9.1rc1 2018-08-30 17:25:38 +02:00
Peter Wu 6a0252c6de Fix fallback scripts when ServiceWorkers are unavailable
ServiceWorkers are not available in private browsing mode (and can be
disabled otherwise via about:config), be sure to check its availability.
Otherwise fallback scripts are not invoked which prevents redirections
in <noscript> tags from being executed (as observed with t.co).
2018-08-30 16:36:29 +02:00
hackademix eb158d9fa3 Version bump: 10.1.9. 2018-08-29 18:24:37 +02:00
hackademix be3ab16315 Fixed typo in restricted.js inclusion. 2018-08-29 00:16:48 +02:00
hackademix 215b8ac18e Version bump: 10.1.9rc6. 2018-08-29 00:11:21 +02:00
hackademix b1b059ae80 Version bump: 10.1.9rc5. 2018-08-29 00:02:13 +02:00
hackademix 22df979973 Better timing feedback for permissions changes in the popup UI. 2018-08-28 23:40:20 +02:00
hackademix 5c3d5354f2 Reload-less service worker busting. 2018-08-28 23:28:06 +02:00
hackademix 9b32ee8794 Version bump: 10.1.9rc4. 2018-08-28 23:27:36 +02:00
hackademix e8716657e4 Reordered startup sequence to be more friendly with embedders like the Tor Browser. 2018-08-28 17:21:56 +02:00
hackademix 5bfba8a40f
Merge pull request #16 from rustybird/started
Broadcast a "started" message after initialization
2018-08-28 00:34:17 +02:00
Rusty Bird 26bfd899f9
Broadcast a "started" message after initialization
Other extensions listening in on NoScript's messages (e.g. Torbutton)
can take this message as an indication that it's now safe to send an
"updateSettings" message to NoScript without immediately getting
clobbered by the configuration loader.

See https://trac.torproject.org/projects/tor/ticket/26520 for context.
2018-08-27 22:29:16 +00:00
hackademix e2b63cf982 Further CSP refactoring and removal of obsolete fallbacks. 2018-08-27 18:55:00 +02:00
hackademix 6e80d3f130 Let content script inject failsafe CSP in the DOM. 2018-08-27 18:55:00 +02:00
hackademix e82e961dd7 Refactoring CSP building out of RequestGuard. 2018-08-27 18:55:00 +02:00
hackademix b5d7266c50 Updated TLD support. 2018-08-27 18:54:44 +02:00
hackademix 45c9d25da8 Version bump: 10.1.9rc1 2018-08-27 18:48:04 +02:00
hackademix ab3827b42d Version bump: 10.1.8.23. 2018-08-25 11:38:19 +02:00
hackademix a1e567e9ec Hotfix for some possible reload loops before refactoring CSP management. 2018-08-25 11:29:43 +02:00
hackademix 5e397a3bf8 Version bump: 10.1.8.22. 2018-08-24 23:06:24 +02:00
hackademix e0453b3f3e Version bump: 10.1.8.21. 2018-08-24 22:46:58 +02:00
hackademix 7913e29a92 Fixed infinite reload loop on unrestricted tabs. 2018-08-24 22:28:05 +02:00
hackademix fc92be83c3 Fixed minor CSP buildig issues. 2018-08-24 22:14:38 +02:00
hackademix 1ce446f871 Version bump: 10.1.8.21rc1. 2018-08-24 22:12:34 +02:00
hackademix ce16a79a7d Version bump: 10.1.8.20. 2018-08-24 03:33:37 +02:00
hackademix caed2cfa1e Fixed Sites.domainImplies() misplaced optimization. 2018-08-24 02:58:46 +02:00
hackademix d4e1ef5c87 [L10n] Added Catalan (ca) 2018-08-24 02:56:10 +02:00
hackademix de37b91121 Version bump: 10.1.8.20rc1. 2018-08-24 02:52:45 +02:00
hackademix 32ae22b7a7 Version bump: 10.1.8.19. 2018-08-23 23:41:11 +02:00
hackademix 483fad9b8a Do not fail when onHeadersProcessed is called with no stored pending request. 2018-08-23 22:55:26 +02:00
hackademix c2067c0509 Version bump: 10.1.8.19rc2. 2018-08-23 22:53:22 +02:00
hackademix 9f67a125b8 Fixed regression: framed documents' URLs not being reported in the UI. 2018-08-23 19:38:28 +02:00
hackademix dbc9575c68 Version bump: 10.1.8.19rc1. 2018-08-23 19:38:16 +02:00
hackademix 8c35cae4c1 Version bump: 10.1.8.18. 2018-08-23 18:10:06 +02:00
hackademix 286acd2079 More resilient and optimized version of Sites.domainImplies(). 2018-08-23 17:48:38 +02:00
hackademix 60c299c4f1 Update ChildPolicies when automatic temp TRUST for top-level document s is enabled. 2018-08-23 17:09:26 +02:00
hackademix 4ce026a16c Fixed messages from content scripts being "eaten" by the wrong dispatcher when UI is open (thanks skriptimaahinen). 2018-08-23 16:23:49 +02:00
hackademix fc6251c0ab Fixed typo causing accidental permissions/status mismatches being checked only while pages are still loading (thanks skriptimaahinen). 2018-08-23 15:57:09 +02:00
hackademix 80e1f10db5 Fixed typo in XSS name sanitization script injection (thanks skriptimaahinen). 2018-08-23 15:33:47 +02:00
hackademix a874f6031c Version bump: 10.1.8.18rc1. 2018-08-23 15:29:01 +02:00
hackademix 5f3c46184a Version bump: 10.1.8.17. 2018-08-22 22:53:48 +02:00
hackademix 66ddfcbecc Fix: Sites.domainImplies() should match subdomains. 2018-08-22 18:02:44 +02:00
hackademix 075a5ad0e0 More coherent wrapper around the webex messaging API. 2018-08-22 16:34:16 +02:00
hackademix 48c04726b8 Version bump: 10.1.8.17rc8. 2018-08-22 15:45:54 +02:00
hackademix 1de1db3c29 Fixed possible surprises in background script message handling. 2018-08-21 23:54:04 +02:00
hackademix 91334fe944 Fixed inconstitencies in ChildPolicies content script URL matching. 2018-08-21 23:51:59 +02:00
hackademix e742e5d801 Version bump: 10.1.8.17rc7. 2018-08-21 14:44:22 +02:00
hackademix dc4ab14c92 Simpler and more reliable safety net to ensure CSP headers are injected last among WebExtensions. 2018-08-20 23:45:33 +02:00
hackademix f7fcdb37a3 Version bump: 10.1.8.17rc6. 2018-08-20 23:41:07 +02:00
hackademix 8e1dc9e0ee Fixed regression: refresh loop on page using requests of type="object" to cache images, stylesheets and other types. 2018-08-19 01:30:14 +02:00
hackademix cf8482116d Version bump: 10.1.8.17rc5. 2018-08-19 01:28:58 +02:00
hackademix bb232e0895 More reliable attempt to run onResponseHeader listener the last of installed extension. 2018-08-18 22:52:34 +02:00
hackademix 3819592dfc [L10n] Updated ru (new) and de. 2018-08-18 22:46:29 +02:00
hackademix ee48e5c7d9 [XSS] Updated HTML events matching generation to use both latest Mozilla source code and archived data since Firefox ESR 52. 2018-08-18 15:25:03 +02:00
hackademix 6eee6147eb Version bump: 10.1.8.17rc4. 2018-08-18 11:33:24 +02:00
hackademix 8c8b959474
Merge pull request #13 from Lekensteyn/empty-tld-fixes
Fix policy configuration for domains without dots
2018-08-18 03:27:35 +02:00
hackademix 2f9c5299af Removed all references to RequestUtil.js and dependancies. 2018-08-18 03:20:33 +02:00
hackademix e959accb70 Hack: use top.name to store per-tab content-side configuration (e.g. unrestricted tab status). 2018-08-17 09:07:11 +02:00
hackademix 50d71ca381 [l10n] tr and br from Transifex. 2018-08-17 08:45:34 +02:00
hackademix 57d883d63e Policy serialization using the contentScripts API. 2018-08-16 23:43:36 +02:00
Peter Wu 49e34cd176 Fix policy configuration for domains without dots
Make sure that hosts such as "_gateway" (from systemd nss-myhostname) or
"master" (a local domain from DHCP) can be configured in the popup.
2018-08-15 18:40:48 +02:00
hackademix 2c75eedadd Version bump: 10.1.8.17rc3. 2018-08-13 01:37:45 +02:00
hackademix af4ec5c169 "High contrast appearance" option to override high contrast themes auto-detection. 2018-08-13 01:33:40 +02:00
hackademix 8caa2536bd Best effort to run webRequest.onHeaderReceived listener last (issue #6) 2018-08-07 09:53:01 +02:00
hackademix 2250d51aa4 Version bump: 10.1.8.17rc2. 2018-08-06 01:24:08 +02:00
hackademix 2990ca5f2c Fixed unlocalized NoScript Options title. 2018-08-06 01:23:59 +02:00
hackademix 99e8c8b09f Skip non-content windows when deferring startup page loading. 2018-08-01 19:07:37 +02:00
hackademix ce541c4a53 Broader detection of UTF-8 encoding in responses. 2018-08-01 18:53:38 +02:00
hackademix 9782ab02d5 Fixed inline scripts not being reported to UI (skriptimaahinen). 2018-08-01 18:13:39 +02:00
hackademix 76190a644e Improved support for debugging code removal in releases. 2018-08-01 17:48:45 +02:00
hackademix 140d8759cf Fixed startup race condition with pending request tracking. 2018-08-01 17:47:57 +02:00
hackademix bc834a034e Fixed updating NoScript reloads tabs with revoked temporary permissions. 2018-08-01 17:32:16 +02:00
hackademix a283ea1575 Version bump: 10.1.8.17rc1. 2018-07-28 23:52:06 +02:00
hackademix 6f710640fa Version bump: 10.1.8.16. 2018-07-28 14:44:22 +02:00
hackademix d64e480275 Fixed random stallings on page transitions. 2018-07-28 14:37:18 +02:00
hackademix 3eb5be743d Version bump: 10.1.8.16rc1. 2018-07-28 13:59:44 +02:00
hackademix c5b477457a Version bump: 10.1.8.15. 2018-07-28 12:58:47 +02:00
hackademix f82b1e376c Fixed browser action icon not being updated on BF cache navigation. 2018-07-28 12:50:30 +02:00
hackademix ca0273f9cd Version bump: 10.1.8.15rc1. 2018-07-28 12:42:51 +02:00
hackademix ff970df845 Version bump: 10.1.8.14. 2018-07-28 09:21:28 +02:00
hackademix 6e75750f45 Version bump: 10.1.8.13. 2018-07-28 09:16:30 +02:00
hackademix fdf4ff3a39 Fixed regression in NOSCRIPT elements emulation. 2018-07-28 09:10:31 +02:00
hackademix d39f68cb88 Version bump: 10.1.8.13rc1. 2018-07-28 09:09:26 +02:00
hackademix 3e6caf4f20 Version bump: 10.1.8.12. 2018-07-28 03:12:25 +02:00
hackademix 07a4e7ba30 Version bump: 10.1.8.11rc1. 2018-07-28 03:05:11 +02:00
hackademix 36cb28b842 Fixed some video streams not playing anymore. 2018-07-28 03:04:13 +02:00
hackademix 0b2691a775 Version bump: 10.1.8.10. 2018-07-28 02:24:41 +02:00
hackademix d45209060f Fixed window.stop() called in empty suframes. 2018-07-28 02:19:48 +02:00
hackademix 10d0809b74 Version bump: 10.1.8.10rc1. 2018-07-28 02:18:05 +02:00
hackademix 5c85ae8a8a Version bump: 10.1.8.9. 2018-07-27 11:10:37 +02:00
hackademix 21810063d0 Disable scripting in HTML-embedding objects where webglHook cannot run, if webgl not allowed. 2018-07-26 23:48:20 +02:00
hackademix 4e62643b33 Version bump: 10.1.8.9rc9. 2018-07-26 23:19:51 +02:00
hackademix d3cacf634f More edge cases covered in dynamic script injection. 2018-07-26 19:33:46 +02:00
hackademix a8a6dd4c7b Version bump: 10.1.8.9rc8. 2018-07-26 16:32:20 +02:00
hackademix 0f089105da Updated TLDs. 2018-07-26 11:45:55 +02:00
hackademix c41ec107cb [XSS] Updated HTML event attributes matching. 2018-07-26 11:45:30 +02:00
hackademix 1006f09de2 Fixed some resource loading feedback glitches. 2018-07-26 11:42:35 +02:00
hackademix 86d1390875 Version bump: 10.1.8.9rc7. 2018-07-26 11:28:27 +02:00
hackademix fb9619ec99 Merge branch 'master' of https://github.com/hackademix/noscript
[L10n] Fixed little typos in it locale (SebastianoPistore)
2018-07-25 14:43:30 +02:00
hackademix 51732dd2c0
Merge pull request #3 from SebastianoPistore/master
Update ITA translation
2018-07-25 14:41:12 +02:00
hackademix 5e5839c036 Version bump: 10.1.8.9rc6. 2018-07-25 14:38:18 +02:00
hackademix a46d085ff7 Fix for stalling embedded objects load on dynamic script injection. 2018-07-25 14:36:32 +02:00
hackademix d88a0cf6d7 Fixed infinite reload loops on scripting permissions mismatches. 2018-07-25 11:08:43 +02:00
hackademix 391c8b402a Version bump: 10.1.8.9rc5. 2018-07-25 10:39:14 +02:00
SebastianoPistore 952392b95c
Update ITA translation
- fix little typos
2018-07-25 10:14:20 +02:00
hackademix 8d6f963022 Work-around for serviceWorker loads bypassing webRequest. 2018-07-24 23:21:01 +02:00
hackademix ec79210bd1 [UI] More flexible CSS layout for preset buttons. 2018-07-24 23:19:53 +02:00
hackademix 32874841ca [XSS] Updated HTML events matching. 2018-07-24 23:19:03 +02:00
hackademix ea4703ecd7 Version bump: 10.1.8.9rc4. 2018-07-24 14:46:36 +02:00
hackademix 4302246ac0 More reliable handling of edge startup cases. 2018-07-22 19:14:54 +02:00
hackademix 81b3851256 Fixed dynamic script injection failing sometimes with "No matching message handler" error. 2018-07-22 17:10:05 +02:00
hackademix e7fcd76705 Updated TLDs. 2018-07-21 22:50:26 +02:00
hackademix fa45c1359e Version bump: 10.1.8.9rc3. 2018-07-21 15:44:48 +02:00
hackademix 163467f82b Fixed externally handled resources opened in popups being broken by dynamic script injection. 2018-07-20 23:35:43 +02:00
hackademix 570cf0456c Prevent multiple canScript content messages during the same page load. 2018-07-20 23:30:14 +02:00
hackademix 9382bbd911 Replaced unicode glyphs missing on some platforms and in the Tor Browser. 2018-07-20 16:19:49 +02:00
hackademix b1e4791d0a Version bump: 10.1.8.9rc2. 2018-07-20 16:03:56 +02:00
hackademix 580450b463 Refactor ContentMetadata into ResponseMetaData. 2018-07-19 01:04:35 +02:00
hackademix 0910566926 Removed useless work-around suggested in moz bug 1410755 which caused Tor Browser content process crashes. 2018-07-19 00:31:34 +02:00
hackademix c0fbf92cfa Version bump: 10.1.8.9rc1. 2018-07-19 00:07:18 +02:00
hackademix d872b70769 Version bump: 10.1.8.8. 2018-07-17 18:12:09 +02:00
hackademix 5a60d58d24 Prevent script injection from messing with content-disposition=attachment responses. 2018-07-17 12:10:17 +02:00
hackademix 493d40021a Version bump: 10.1.8.8rc1. 2018-07-17 12:03:48 +02:00
hackademix 58651ca4b4 Version bump: 10.1.8.7. 2018-07-17 00:14:23 +02:00
hackademix b807a8bf02 Version bump: 10.1.8.6. 2018-07-16 23:49:18 +02:00
hackademix 31b2f5bbd2 Fixed regression breaking meta refreshes with relative URLs. 2018-07-16 23:45:10 +02:00
hackademix 859cb65d82 Version bump: 10.1.8.6rc1. 2018-07-16 23:43:27 +02:00
hackademix 9e72e9321c Version bump: 10.1.8.5. 2018-07-16 17:34:16 +02:00
hackademix 37928bd2c3 Completed fix for quoted URLs confusing meta refresh emulation. 2018-07-16 17:24:54 +02:00
hackademix 909e96012c Version bump: 10.1.8.5rc1. 2018-07-16 17:23:50 +02:00
hackademix ad6187dfd8 Cosmetic bug fixes. 2018-07-16 15:55:01 +02:00
hackademix f6b7232857 Updated TLDs. 2018-07-16 15:53:55 +02:00
hackademix 4101c9087c Version bump: 10.1.8.4. 2018-07-16 15:53:10 +02:00
hackademix a8f1b80012 [l10n] Fixed es. 2018-07-16 15:52:26 +02:00
hackademix 72b2ecf47c Version bump: 10.1.8.3. 2018-07-16 12:23:19 +02:00
hackademix 25719ddc5e Fixed cleaning up reloadingTabs in StreamFilter.onstart() was still breaking some feeds sometimes. 2018-07-12 22:58:52 +02:00
hackademix 7e3decc8f4 [XSS] Fixed anti-HPP coalescing wrongly applied to POST requests causing JSON reduction optimization to choke on big payloads. 2018-07-12 18:58:57 +02:00
hackademix 8f6574661d Fixed first popup row not showing the initial site active preset. 2018-07-12 16:01:26 +02:00
hackademix 54dd9fa754 Removed deprecated windowType usages. 2018-07-12 15:58:42 +02:00
hackademix 66adf2720e Fixed meta-refresh emulation getting confused by quoted URLs. 2018-07-12 02:10:22 +02:00
hackademix a9e1051018 Version bump: 10.1.8.3rc11. 2018-07-12 02:09:21 +02:00
hackademix 5937dd5e08 Restored UNTRUSTED label localized string previously modified for testing. 2018-07-12 00:11:54 +02:00
hackademix 2bf06beae5 Autosize preset buttons final. 2018-07-12 00:04:53 +02:00
hackademix 9815e0f7cf Fixed race condition in work-around for broken feeds in ESR60. 2018-07-11 19:26:50 +02:00
hackademix 9a0a76ec3c Autosize preset buttons part 2. 2018-07-11 03:03:30 +02:00
hackademix 842caf7340 Made preset buttons automatically sized according to their (localized) content. 2018-07-11 00:53:25 +02:00
hackademix 74e20bb3eb Reload hack to let the RSS feed reader work on ESR60 2018-07-10 23:56:19 +02:00
hackademix d03e810f1b Changed "script count" into "blocked items count" in badge appearance option. 2018-07-10 15:47:44 +02:00
hackademix 3ae5cd55c9 Reverted <noscript> replacement to <span> over fingerprinting concerns. 2018-07-09 23:22:36 +02:00
hackademix 609a6fec3d Version bump: 10.1.8.3rc10. 2018-07-09 23:21:52 +02:00
hackademix 17a0426c32 More specific dynamic script injection exceptions. 2018-07-09 19:32:24 +02:00
hackademix c6882356d3 Fixed label sizes in de localized messages. 2018-07-09 19:30:49 +02:00
hackademix 7dfa2e640b Added two library files (one, lib/restricted.js, missing from rc8 tag) and version bump. 2018-07-09 19:29:23 +02:00
hackademix 103324e5d2 More graceful handling of internal and restricted URLs. 2018-07-09 01:36:28 +02:00
hackademix 5217db79ce Content-side DOM insertions made compatible with XML document. 2018-07-09 00:09:34 +02:00
hackademix dac392deda More specific content-type exception for dynamic script injection. 2018-07-09 00:08:26 +02:00
hackademix 48690ee92e Removed console.log() patching test code accidentally committed in media.js. 2018-07-08 22:27:53 +02:00
hackademix 10d4986b7a Added de, es, fr, it, nl, pt_BR and zh_CN locales (courtesy of Mozilla's localization campaign). 2018-07-08 22:22:54 +02:00
hackademix 183f0bc100 Truncate preset labels which exceed the button size, accomodating for longer localized strings. 2018-07-08 22:20:24 +02:00
hackademix df24338a04 Use a custom <no-script> element as <NOSCRIPT> replacement. 2018-07-08 14:07:08 +02:00
hackademix 20f80666fe Version bump: 10.1.8.3rc8. 2018-07-08 10:20:13 +02:00
hackademix cf1b413bff Fixed <NOSCRIPT> replacements to be inline elements. 2018-07-08 10:02:11 +02:00
hackademix 0ad5f95eb4 Fixed dynamic script injection breaking images shown as frame content. 2018-07-07 01:28:20 +02:00
hackademix 093b9d724e Work-around for onload not being fired on XML documents in Tor Browser/ESR60. 2018-07-06 04:01:44 +02:00
hackademix 799d99bd10 Version bump to 10.1.8.3rc7. 2018-07-06 01:01:22 +02:00
hackademix 1ee85084f7 More informative / useful popup on (semi)privileged pages. 2018-07-06 00:59:12 +02:00
hackademix 57eaa94dde Backport dynamic script injection to Tor Browser / Fx ESR60. 2018-07-03 19:36:39 +02:00
hackademix 8ae9513f75 Provide a uuid function fallback which doesn't fail in the Tor Browser. 2018-07-03 19:35:33 +02:00
hackademix 5c71c94a13 Version bumb to 10.1.8.3rc6. 2018-07-03 19:32:45 +02:00
hackademix e2a8c5768f XSS filter autoupdated to latest HTML events supported by the browser 2018-07-03 17:06:46 +02:00
hackademix e0ae64871e Fixed regression: dynamic script injection breaking images loaded as frame content. 2018-07-03 17:02:58 +02:00
hackademix 81bd93a72d Simplified and apparently more reliable+flexible+efficient dynamic script injection method. 2018-07-02 01:50:32 +02:00
hackademix eceae7187a Initial commit starting at version 10.1.8.3rc4. 2018-07-01 01:01:23 +02:00