9b3b5e0503
Prevent total breakages when policies accidentally map to invalid match patterns.
2018-09-09 15:00:08 +02:00
1cfb3117ef
Prevent multiple CSP entries to be injected in the DOM on each reload if scripting is disabled.
2018-09-09 14:58:55 +02:00
002c8f8b67
Message loops checks coping with multiple options window.
2018-09-09 14:57:09 +02:00
c5cbb8abfc
Version bump: 10.1.9.4rc1.
2018-09-09 12:23:33 +02:00
1323fb8142
Version bump: 10.1.9.3.
2018-09-09 08:23:06 +02:00
eb85395a01
Fixed message handling regression causing incompatibilities with embedders and potential internal loops.
2018-09-09 08:21:03 +02:00
ffc688d57a
Version bump: 10.1.9.3rc1.
2018-09-09 08:04:55 +02:00
5a76ed6778
Version bump: 10.1.9.2.
2018-09-09 00:55:41 +02:00
4f7d8579af
More efficient window.name persistence for tab-scoped permissions.
2018-09-08 23:09:39 +02:00
b60cbbd49e
Site parsing more resilient to bogus input.
2018-09-08 14:37:33 +02:00
746655c885
Fixed regression: undefined fake request.url ends to for inline scripts CSP reports.
2018-09-08 14:36:47 +02:00
28c9a50b17
Version bump: 10.1.9.2rc4.
2018-09-08 13:03:25 +02:00
7514aa20f9
Saner message dispatching.
2018-09-08 11:50:40 +02:00
9edcf2f1f7
Restored it locale.
2018-09-05 17:09:45 +02:00
97d4c22669
Work-around for a potential race condition in message handling on extension updates.
2018-09-05 15:51:43 +02:00
ec0d7b4aff
Fixed possible null reference errors in Sites.origin().
2018-09-05 15:50:27 +02:00
ce5d46ead2
Init the CUSTOM preset not just with the capabilities, but also with the "temporary" status of the previously selected one.
2018-09-05 15:43:55 +02:00
b779e7122f
Fixed bug in requestKey generation.
2018-09-05 11:31:28 +02:00
c98bddeb4d
Version bump: 10.1.9.2rc3.
2018-09-05 11:26:04 +02:00
3bf909c927
[l10n] Transifex integration.
2018-09-05 00:44:27 +02:00
f95f7b809d
Ensure we remove the HEAD element parent of our META CSP policy only if we created it.
2018-09-04 22:43:00 +02:00
1814bfa03d
Work-around for CSP not being honored when the HEAD element has not been inserted yet.
2018-09-04 19:48:07 +02:00
26470b84f6
Transparent support for FQDNs and better management of file:/// URLs.
2018-09-04 19:28:16 +02:00
df149a5a55
Version bump: 10.1.9.2rc2.
2018-09-04 01:41:52 +02:00
81ac052e1d
Better file: protocol support.
2018-09-04 00:22:39 +02:00
16cdbbe1cb
Full-page placeholders for embedding documents.
2018-09-03 14:04:00 +02:00
b5d1fe6269
Version bump: 10.1.9.2rc1.
2018-09-03 13:50:09 +02:00
1f71590a48
Version bump: 10.1.9.1.
2018-08-30 17:37:43 +02:00
87d3401c0b
Merge branch 'master' of https://github.com/hackademix/noscript
...
Merge pull request #17 from Lekensteyn/fix-serviceworker-check
2018-08-30 17:26:13 +02:00
00444819fb
Version bump: 10.1.9.1rc1
2018-08-30 17:25:38 +02:00
6a0252c6de
Fix fallback scripts when ServiceWorkers are unavailable
...
ServiceWorkers are not available in private browsing mode (and can be
disabled otherwise via about:config), be sure to check its availability.
Otherwise fallback scripts are not invoked which prevents redirections
in <noscript> tags from being executed (as observed with t.co).
2018-08-30 16:36:29 +02:00
eb158d9fa3
Version bump: 10.1.9.
2018-08-29 18:24:37 +02:00
be3ab16315
Fixed typo in restricted.js inclusion.
2018-08-29 00:16:48 +02:00
215b8ac18e
Version bump: 10.1.9rc6.
2018-08-29 00:11:21 +02:00
b1b059ae80
Version bump: 10.1.9rc5.
2018-08-29 00:02:13 +02:00
22df979973
Better timing feedback for permissions changes in the popup UI.
2018-08-28 23:40:20 +02:00
5c3d5354f2
Reload-less service worker busting.
2018-08-28 23:28:06 +02:00
9b32ee8794
Version bump: 10.1.9rc4.
2018-08-28 23:27:36 +02:00
e8716657e4
Reordered startup sequence to be more friendly with embedders like the Tor Browser.
2018-08-28 17:21:56 +02:00
5bfba8a40f
Merge pull request #16 from rustybird/started
...
Broadcast a "started" message after initialization
2018-08-28 00:34:17 +02:00
26bfd899f9
Broadcast a "started" message after initialization
...
Other extensions listening in on NoScript's messages (e.g. Torbutton)
can take this message as an indication that it's now safe to send an
"updateSettings" message to NoScript without immediately getting
clobbered by the configuration loader.
See https://trac.torproject.org/projects/tor/ticket/26520 for context.
2018-08-27 22:29:16 +00:00
e2b63cf982
Further CSP refactoring and removal of obsolete fallbacks.
2018-08-27 18:55:00 +02:00
6e80d3f130
Let content script inject failsafe CSP in the DOM.
2018-08-27 18:55:00 +02:00
e82e961dd7
Refactoring CSP building out of RequestGuard.
2018-08-27 18:55:00 +02:00
b5d7266c50
Updated TLD support.
2018-08-27 18:54:44 +02:00
45c9d25da8
Version bump: 10.1.9rc1
2018-08-27 18:48:04 +02:00
ab3827b42d
Version bump: 10.1.8.23.
2018-08-25 11:38:19 +02:00
a1e567e9ec
Hotfix for some possible reload loops before refactoring CSP management.
2018-08-25 11:29:43 +02:00
5e397a3bf8
Version bump: 10.1.8.22.
2018-08-24 23:06:24 +02:00
e0453b3f3e
Version bump: 10.1.8.21.
2018-08-24 22:46:58 +02:00
7913e29a92
Fixed infinite reload loop on unrestricted tabs.
2018-08-24 22:28:05 +02:00
fc92be83c3
Fixed minor CSP buildig issues.
2018-08-24 22:14:38 +02:00
1ce446f871
Version bump: 10.1.8.21rc1.
2018-08-24 22:12:34 +02:00
ce16a79a7d
Version bump: 10.1.8.20.
2018-08-24 03:33:37 +02:00
caed2cfa1e
Fixed Sites.domainImplies() misplaced optimization.
2018-08-24 02:58:46 +02:00
d4e1ef5c87
[L10n] Added Catalan (ca)
2018-08-24 02:56:10 +02:00
de37b91121
Version bump: 10.1.8.20rc1.
2018-08-24 02:52:45 +02:00
32ae22b7a7
Version bump: 10.1.8.19.
2018-08-23 23:41:11 +02:00
483fad9b8a
Do not fail when onHeadersProcessed is called with no stored pending request.
2018-08-23 22:55:26 +02:00
c2067c0509
Version bump: 10.1.8.19rc2.
2018-08-23 22:53:22 +02:00
9f67a125b8
Fixed regression: framed documents' URLs not being reported in the UI.
2018-08-23 19:38:28 +02:00
dbc9575c68
Version bump: 10.1.8.19rc1.
2018-08-23 19:38:16 +02:00
8c35cae4c1
Version bump: 10.1.8.18.
2018-08-23 18:10:06 +02:00
286acd2079
More resilient and optimized version of Sites.domainImplies().
2018-08-23 17:48:38 +02:00
60c299c4f1
Update ChildPolicies when automatic temp TRUST for top-level document s is enabled.
2018-08-23 17:09:26 +02:00
4ce026a16c
Fixed messages from content scripts being "eaten" by the wrong dispatcher when UI is open (thanks skriptimaahinen).
2018-08-23 16:23:49 +02:00
fc6251c0ab
Fixed typo causing accidental permissions/status mismatches being checked only while pages are still loading (thanks skriptimaahinen).
2018-08-23 15:57:09 +02:00
80e1f10db5
Fixed typo in XSS name sanitization script injection (thanks skriptimaahinen).
2018-08-23 15:33:47 +02:00
a874f6031c
Version bump: 10.1.8.18rc1.
2018-08-23 15:29:01 +02:00
5f3c46184a
Version bump: 10.1.8.17.
2018-08-22 22:53:48 +02:00
66ddfcbecc
Fix: Sites.domainImplies() should match subdomains.
2018-08-22 18:02:44 +02:00
075a5ad0e0
More coherent wrapper around the webex messaging API.
2018-08-22 16:34:16 +02:00
48c04726b8
Version bump: 10.1.8.17rc8.
2018-08-22 15:45:54 +02:00
1de1db3c29
Fixed possible surprises in background script message handling.
2018-08-21 23:54:04 +02:00
91334fe944
Fixed inconstitencies in ChildPolicies content script URL matching.
2018-08-21 23:51:59 +02:00
e742e5d801
Version bump: 10.1.8.17rc7.
2018-08-21 14:44:22 +02:00
dc4ab14c92
Simpler and more reliable safety net to ensure CSP headers are injected last among WebExtensions.
2018-08-20 23:45:33 +02:00
f7fcdb37a3
Version bump: 10.1.8.17rc6.
2018-08-20 23:41:07 +02:00
8e1dc9e0ee
Fixed regression: refresh loop on page using requests of type="object" to cache images, stylesheets and other types.
2018-08-19 01:30:14 +02:00
cf8482116d
Version bump: 10.1.8.17rc5.
2018-08-19 01:28:58 +02:00
bb232e0895
More reliable attempt to run onResponseHeader listener the last of installed extension.
2018-08-18 22:52:34 +02:00
3819592dfc
[L10n] Updated ru (new) and de.
2018-08-18 22:46:29 +02:00
ee48e5c7d9
[XSS] Updated HTML events matching generation to use both latest Mozilla source code and archived data since Firefox ESR 52.
2018-08-18 15:25:03 +02:00
6eee6147eb
Version bump: 10.1.8.17rc4.
2018-08-18 11:33:24 +02:00
8c8b959474
Merge pull request #13 from Lekensteyn/empty-tld-fixes
...
Fix policy configuration for domains without dots
2018-08-18 03:27:35 +02:00
2f9c5299af
Removed all references to RequestUtil.js and dependancies.
2018-08-18 03:20:33 +02:00
e959accb70
Hack: use top.name to store per-tab content-side configuration (e.g. unrestricted tab status).
2018-08-17 09:07:11 +02:00
50d71ca381
[l10n] tr and br from Transifex.
2018-08-17 08:45:34 +02:00
57d883d63e
Policy serialization using the contentScripts API.
2018-08-16 23:43:36 +02:00
49e34cd176
Fix policy configuration for domains without dots
...
Make sure that hosts such as "_gateway" (from systemd nss-myhostname) or
"master" (a local domain from DHCP) can be configured in the popup.
2018-08-15 18:40:48 +02:00
2c75eedadd
Version bump: 10.1.8.17rc3.
2018-08-13 01:37:45 +02:00
af4ec5c169
"High contrast appearance" option to override high contrast themes auto-detection.
2018-08-13 01:33:40 +02:00
8caa2536bd
Best effort to run webRequest.onHeaderReceived listener last (issue #6 )
2018-08-07 09:53:01 +02:00
2250d51aa4
Version bump: 10.1.8.17rc2.
2018-08-06 01:24:08 +02:00
2990ca5f2c
Fixed unlocalized NoScript Options title.
2018-08-06 01:23:59 +02:00
99e8c8b09f
Skip non-content windows when deferring startup page loading.
2018-08-01 19:07:37 +02:00
ce541c4a53
Broader detection of UTF-8 encoding in responses.
2018-08-01 18:53:38 +02:00
9782ab02d5
Fixed inline scripts not being reported to UI (skriptimaahinen).
2018-08-01 18:13:39 +02:00
76190a644e
Improved support for debugging code removal in releases.
2018-08-01 17:48:45 +02:00
140d8759cf
Fixed startup race condition with pending request tracking.
2018-08-01 17:47:57 +02:00
bc834a034e
Fixed updating NoScript reloads tabs with revoked temporary permissions.
2018-08-01 17:32:16 +02:00
a283ea1575
Version bump: 10.1.8.17rc1.
2018-07-28 23:52:06 +02:00
6f710640fa
Version bump: 10.1.8.16.
2018-07-28 14:44:22 +02:00
d64e480275
Fixed random stallings on page transitions.
2018-07-28 14:37:18 +02:00
3eb5be743d
Version bump: 10.1.8.16rc1.
2018-07-28 13:59:44 +02:00
c5b477457a
Version bump: 10.1.8.15.
2018-07-28 12:58:47 +02:00
f82b1e376c
Fixed browser action icon not being updated on BF cache navigation.
2018-07-28 12:50:30 +02:00
ca0273f9cd
Version bump: 10.1.8.15rc1.
2018-07-28 12:42:51 +02:00
ff970df845
Version bump: 10.1.8.14.
2018-07-28 09:21:28 +02:00
6e75750f45
Version bump: 10.1.8.13.
2018-07-28 09:16:30 +02:00
fdf4ff3a39
Fixed regression in NOSCRIPT elements emulation.
2018-07-28 09:10:31 +02:00
d39f68cb88
Version bump: 10.1.8.13rc1.
2018-07-28 09:09:26 +02:00
3e6caf4f20
Version bump: 10.1.8.12.
2018-07-28 03:12:25 +02:00
07a4e7ba30
Version bump: 10.1.8.11rc1.
2018-07-28 03:05:11 +02:00
36cb28b842
Fixed some video streams not playing anymore.
2018-07-28 03:04:13 +02:00
0b2691a775
Version bump: 10.1.8.10.
2018-07-28 02:24:41 +02:00
d45209060f
Fixed window.stop() called in empty suframes.
2018-07-28 02:19:48 +02:00
10d0809b74
Version bump: 10.1.8.10rc1.
2018-07-28 02:18:05 +02:00
5c85ae8a8a
Version bump: 10.1.8.9.
2018-07-27 11:10:37 +02:00
21810063d0
Disable scripting in HTML-embedding objects where webglHook cannot run, if webgl not allowed.
2018-07-26 23:48:20 +02:00
4e62643b33
Version bump: 10.1.8.9rc9.
2018-07-26 23:19:51 +02:00
d3cacf634f
More edge cases covered in dynamic script injection.
2018-07-26 19:33:46 +02:00
a8a6dd4c7b
Version bump: 10.1.8.9rc8.
2018-07-26 16:32:20 +02:00
0f089105da
Updated TLDs.
2018-07-26 11:45:55 +02:00
c41ec107cb
[XSS] Updated HTML event attributes matching.
2018-07-26 11:45:30 +02:00
1006f09de2
Fixed some resource loading feedback glitches.
2018-07-26 11:42:35 +02:00
86d1390875
Version bump: 10.1.8.9rc7.
2018-07-26 11:28:27 +02:00
fb9619ec99
Merge branch 'master' of https://github.com/hackademix/noscript
...
[L10n] Fixed little typos in it locale (SebastianoPistore)
2018-07-25 14:43:30 +02:00
51732dd2c0
Merge pull request #3 from SebastianoPistore/master
...
Update ITA translation
2018-07-25 14:41:12 +02:00
5e5839c036
Version bump: 10.1.8.9rc6.
2018-07-25 14:38:18 +02:00
a46d085ff7
Fix for stalling embedded objects load on dynamic script injection.
2018-07-25 14:36:32 +02:00
d88a0cf6d7
Fixed infinite reload loops on scripting permissions mismatches.
2018-07-25 11:08:43 +02:00
391c8b402a
Version bump: 10.1.8.9rc5.
2018-07-25 10:39:14 +02:00
952392b95c
Update ITA translation
...
- fix little typos
2018-07-25 10:14:20 +02:00
8d6f963022
Work-around for serviceWorker loads bypassing webRequest.
2018-07-24 23:21:01 +02:00
ec79210bd1
[UI] More flexible CSS layout for preset buttons.
2018-07-24 23:19:53 +02:00
32874841ca
[XSS] Updated HTML events matching.
2018-07-24 23:19:03 +02:00
ea4703ecd7
Version bump: 10.1.8.9rc4.
2018-07-24 14:46:36 +02:00
4302246ac0
More reliable handling of edge startup cases.
2018-07-22 19:14:54 +02:00
81b3851256
Fixed dynamic script injection failing sometimes with "No matching message handler" error.
2018-07-22 17:10:05 +02:00
e7fcd76705
Updated TLDs.
2018-07-21 22:50:26 +02:00
fa45c1359e
Version bump: 10.1.8.9rc3.
2018-07-21 15:44:48 +02:00
163467f82b
Fixed externally handled resources opened in popups being broken by dynamic script injection.
2018-07-20 23:35:43 +02:00
570cf0456c
Prevent multiple canScript content messages during the same page load.
2018-07-20 23:30:14 +02:00
9382bbd911
Replaced unicode glyphs missing on some platforms and in the Tor Browser.
2018-07-20 16:19:49 +02:00
b1e4791d0a
Version bump: 10.1.8.9rc2.
2018-07-20 16:03:56 +02:00
580450b463
Refactor ContentMetadata into ResponseMetaData.
2018-07-19 01:04:35 +02:00
0910566926
Removed useless work-around suggested in moz bug 1410755 which caused Tor Browser content process crashes.
2018-07-19 00:31:34 +02:00
c0fbf92cfa
Version bump: 10.1.8.9rc1.
2018-07-19 00:07:18 +02:00
d872b70769
Version bump: 10.1.8.8.
2018-07-17 18:12:09 +02:00
5a60d58d24
Prevent script injection from messing with content-disposition=attachment responses.
2018-07-17 12:10:17 +02:00
493d40021a
Version bump: 10.1.8.8rc1.
2018-07-17 12:03:48 +02:00
58651ca4b4
Version bump: 10.1.8.7.
2018-07-17 00:14:23 +02:00
b807a8bf02
Version bump: 10.1.8.6.
2018-07-16 23:49:18 +02:00
31b2f5bbd2
Fixed regression breaking meta refreshes with relative URLs.
2018-07-16 23:45:10 +02:00
859cb65d82
Version bump: 10.1.8.6rc1.
2018-07-16 23:43:27 +02:00
9e72e9321c
Version bump: 10.1.8.5.
2018-07-16 17:34:16 +02:00
37928bd2c3
Completed fix for quoted URLs confusing meta refresh emulation.
2018-07-16 17:24:54 +02:00
909e96012c
Version bump: 10.1.8.5rc1.
2018-07-16 17:23:50 +02:00
ad6187dfd8
Cosmetic bug fixes.
2018-07-16 15:55:01 +02:00
f6b7232857
Updated TLDs.
2018-07-16 15:53:55 +02:00
4101c9087c
Version bump: 10.1.8.4.
2018-07-16 15:53:10 +02:00
a8f1b80012
[l10n] Fixed es.
2018-07-16 15:52:26 +02:00
72b2ecf47c
Version bump: 10.1.8.3.
2018-07-16 12:23:19 +02:00
25719ddc5e
Fixed cleaning up reloadingTabs in StreamFilter.onstart() was still breaking some feeds sometimes.
2018-07-12 22:58:52 +02:00
7e3decc8f4
[XSS] Fixed anti-HPP coalescing wrongly applied to POST requests causing JSON reduction optimization to choke on big payloads.
2018-07-12 18:58:57 +02:00
8f6574661d
Fixed first popup row not showing the initial site active preset.
2018-07-12 16:01:26 +02:00
54dd9fa754
Removed deprecated windowType usages.
2018-07-12 15:58:42 +02:00
66adf2720e
Fixed meta-refresh emulation getting confused by quoted URLs.
2018-07-12 02:10:22 +02:00
a9e1051018
Version bump: 10.1.8.3rc11.
2018-07-12 02:09:21 +02:00
5937dd5e08
Restored UNTRUSTED label localized string previously modified for testing.
2018-07-12 00:11:54 +02:00
2bf06beae5
Autosize preset buttons final.
2018-07-12 00:04:53 +02:00
9815e0f7cf
Fixed race condition in work-around for broken feeds in ESR60.
2018-07-11 19:26:50 +02:00
9a0a76ec3c
Autosize preset buttons part 2.
2018-07-11 03:03:30 +02:00
842caf7340
Made preset buttons automatically sized according to their (localized) content.
2018-07-11 00:53:25 +02:00
74e20bb3eb
Reload hack to let the RSS feed reader work on ESR60
2018-07-10 23:56:19 +02:00
d03e810f1b
Changed "script count" into "blocked items count" in badge appearance option.
2018-07-10 15:47:44 +02:00
3ae5cd55c9
Reverted <noscript> replacement to <span> over fingerprinting concerns.
2018-07-09 23:22:36 +02:00
609a6fec3d
Version bump: 10.1.8.3rc10.
2018-07-09 23:21:52 +02:00
17a0426c32
More specific dynamic script injection exceptions.
2018-07-09 19:32:24 +02:00
c6882356d3
Fixed label sizes in de localized messages.
2018-07-09 19:30:49 +02:00
7dfa2e640b
Added two library files (one, lib/restricted.js, missing from rc8 tag) and version bump.
2018-07-09 19:29:23 +02:00
103324e5d2
More graceful handling of internal and restricted URLs.
2018-07-09 01:36:28 +02:00
5217db79ce
Content-side DOM insertions made compatible with XML document.
2018-07-09 00:09:34 +02:00
dac392deda
More specific content-type exception for dynamic script injection.
2018-07-09 00:08:26 +02:00
48690ee92e
Removed console.log() patching test code accidentally committed in media.js.
2018-07-08 22:27:53 +02:00
10d4986b7a
Added de, es, fr, it, nl, pt_BR and zh_CN locales (courtesy of Mozilla's localization campaign).
2018-07-08 22:22:54 +02:00
183f0bc100
Truncate preset labels which exceed the button size, accomodating for longer localized strings.
2018-07-08 22:20:24 +02:00
df24338a04
Use a custom <no-script> element as <NOSCRIPT> replacement.
2018-07-08 14:07:08 +02:00
20f80666fe
Version bump: 10.1.8.3rc8.
2018-07-08 10:20:13 +02:00
cf1b413bff
Fixed <NOSCRIPT> replacements to be inline elements.
2018-07-08 10:02:11 +02:00
0ad5f95eb4
Fixed dynamic script injection breaking images shown as frame content.
2018-07-07 01:28:20 +02:00
093b9d724e
Work-around for onload not being fired on XML documents in Tor Browser/ESR60.
2018-07-06 04:01:44 +02:00
799d99bd10
Version bump to 10.1.8.3rc7.
2018-07-06 01:01:22 +02:00
1ee85084f7
More informative / useful popup on (semi)privileged pages.
2018-07-06 00:59:12 +02:00
57eaa94dde
Backport dynamic script injection to Tor Browser / Fx ESR60.
2018-07-03 19:36:39 +02:00
8ae9513f75
Provide a uuid function fallback which doesn't fail in the Tor Browser.
2018-07-03 19:35:33 +02:00
5c71c94a13
Version bumb to 10.1.8.3rc6.
2018-07-03 19:32:45 +02:00
e2a8c5768f
XSS filter autoupdated to latest HTML events supported by the browser
2018-07-03 17:06:46 +02:00
e0ae64871e
Fixed regression: dynamic script injection breaking images loaded as frame content.
2018-07-03 17:02:58 +02:00
81bd93a72d
Simplified and apparently more reliable+flexible+efficient dynamic script injection method.
2018-07-02 01:50:32 +02:00
eceae7187a
Initial commit starting at version 10.1.8.3rc4.
2018-07-01 01:01:23 +02:00
hackademix