Commit Graph

1713 Commits

Author SHA1 Message Date
hackademix 7aeac83eeb [XSS] Simplified preemptive name sanitization. 2022-02-08 11:01:03 +01:00
hackademix ab1a5d4942 Version bump: 11.2.21rc1. 2022-02-08 09:47:05 +01:00
hackademix ae3b15f259 Version bump: 11.2.20. 2022-02-07 21:20:49 +01:00
hackademix 660d6148fd [L10n] Updated de. 2022-02-07 21:09:22 +01:00
hackademix e0851b526b [XSS] Fix false positive warning when "name" is in the query string (thanks John Shield / DuckDuckGo for reporting). 2022-02-07 21:03:24 +01:00
hackademix e42657da1d Contextual policies UI. 2022-02-07 20:56:33 +01:00
hackademix 62aac29750 Merge branch 'main' of github.com:hackademix/noscript into ctx 2022-02-04 23:40:34 +01:00
hackademix 631cf50e8c Version bump: 11.2.20rc1. 2022-02-04 23:35:57 +01:00
hackademix f2b413db05 Version bump: 11.2.19. 2022-02-04 12:25:46 +01:00
hackademix 25cd549da9 [XSS] Faster invalidCharsRx initialization on Gecko 78 and above. 2022-02-04 00:18:15 +01:00
hackademix d6b62766d1 [XSS] More resilient name handling. 2022-02-04 00:17:05 +01:00
hackademix 942510f035 Version bump: 11.2.19rc1. 2022-02-03 22:00:11 +01:00
hackademix 5600c9d5cc Version bump: 11.2.18. 2022-02-03 11:51:36 +01:00
hackademix 8b0efc3e07 [nscl] Use HTTPS SyncMessage endpoint for Chromium too (works around lack of file access by default on packed extensions breaking NoScript). 2022-02-03 11:50:28 +01:00
hackademix b05e12a8e2 Version bump: 11.2.18rc1. 2022-02-03 11:46:26 +01:00
hackademix e997dcbd95 Version bump: 11.2.16. 2022-01-31 19:03:34 +01:00
hackademix 24317964a6 Fallback to synchronous policy fetching if the document is already loaded (e.g. on updates). 2022-01-31 19:03:24 +01:00
hackademix 0ff5320725 [XSS] Interactive testing made a bit easier. 2022-01-31 17:15:46 +01:00
hackademix 49959aa108 Version bump: 11.2.16rc5. 2022-01-31 08:54:59 +01:00
hackademix 197061b82f [nscl] Mitigate side effects of dead objects on patched windows during extension updates. 2022-01-31 00:13:08 +01:00
hackademix 8c65f84c46 Version bump: 11.2.16rc4. 2022-01-31 00:12:29 +01:00
hackademix db3f1b5878 Switch contextual checks to top document matching. 2022-01-30 00:38:31 +01:00
hackademix 962cfda0b7 [XSS] Fix false positive on Microsoft authentication (thanks GrK and Hanna_Payne for reporting). 2022-01-30 00:34:14 +01:00
hackademix e34405ab2e Version bump: 11.2.16rc3. 2022-01-25 12:55:51 +01:00
hackademix 4e12f46190 [nscl] Work-around for object element initialization inconsistencies on Firefox (thanks skriptimaahinen for reporting). 2022-01-22 21:31:00 +01:00
hackademix 3d73b35d0b Version bump: 11.2.16rc2. 2022-01-22 21:00:06 +01:00
hackademix 27ee46e254 [L10n] Updated fr. 2022-01-19 23:41:40 +01:00
hackademix 47d48857d9 Better support for service workers in unrestricted modes (thanks Mark McVeigh for reporting). 2022-01-19 19:49:55 +01:00
hackademix 7e4c2edb8a Version bump: 11.2.16rc1. 2022-01-18 23:19:38 +01:00
hackademix aafe24ade2 Version bump: 11.2.15. 2022-01-17 23:24:32 +01:00
hackademix c02f1eeb25 Updated HTML events. 2022-01-17 23:23:54 +01:00
hackademix 46b7c3c5db [Android] Work-around for Firefox "forgetting" tabs. 2022-01-14 23:38:59 +01:00
hackademix 09e6d5a8e5 [nscl] Improved cross-frame auto-patching. 2022-01-14 23:05:18 +01:00
hackademix a517550bc9 Version bump: 11.2.15rc1. 2022-01-14 23:04:30 +01:00
hackademix a630988226 Version bump: 11.2.14. 2021-12-29 22:35:35 +01:00
hackademix 2337621c0b [nscl] Updated SyncMessage fixes conflict with other content blockers (thanks gwarser, barbaz and Baraoic). 2021-12-29 22:24:29 +01:00
hackademix 6e10246284 Version bump: 11.2.14rc1. 2021-12-28 23:39:10 +01:00
hackademix 5205800363 Version bump: 11.2.13. 2021-12-28 20:26:49 +01:00
hackademix 0fdbf3ef83 [XSS] Restored compatibility with Gecko 77 and below. 2021-12-28 20:09:27 +01:00
hackademix 87d064ed71 Version bump: 11.2.13rc1. 2021-12-28 20:09:27 +01:00
hackademix 175535f60b Version bump: 11.2.12. 2021-12-28 15:18:59 +01:00
hackademix f38c07637c [XSS] Fixed regression causing "too much recursion" false positives (thanks barbaz for report). 2021-12-27 22:28:37 +01:00
hackademix 2cdbbe2d57 [XSS] Precomputed invalid identifier chars regular expression. 2021-12-27 22:28:37 +01:00
hackademix 7abdd20155 Version bump: 11.2.12rc6. 2021-12-27 22:28:05 +01:00
hackademix 579d8e9beb Updated HTML event atoms. 2021-12-25 23:19:59 +01:00
hackademix 3a0c71cf7b [XSS] Tweaked risky operator check prevents false positive on outbound Twitter navigation (thanks @muchtypo for reporting). 2021-12-25 22:55:53 +01:00
hackademix 3d1adba67a [XSS] Better logging for JS fragment detection. 2021-12-25 22:54:04 +01:00
hackademix fdaa8fce27 [XSS] Fixed performance regression in invalid character ranges generation causing random XSS "DOS" false positives. 2021-12-25 00:16:09 +01:00
hackademix bd7b621109 Fetch policy for baseURI document.domain is empty. 2021-12-04 21:45:03 +01:00
hackademix b14f8ef5d0 Version bump: 11.2.12rc5. 2021-12-04 21:35:55 +01:00