661a2a436b
Chromium-compatible popup closure handling.
2019-03-28 13:04:36 +01:00
c806c6bbff
Work-around for potential issues with legacy prefs.
2019-03-28 13:04:36 +01:00
5327505fba
Chromium-compatible version number.
2019-03-28 13:04:36 +01:00
75ea681b9f
Remove source map reference because of https://bugzilla.mozilla.org/show_bug.cgi?id=1437937
2019-03-28 13:04:36 +01:00
c003a5123a
Fixed manifest description for cross-browser and chrome web store usage.
2019-03-28 13:04:05 +01:00
b9373c65b1
Merge branch 'chromium' into merge/chromium
2019-03-27 23:43:34 +01:00
d77df5c9e4
Version bump: 10.2.5.
2019-03-24 23:55:06 +01:00
d299436a08
Better detection of privileged URLs in the XSS filter.
2019-03-24 23:35:05 +01:00
b825935788
Version bump: 10.2.5rc1.
2019-03-24 23:06:50 +01:00
c2ec91f7a6
Version bump: 10.2.4.
2019-03-20 23:46:25 +01:00
4f95364bbf
Improved prompts layout.
2019-03-20 23:42:10 +01:00
169d5f085a
Improved unscanned POST blocking.
2019-03-20 23:34:32 +01:00
cab9d0ea74
Version bump: 10.2.4rc1.
2019-03-20 23:32:46 +01:00
8c8dc258eb
Version bump: 10.2.3.
2019-03-19 23:23:56 +01:00
3bb748fda2
Version bump: 10.2.3rc3.
2019-03-19 23:19:25 +01:00
57b222c48b
Updated Transifex-managed locales.
2019-03-19 23:19:10 +01:00
fa623fe400
Fixed searches from the url bar causing XSS warnings in the Tor Browser.
2019-03-19 23:11:18 +01:00
c505c3e999
Version bump: 10.2.3rc2.
2019-03-19 23:10:19 +01:00
ea894393f1
Improved popup initialization perceived speed.
2019-03-19 13:46:58 +01:00
f04fbd790e
Fixed popup top buttons not visible in high contrast appearance mode.
2019-03-19 13:46:19 +01:00
0052e4b702
Version bump: 10.2.3rc1.
2019-03-19 13:42:09 +01:00
ab65a0a423
Version bump: 10.2.2.
2019-03-17 23:21:20 +01:00
84fc537101
Updated Transifex-managed locales.
2019-03-17 23:06:50 +01:00
4f901eb1fa
Fixed ns.requestCan() using hardcoded "script" rather than its capability argument.
2019-03-16 15:48:55 +01:00
19d41bcc4e
Version bump: 10.2.2rc5.
2019-03-16 15:47:30 +01:00
921a7910f0
"General/Cascade top document's restrictions to subdocuments" option (default true on the Tor Browser).
2019-03-15 23:55:50 +01:00
c3c3a6a769
Remove double quotes around property names for consistency.
2019-03-15 23:34:09 +01:00
6edf62ca12
Version bump: 10.2.2rc4.
2019-03-15 23:02:50 +01:00
e0a2e34d9a
Added "incognito" manifest.json key.
2019-03-14 02:07:45 +01:00
d1dd278a81
Selective handling of Tor Browser options and work-around for https://bugzilla.mozilla.org/show_bug.cgi?id=1532530
2019-03-14 01:57:58 +01:00
3f2453053b
Updated TLDs.
2019-03-14 00:22:43 +01:00
3bb9699ec7
Updated event names handled by InjectionChecker.
2019-03-14 00:22:06 +01:00
295d681c1b
Added missing await to async options saving.
2019-03-14 00:09:45 +01:00
0878ad2b0a
Remove usage of non-standard Array methods.
2019-02-01 01:17:58 +01:00
d152a53871
Removed non-standard uneval() usage.
2019-02-01 01:17:09 +01:00
20b689d015
Fallback XSS filtering to XSS Auditor since asynchronous webRequest handlers are not supported by Chromium.
2019-02-01 01:16:33 +01:00
2fa009673f
Conditional CSS toggle for non-mozilla browsers.
2019-02-01 01:13:26 +01:00
9b5bd1c775
Chromium-compatible UI stylesheets.
2019-02-01 00:31:43 +01:00
4e5f12a6c2
Differentiate Chromium restricted URLs (where extensions cannot operate).
2019-02-01 00:31:00 +01:00
781514cfb9
Graceful degradation for missing WebExtensions APIs on Chromium.
2019-02-01 00:28:33 +01:00
d076a517ba
Generic shims for Chromium derivatives.
2019-02-01 00:26:40 +01:00
82313cc766
Version bump: 10.2.2rc3.
2018-12-31 00:21:04 +01:00
c0956b20b9
Safer cookie-less check for unrestricted tabs from subdocuments.
2018-12-27 10:54:45 +01:00
8493f63e25
Version bump: 10.2.2rc2.
2018-12-27 10:47:05 +01:00
74f08a58d0
[Locale] Added sv_SE (by Jonatan Nyberg).
2018-12-27 00:16:45 +01:00
357906df78
Fix for unrestricted tabs not affecting about:blank subframes (issue #48 ).
2018-12-26 23:44:36 +01:00
f341217e0a
[XSS] Updated known HTML events lists.
2018-12-26 22:35:10 +01:00
33447ef6c2
Version bump: 10.2.2rc1.
2018-12-25 23:30:07 +01:00
35faebf81b
Version bump: 10.2.1.
2018-12-23 14:42:48 +01:00
bbd050a174
Cascade top document's restrictions to subframes (Tor issue #28873 ).
2018-12-17 17:43:19 +01:00
c3e803a7dc
Version bump: 10.2.1rc3.
2018-12-17 17:42:53 +01:00
8f0bdc1493
Fix restored media element from placeholder not loading previously blocked content.
2018-12-06 22:51:53 +01:00
07b9084829
Version bump: 10.2.1rc2.
2018-12-05 15:25:23 +01:00
c94cd48752
Fixed placeholders missing for some blocked embeddings (Tor ticket #28720 ).
2018-12-05 10:10:26 +01:00
68d0cd0568
Version bump: 10.2.1rc1.
2018-12-05 10:10:26 +01:00
9e70392b90
Version bump: 10.2.0.
2018-11-25 23:40:39 +01:00
e20acbcb99
Version bump: 10.2.
2018-11-25 23:34:11 +01:00
82bed35e6c
Limit fix for issue #41 to origin-less fetch (exclude frames).
2018-11-25 23:00:08 +01:00
d93c87954c
[L10n] Updated fr, he.
2018-11-25 19:19:16 +01:00
5c5c06f0c3
Version bump: 10.2rc2.
2018-11-25 19:19:06 +01:00
83979c532e
Allow extensions to perform origin-less fetching and framing (issue #41 ).
2018-11-24 23:43:32 +01:00
1dcbc7ebfc
Fixed meta refresh inside <NOSCRIPT> emulation breaking Firefox's built-in refresh blocking.
2018-11-17 22:56:30 +01:00
24f738337b
Fixed issue #35 "tabId is not defined" on startup.
2018-11-12 02:18:58 +01:00
6860ee2a40
Darker red badge background to ensure text is kept white across browsers.
2018-10-26 01:36:11 +02:00
c1f359ddf4
Version bump: 10.2rc1.
2018-10-26 01:34:51 +02:00
9afc2e7f2b
Version bump: 10.1.9.9.
2018-10-16 13:24:50 +02:00
f9703b2bcb
Fixed potential race condition in per-tab configuration cookie hack.
2018-10-14 23:18:31 +02:00
e3dc784cd4
Version bump: 10.1.9.9rc2.
2018-10-14 23:18:23 +02:00
808fd652be
Use cookie instead of window.name as a tab-configuration hack.
2018-10-13 10:08:37 +02:00
e44fce3ebd
Set tab restrictions status across all frames.
2018-10-12 22:35:46 +02:00
8c37d74a19
Version bump: 10.1.9.9rc1.
2018-10-12 22:21:23 +02:00
ec997edc10
Version bump to 10.1.9.8 because of erronous self-hosting AMO signing.
2018-10-06 18:27:17 +02:00
bb4660e89f
Version bump: 10.1.9.7.
2018-10-06 18:20:02 +02:00
fc4ab21b2d
[L10n] Updated ru (thanks fatboy).
2018-10-06 18:13:27 +02:00
209d50b0c1
Simplified CSP HTTP header injection, avoiding report-to until actually supported by browsers.
2018-10-06 18:13:27 +02:00
c9c7b7aefe
Fixed preset customization UI showing inherited DEFAULT permissions if a protocol-level preset exists.
2018-10-06 18:13:19 +02:00
4bd8da62b8
Version bump: 10.1.9.7rc3.
2018-10-06 12:28:26 +02:00
55ccd14dfe
Better UX for overriding protocol-level permissions.
2018-10-06 02:11:49 +02:00
ddbd70416c
[L10n] Updated (es, ru) and new (el, he, ms, nb) locales from OTF's Localization Lab Transifex project.
2018-10-06 02:06:38 +02:00
ffc0b0d8b0
Version bump: 10.1.9.7rc2.
2018-10-04 23:11:15 +02:00
f9a05c7361
Norwegian Bokmål translation
2018-10-03 14:21:15 +02:00
321401f60e
[XSS] Updated HTML5 events matching.
2018-09-26 17:42:07 +02:00
92eed7d700
FTP directory UI emulation on script-disabled domains.
2018-09-26 17:19:44 +02:00
8b36446fc9
Include ftp:// URLs in non-secure domain matching.
2018-09-26 16:52:06 +02:00
f4055263c7
Version bump: 10.1.9.7rc1.
2018-09-26 15:59:36 +02:00
e4e1c83f2c
Fixed line endings.
2018-09-15 22:11:31 +02:00
297fec781f
Version bump: 10.1.9.6.
2018-09-14 07:36:13 +02:00
98528299cd
[XSS] Updated known HTML5 events.
2018-09-14 07:21:22 +02:00
fcb9fb8452
Version bump: 10.1.9.6rc3.
2018-09-14 07:19:03 +02:00
71c82b5084
Gracefully handle legacy message recipients.
2018-09-14 07:18:10 +02:00
8c739b064c
Removed unused regexp.
2018-09-10 19:23:47 +02:00
48053d96d4
Better IPV6 support.
2018-09-10 19:10:32 +02:00
2b45fcb9a4
Version bump: 10.1.9.6rc2.
2018-09-10 19:09:46 +02:00
f88a6a6d6d
Streamlined child policy content scripts.
2018-09-10 11:34:22 +02:00
6414195445
Version bump: 10.1.9.6rc1.
2018-09-09 23:47:15 +02:00
050aa8b83b
SUpport for protocol-only entries in UI.
2018-09-09 23:46:49 +02:00
16d1b03062
Version bump: 10.1.9.5.
2018-09-09 19:07:28 +02:00
305c6779a7
Fix for various content script timing related issues.
2018-09-09 18:59:52 +02:00
193e706a99
Version bump: 10.1.9.5rc1.
2018-09-09 17:41:39 +02:00
5629377921
Version bump: 10.1.9.4.
2018-09-09 15:04:17 +02:00
9b3b5e0503
Prevent total breakages when policies accidentally map to invalid match patterns.
2018-09-09 15:00:08 +02:00
1cfb3117ef
Prevent multiple CSP entries to be injected in the DOM on each reload if scripting is disabled.
2018-09-09 14:58:55 +02:00
002c8f8b67
Message loops checks coping with multiple options window.
2018-09-09 14:57:09 +02:00
c5cbb8abfc
Version bump: 10.1.9.4rc1.
2018-09-09 12:23:33 +02:00
1323fb8142
Version bump: 10.1.9.3.
2018-09-09 08:23:06 +02:00
eb85395a01
Fixed message handling regression causing incompatibilities with embedders and potential internal loops.
2018-09-09 08:21:03 +02:00
ffc688d57a
Version bump: 10.1.9.3rc1.
2018-09-09 08:04:55 +02:00
5a76ed6778
Version bump: 10.1.9.2.
2018-09-09 00:55:41 +02:00
4f7d8579af
More efficient window.name persistence for tab-scoped permissions.
2018-09-08 23:09:39 +02:00
b60cbbd49e
Site parsing more resilient to bogus input.
2018-09-08 14:37:33 +02:00
746655c885
Fixed regression: undefined fake request.url ends to for inline scripts CSP reports.
2018-09-08 14:36:47 +02:00
28c9a50b17
Version bump: 10.1.9.2rc4.
2018-09-08 13:03:25 +02:00
7514aa20f9
Saner message dispatching.
2018-09-08 11:50:40 +02:00
9edcf2f1f7
Restored it locale.
2018-09-05 17:09:45 +02:00
97d4c22669
Work-around for a potential race condition in message handling on extension updates.
2018-09-05 15:51:43 +02:00
ec0d7b4aff
Fixed possible null reference errors in Sites.origin().
2018-09-05 15:50:27 +02:00
ce5d46ead2
Init the CUSTOM preset not just with the capabilities, but also with the "temporary" status of the previously selected one.
2018-09-05 15:43:55 +02:00
b779e7122f
Fixed bug in requestKey generation.
2018-09-05 11:31:28 +02:00
c98bddeb4d
Version bump: 10.1.9.2rc3.
2018-09-05 11:26:04 +02:00
3bf909c927
[l10n] Transifex integration.
2018-09-05 00:44:27 +02:00
f95f7b809d
Ensure we remove the HEAD element parent of our META CSP policy only if we created it.
2018-09-04 22:43:00 +02:00
1814bfa03d
Work-around for CSP not being honored when the HEAD element has not been inserted yet.
2018-09-04 19:48:07 +02:00
26470b84f6
Transparent support for FQDNs and better management of file:/// URLs.
2018-09-04 19:28:16 +02:00
df149a5a55
Version bump: 10.1.9.2rc2.
2018-09-04 01:41:52 +02:00
81ac052e1d
Better file: protocol support.
2018-09-04 00:22:39 +02:00
16cdbbe1cb
Full-page placeholders for embedding documents.
2018-09-03 14:04:00 +02:00
b5d1fe6269
Version bump: 10.1.9.2rc1.
2018-09-03 13:50:09 +02:00
1f71590a48
Version bump: 10.1.9.1.
2018-08-30 17:37:43 +02:00
87d3401c0b
Merge branch 'master' of https://github.com/hackademix/noscript
...
Merge pull request #17 from Lekensteyn/fix-serviceworker-check
2018-08-30 17:26:13 +02:00
00444819fb
Version bump: 10.1.9.1rc1
2018-08-30 17:25:38 +02:00
6a0252c6de
Fix fallback scripts when ServiceWorkers are unavailable
...
ServiceWorkers are not available in private browsing mode (and can be
disabled otherwise via about:config), be sure to check its availability.
Otherwise fallback scripts are not invoked which prevents redirections
in <noscript> tags from being executed (as observed with t.co).
2018-08-30 16:36:29 +02:00
eb158d9fa3
Version bump: 10.1.9.
2018-08-29 18:24:37 +02:00
be3ab16315
Fixed typo in restricted.js inclusion.
2018-08-29 00:16:48 +02:00
215b8ac18e
Version bump: 10.1.9rc6.
2018-08-29 00:11:21 +02:00
b1b059ae80
Version bump: 10.1.9rc5.
2018-08-29 00:02:13 +02:00
22df979973
Better timing feedback for permissions changes in the popup UI.
2018-08-28 23:40:20 +02:00
5c3d5354f2
Reload-less service worker busting.
2018-08-28 23:28:06 +02:00
9b32ee8794
Version bump: 10.1.9rc4.
2018-08-28 23:27:36 +02:00
e8716657e4
Reordered startup sequence to be more friendly with embedders like the Tor Browser.
2018-08-28 17:21:56 +02:00
5bfba8a40f
Merge pull request #16 from rustybird/started
...
Broadcast a "started" message after initialization
2018-08-28 00:34:17 +02:00
26bfd899f9
Broadcast a "started" message after initialization
...
Other extensions listening in on NoScript's messages (e.g. Torbutton)
can take this message as an indication that it's now safe to send an
"updateSettings" message to NoScript without immediately getting
clobbered by the configuration loader.
See https://trac.torproject.org/projects/tor/ticket/26520 for context.
2018-08-27 22:29:16 +00:00
e2b63cf982
Further CSP refactoring and removal of obsolete fallbacks.
2018-08-27 18:55:00 +02:00
6e80d3f130
Let content script inject failsafe CSP in the DOM.
2018-08-27 18:55:00 +02:00
e82e961dd7
Refactoring CSP building out of RequestGuard.
2018-08-27 18:55:00 +02:00
b5d7266c50
Updated TLD support.
2018-08-27 18:54:44 +02:00
45c9d25da8
Version bump: 10.1.9rc1
2018-08-27 18:48:04 +02:00
ab3827b42d
Version bump: 10.1.8.23.
2018-08-25 11:38:19 +02:00
a1e567e9ec
Hotfix for some possible reload loops before refactoring CSP management.
2018-08-25 11:29:43 +02:00
5e397a3bf8
Version bump: 10.1.8.22.
2018-08-24 23:06:24 +02:00
e0453b3f3e
Version bump: 10.1.8.21.
2018-08-24 22:46:58 +02:00
7913e29a92
Fixed infinite reload loop on unrestricted tabs.
2018-08-24 22:28:05 +02:00
fc92be83c3
Fixed minor CSP buildig issues.
2018-08-24 22:14:38 +02:00
1ce446f871
Version bump: 10.1.8.21rc1.
2018-08-24 22:12:34 +02:00
ce16a79a7d
Version bump: 10.1.8.20.
2018-08-24 03:33:37 +02:00
caed2cfa1e
Fixed Sites.domainImplies() misplaced optimization.
2018-08-24 02:58:46 +02:00
d4e1ef5c87
[L10n] Added Catalan (ca)
2018-08-24 02:56:10 +02:00
de37b91121
Version bump: 10.1.8.20rc1.
2018-08-24 02:52:45 +02:00
32ae22b7a7
Version bump: 10.1.8.19.
2018-08-23 23:41:11 +02:00
483fad9b8a
Do not fail when onHeadersProcessed is called with no stored pending request.
2018-08-23 22:55:26 +02:00
c2067c0509
Version bump: 10.1.8.19rc2.
2018-08-23 22:53:22 +02:00
9f67a125b8
Fixed regression: framed documents' URLs not being reported in the UI.
2018-08-23 19:38:28 +02:00
dbc9575c68
Version bump: 10.1.8.19rc1.
2018-08-23 19:38:16 +02:00
8c35cae4c1
Version bump: 10.1.8.18.
2018-08-23 18:10:06 +02:00
286acd2079
More resilient and optimized version of Sites.domainImplies().
2018-08-23 17:48:38 +02:00
60c299c4f1
Update ChildPolicies when automatic temp TRUST for top-level document s is enabled.
2018-08-23 17:09:26 +02:00
4ce026a16c
Fixed messages from content scripts being "eaten" by the wrong dispatcher when UI is open (thanks skriptimaahinen).
2018-08-23 16:23:49 +02:00
fc6251c0ab
Fixed typo causing accidental permissions/status mismatches being checked only while pages are still loading (thanks skriptimaahinen).
2018-08-23 15:57:09 +02:00
80e1f10db5
Fixed typo in XSS name sanitization script injection (thanks skriptimaahinen).
2018-08-23 15:33:47 +02:00
a874f6031c
Version bump: 10.1.8.18rc1.
2018-08-23 15:29:01 +02:00
5f3c46184a
Version bump: 10.1.8.17.
2018-08-22 22:53:48 +02:00
66ddfcbecc
Fix: Sites.domainImplies() should match subdomains.
2018-08-22 18:02:44 +02:00
075a5ad0e0
More coherent wrapper around the webex messaging API.
2018-08-22 16:34:16 +02:00
48c04726b8
Version bump: 10.1.8.17rc8.
2018-08-22 15:45:54 +02:00
1de1db3c29
Fixed possible surprises in background script message handling.
2018-08-21 23:54:04 +02:00
91334fe944
Fixed inconstitencies in ChildPolicies content script URL matching.
2018-08-21 23:51:59 +02:00
e742e5d801
Version bump: 10.1.8.17rc7.
2018-08-21 14:44:22 +02:00
dc4ab14c92
Simpler and more reliable safety net to ensure CSP headers are injected last among WebExtensions.
2018-08-20 23:45:33 +02:00
f7fcdb37a3
Version bump: 10.1.8.17rc6.
2018-08-20 23:41:07 +02:00
8e1dc9e0ee
Fixed regression: refresh loop on page using requests of type="object" to cache images, stylesheets and other types.
2018-08-19 01:30:14 +02:00
cf8482116d
Version bump: 10.1.8.17rc5.
2018-08-19 01:28:58 +02:00
bb232e0895
More reliable attempt to run onResponseHeader listener the last of installed extension.
2018-08-18 22:52:34 +02:00
3819592dfc
[L10n] Updated ru (new) and de.
2018-08-18 22:46:29 +02:00
ee48e5c7d9
[XSS] Updated HTML events matching generation to use both latest Mozilla source code and archived data since Firefox ESR 52.
2018-08-18 15:25:03 +02:00
6eee6147eb
Version bump: 10.1.8.17rc4.
2018-08-18 11:33:24 +02:00
8c8b959474
Merge pull request #13 from Lekensteyn/empty-tld-fixes
...
Fix policy configuration for domains without dots
2018-08-18 03:27:35 +02:00
2f9c5299af
Removed all references to RequestUtil.js and dependancies.
2018-08-18 03:20:33 +02:00
e959accb70
Hack: use top.name to store per-tab content-side configuration (e.g. unrestricted tab status).
2018-08-17 09:07:11 +02:00
50d71ca381
[l10n] tr and br from Transifex.
2018-08-17 08:45:34 +02:00
57d883d63e
Policy serialization using the contentScripts API.
2018-08-16 23:43:36 +02:00
49e34cd176
Fix policy configuration for domains without dots
...
Make sure that hosts such as "_gateway" (from systemd nss-myhostname) or
"master" (a local domain from DHCP) can be configured in the popup.
2018-08-15 18:40:48 +02:00
2c75eedadd
Version bump: 10.1.8.17rc3.
2018-08-13 01:37:45 +02:00
af4ec5c169
"High contrast appearance" option to override high contrast themes auto-detection.
2018-08-13 01:33:40 +02:00
8caa2536bd
Best effort to run webRequest.onHeaderReceived listener last (issue #6 )
2018-08-07 09:53:01 +02:00
2250d51aa4
Version bump: 10.1.8.17rc2.
2018-08-06 01:24:08 +02:00
2990ca5f2c
Fixed unlocalized NoScript Options title.
2018-08-06 01:23:59 +02:00
99e8c8b09f
Skip non-content windows when deferring startup page loading.
2018-08-01 19:07:37 +02:00
ce541c4a53
Broader detection of UTF-8 encoding in responses.
2018-08-01 18:53:38 +02:00
9782ab02d5
Fixed inline scripts not being reported to UI (skriptimaahinen).
2018-08-01 18:13:39 +02:00
76190a644e
Improved support for debugging code removal in releases.
2018-08-01 17:48:45 +02:00
140d8759cf
Fixed startup race condition with pending request tracking.
2018-08-01 17:47:57 +02:00
bc834a034e
Fixed updating NoScript reloads tabs with revoked temporary permissions.
2018-08-01 17:32:16 +02:00
a283ea1575
Version bump: 10.1.8.17rc1.
2018-07-28 23:52:06 +02:00
6f710640fa
Version bump: 10.1.8.16.
2018-07-28 14:44:22 +02:00
d64e480275
Fixed random stallings on page transitions.
2018-07-28 14:37:18 +02:00
3eb5be743d
Version bump: 10.1.8.16rc1.
2018-07-28 13:59:44 +02:00
c5b477457a
Version bump: 10.1.8.15.
2018-07-28 12:58:47 +02:00
f82b1e376c
Fixed browser action icon not being updated on BF cache navigation.
2018-07-28 12:50:30 +02:00
ca0273f9cd
Version bump: 10.1.8.15rc1.
2018-07-28 12:42:51 +02:00
ff970df845
Version bump: 10.1.8.14.
2018-07-28 09:21:28 +02:00
6e75750f45
Version bump: 10.1.8.13.
2018-07-28 09:16:30 +02:00
fdf4ff3a39
Fixed regression in NOSCRIPT elements emulation.
2018-07-28 09:10:31 +02:00
d39f68cb88
Version bump: 10.1.8.13rc1.
2018-07-28 09:09:26 +02:00
3e6caf4f20
Version bump: 10.1.8.12.
2018-07-28 03:12:25 +02:00
07a4e7ba30
Version bump: 10.1.8.11rc1.
2018-07-28 03:05:11 +02:00
36cb28b842
Fixed some video streams not playing anymore.
2018-07-28 03:04:13 +02:00
0b2691a775
Version bump: 10.1.8.10.
2018-07-28 02:24:41 +02:00
d45209060f
Fixed window.stop() called in empty suframes.
2018-07-28 02:19:48 +02:00
10d0809b74
Version bump: 10.1.8.10rc1.
2018-07-28 02:18:05 +02:00
5c85ae8a8a
Version bump: 10.1.8.9.
2018-07-27 11:10:37 +02:00
21810063d0
Disable scripting in HTML-embedding objects where webglHook cannot run, if webgl not allowed.
2018-07-26 23:48:20 +02:00
4e62643b33
Version bump: 10.1.8.9rc9.
2018-07-26 23:19:51 +02:00
d3cacf634f
More edge cases covered in dynamic script injection.
2018-07-26 19:33:46 +02:00
a8a6dd4c7b
Version bump: 10.1.8.9rc8.
2018-07-26 16:32:20 +02:00
0f089105da
Updated TLDs.
2018-07-26 11:45:55 +02:00
c41ec107cb
[XSS] Updated HTML event attributes matching.
2018-07-26 11:45:30 +02:00
1006f09de2
Fixed some resource loading feedback glitches.
2018-07-26 11:42:35 +02:00
86d1390875
Version bump: 10.1.8.9rc7.
2018-07-26 11:28:27 +02:00
fb9619ec99
Merge branch 'master' of https://github.com/hackademix/noscript
...
[L10n] Fixed little typos in it locale (SebastianoPistore)
2018-07-25 14:43:30 +02:00
51732dd2c0
Merge pull request #3 from SebastianoPistore/master
...
Update ITA translation
2018-07-25 14:41:12 +02:00
5e5839c036
Version bump: 10.1.8.9rc6.
2018-07-25 14:38:18 +02:00
a46d085ff7
Fix for stalling embedded objects load on dynamic script injection.
2018-07-25 14:36:32 +02:00
d88a0cf6d7
Fixed infinite reload loops on scripting permissions mismatches.
2018-07-25 11:08:43 +02:00
391c8b402a
Version bump: 10.1.8.9rc5.
2018-07-25 10:39:14 +02:00
952392b95c
Update ITA translation
...
- fix little typos
2018-07-25 10:14:20 +02:00
8d6f963022
Work-around for serviceWorker loads bypassing webRequest.
2018-07-24 23:21:01 +02:00
ec79210bd1
[UI] More flexible CSS layout for preset buttons.
2018-07-24 23:19:53 +02:00
32874841ca
[XSS] Updated HTML events matching.
2018-07-24 23:19:03 +02:00
ea4703ecd7
Version bump: 10.1.8.9rc4.
2018-07-24 14:46:36 +02:00
4302246ac0
More reliable handling of edge startup cases.
2018-07-22 19:14:54 +02:00
81b3851256
Fixed dynamic script injection failing sometimes with "No matching message handler" error.
2018-07-22 17:10:05 +02:00
e7fcd76705
Updated TLDs.
2018-07-21 22:50:26 +02:00
fa45c1359e
Version bump: 10.1.8.9rc3.
2018-07-21 15:44:48 +02:00
163467f82b
Fixed externally handled resources opened in popups being broken by dynamic script injection.
2018-07-20 23:35:43 +02:00
570cf0456c
Prevent multiple canScript content messages during the same page load.
2018-07-20 23:30:14 +02:00
9382bbd911
Replaced unicode glyphs missing on some platforms and in the Tor Browser.
2018-07-20 16:19:49 +02:00
b1e4791d0a
Version bump: 10.1.8.9rc2.
2018-07-20 16:03:56 +02:00
580450b463
Refactor ContentMetadata into ResponseMetaData.
2018-07-19 01:04:35 +02:00
0910566926
Removed useless work-around suggested in moz bug 1410755 which caused Tor Browser content process crashes.
2018-07-19 00:31:34 +02:00
c0fbf92cfa
Version bump: 10.1.8.9rc1.
2018-07-19 00:07:18 +02:00
d872b70769
Version bump: 10.1.8.8.
2018-07-17 18:12:09 +02:00
5a60d58d24
Prevent script injection from messing with content-disposition=attachment responses.
2018-07-17 12:10:17 +02:00
493d40021a
Version bump: 10.1.8.8rc1.
2018-07-17 12:03:48 +02:00
58651ca4b4
Version bump: 10.1.8.7.
2018-07-17 00:14:23 +02:00
b807a8bf02
Version bump: 10.1.8.6.
2018-07-16 23:49:18 +02:00
31b2f5bbd2
Fixed regression breaking meta refreshes with relative URLs.
2018-07-16 23:45:10 +02:00
859cb65d82
Version bump: 10.1.8.6rc1.
2018-07-16 23:43:27 +02:00
9e72e9321c
Version bump: 10.1.8.5.
2018-07-16 17:34:16 +02:00
37928bd2c3
Completed fix for quoted URLs confusing meta refresh emulation.
2018-07-16 17:24:54 +02:00
909e96012c
Version bump: 10.1.8.5rc1.
2018-07-16 17:23:50 +02:00
ad6187dfd8
Cosmetic bug fixes.
2018-07-16 15:55:01 +02:00
f6b7232857
Updated TLDs.
2018-07-16 15:53:55 +02:00
4101c9087c
Version bump: 10.1.8.4.
2018-07-16 15:53:10 +02:00
a8f1b80012
[l10n] Fixed es.
2018-07-16 15:52:26 +02:00
72b2ecf47c
Version bump: 10.1.8.3.
2018-07-16 12:23:19 +02:00
25719ddc5e
Fixed cleaning up reloadingTabs in StreamFilter.onstart() was still breaking some feeds sometimes.
2018-07-12 22:58:52 +02:00
7e3decc8f4
[XSS] Fixed anti-HPP coalescing wrongly applied to POST requests causing JSON reduction optimization to choke on big payloads.
2018-07-12 18:58:57 +02:00
8f6574661d
Fixed first popup row not showing the initial site active preset.
2018-07-12 16:01:26 +02:00
54dd9fa754
Removed deprecated windowType usages.
2018-07-12 15:58:42 +02:00
66adf2720e
Fixed meta-refresh emulation getting confused by quoted URLs.
2018-07-12 02:10:22 +02:00
a9e1051018
Version bump: 10.1.8.3rc11.
2018-07-12 02:09:21 +02:00
5937dd5e08
Restored UNTRUSTED label localized string previously modified for testing.
2018-07-12 00:11:54 +02:00
2bf06beae5
Autosize preset buttons final.
2018-07-12 00:04:53 +02:00
9815e0f7cf
Fixed race condition in work-around for broken feeds in ESR60.
2018-07-11 19:26:50 +02:00
9a0a76ec3c
Autosize preset buttons part 2.
2018-07-11 03:03:30 +02:00
842caf7340
Made preset buttons automatically sized according to their (localized) content.
2018-07-11 00:53:25 +02:00
74e20bb3eb
Reload hack to let the RSS feed reader work on ESR60
2018-07-10 23:56:19 +02:00
d03e810f1b
Changed "script count" into "blocked items count" in badge appearance option.
2018-07-10 15:47:44 +02:00
3ae5cd55c9
Reverted <noscript> replacement to <span> over fingerprinting concerns.
2018-07-09 23:22:36 +02:00
609a6fec3d
Version bump: 10.1.8.3rc10.
2018-07-09 23:21:52 +02:00
17a0426c32
More specific dynamic script injection exceptions.
2018-07-09 19:32:24 +02:00
c6882356d3
Fixed label sizes in de localized messages.
2018-07-09 19:30:49 +02:00
7dfa2e640b
Added two library files (one, lib/restricted.js, missing from rc8 tag) and version bump.
2018-07-09 19:29:23 +02:00
103324e5d2
More graceful handling of internal and restricted URLs.
2018-07-09 01:36:28 +02:00
5217db79ce
Content-side DOM insertions made compatible with XML document.
2018-07-09 00:09:34 +02:00
dac392deda
More specific content-type exception for dynamic script injection.
2018-07-09 00:08:26 +02:00
48690ee92e
Removed console.log() patching test code accidentally committed in media.js.
2018-07-08 22:27:53 +02:00
10d4986b7a
Added de, es, fr, it, nl, pt_BR and zh_CN locales (courtesy of Mozilla's localization campaign).
2018-07-08 22:22:54 +02:00
183f0bc100
Truncate preset labels which exceed the button size, accomodating for longer localized strings.
2018-07-08 22:20:24 +02:00
df24338a04
Use a custom <no-script> element as <NOSCRIPT> replacement.
2018-07-08 14:07:08 +02:00
20f80666fe
Version bump: 10.1.8.3rc8.
2018-07-08 10:20:13 +02:00
cf1b413bff
Fixed <NOSCRIPT> replacements to be inline elements.
2018-07-08 10:02:11 +02:00
0ad5f95eb4
Fixed dynamic script injection breaking images shown as frame content.
2018-07-07 01:28:20 +02:00
093b9d724e
Work-around for onload not being fired on XML documents in Tor Browser/ESR60.
2018-07-06 04:01:44 +02:00
799d99bd10
Version bump to 10.1.8.3rc7.
2018-07-06 01:01:22 +02:00
1ee85084f7
More informative / useful popup on (semi)privileged pages.
2018-07-06 00:59:12 +02:00
57eaa94dde
Backport dynamic script injection to Tor Browser / Fx ESR60.
2018-07-03 19:36:39 +02:00
8ae9513f75
Provide a uuid function fallback which doesn't fail in the Tor Browser.
2018-07-03 19:35:33 +02:00
5c71c94a13
Version bumb to 10.1.8.3rc6.
2018-07-03 19:32:45 +02:00
e2a8c5768f
XSS filter autoupdated to latest HTML events supported by the browser
2018-07-03 17:06:46 +02:00
e0ae64871e
Fixed regression: dynamic script injection breaking images loaded as frame content.
2018-07-03 17:02:58 +02:00
81bd93a72d
Simplified and apparently more reliable+flexible+efficient dynamic script injection method.
2018-07-02 01:50:32 +02:00
eceae7187a
Initial commit starting at version 10.1.8.3rc4.
2018-07-01 01:01:23 +02:00
hackademix