Mirrors
/
noscript
mirror of https://github.com/hackademix/noscript.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
1,795 Commits 9 Branches 591 Tags 5.2 MiB
Commit Graph

95 Commits

Author SHA1 Message Date
hackademix 404d6030e7
MV3 compatibility 2024-11-16 00:32:04 +01:00
hackademix fd58217c59
[xss] Refactor for non-persistence. 2024-10-22 11:14:55 +02:00
hackademix d3beec3440
Remove 6 years old legacy code handling migrations from NoScript 5.x "Classic". 2024-10-20 19:51:18 +02:00
hackademix ec04a2e0d5
[xss] Removed legacy/obsolete exceptions. 2024-10-20 19:24:27 +02:00
hackademix dd2af693a4
Update copyright dates. 2024-10-18 08:41:59 +02:00
hackademix 9219c4ae23
Reduce cosole spam on non-debugging instances. 2024-10-02 16:33:21 +02:00
hackademix 10e2c40c1c
[XSS] Take in account the whole redirection chain (thanks NDevTK for reporting). 2024-09-05 11:41:46 +02:00
hackademix dc3a767804
[XSS] Better specificity of HTML elements preliminary checks. 2023-09-08 15:14:06 +01:00
hackademix 45f3ebd408
[XSS] Better specificity of potential fragmented injection through framework syntax detection (thanks Rom623, barbaz et al). 2023-09-02 22:41:51 +02:00
hackademix 692803c6f2
[XSS] Fallback to execute most demanding regular expressions asynchronously. 2023-07-19 20:08:11 +02:00
hackademix 96baaa2d51
[XSS] Removed obsolete Flash-related checks. 2023-07-16 22:11:07 +02:00
hackademix 1bd6061414
[XSS] Make InjectionChecker's regular expressions easier to debug. 2023-07-16 17:57:07 +02:00
hackademix 61ddfea620
[XSS] Updated OpenID regexp. 2023-07-15 18:31:28 +02:00
hackademix c4d8605e51
[XSS] Fix Base64 hash checks interfering with query string checks (thanks barbaz for reporting). 2023-06-29 17:33:56 +02:00
hackademix 5d6c79014d
Updated copyright year. 2023-02-22 23:17:12 +01:00
hackademix ea6f81ce6f
Updated HTML event attributes list. 2022-12-31 18:39:25 +01:00
hackademix 2a30b265f1 [XSS] Fixed regression in invalid characters optimization causing false negatives (thanks Tsubasa for reporting). 2022-08-06 17:15:31 +02:00
hackademix 5983d79a65 [XSS] Correct for concurrency in timeout checks. 2022-05-25 00:00:17 +02:00
hackademix 9c49affd56 Updated HTML events. 2022-05-08 23:44:09 +02:00
hackademix 29fe044e7b More visual tweaks. 2022-03-13 12:18:40 +01:00
hackademix 963f728658 Merge branch 'main' of github.com:hackademix/noscript into ctx 2022-02-13 17:05:14 +01:00
hackademix 7aeac83eeb [XSS] Simplified preemptive name sanitization. 2022-02-08 11:01:03 +01:00
hackademix 62aac29750 Merge branch 'main' of github.com:hackademix/noscript into ctx 2022-02-04 23:40:34 +01:00
hackademix 25cd549da9 [XSS] Faster invalidCharsRx initialization on Gecko 78 and above. 2022-02-04 00:18:15 +01:00
hackademix d6b62766d1 [XSS] More resilient name handling. 2022-02-04 00:17:05 +01:00
hackademix db3f1b5878 Switch contextual checks to top document matching. 2022-01-30 00:38:31 +01:00
hackademix 962cfda0b7 [XSS] Fix false positive on Microsoft authentication (thanks GrK and Hanna_Payne for reporting). 2022-01-30 00:34:14 +01:00
hackademix c02f1eeb25 Updated HTML events. 2022-01-17 23:23:54 +01:00
hackademix 0fdbf3ef83 [XSS] Restored compatibility with Gecko 77 and below. 2021-12-28 20:09:27 +01:00
hackademix f38c07637c [XSS] Fixed regression causing "too much recursion" false positives (thanks barbaz for report). 2021-12-27 22:28:37 +01:00
hackademix 2cdbbe2d57 [XSS] Precomputed invalid identifier chars regular expression. 2021-12-27 22:28:37 +01:00
hackademix 579d8e9beb Updated HTML event atoms. 2021-12-25 23:19:59 +01:00
hackademix 3a0c71cf7b [XSS] Tweaked risky operator check prevents false positive on outbound Twitter navigation (thanks @muchtypo for reporting). 2021-12-25 22:55:53 +01:00
hackademix 3d1adba67a [XSS] Better logging for JS fragment detection. 2021-12-25 22:54:04 +01:00
hackademix fdaa8fce27 [XSS] Fixed performance regression in invalid character ranges generation causing random XSS "DOS" false positives. 2021-12-25 00:16:09 +01:00
hackademix 88c5291367 Always fetch policy synchronously, if missing. 2021-12-04 17:52:59 +01:00
hackademix eb9f53e2b8 REUSE-compliant licensing boilerplate. 2021-06-19 00:21:23 +02:00
hackademix c293ebc250 [nscl] Refactored ContentScriptOnce.js to the library. 2021-04-26 12:56:13 +02:00
hackademix 28de8bbca5 [XSS] Increased sensitivity and specificity of risky operator pre-checks. 2021-03-28 21:58:56 +02:00
hackademix c30c9c5627 [nscl] More refactoring out in NoScript Commons Library. 2021-03-20 22:59:59 +01:00
hackademix 361093e1da Updated HTML events. 2021-02-07 22:15:00 +01:00
hackademix 2620d456b9 [XSS] New UI to reveal and selectively remove permanent user choices. 2021-01-25 13:27:30 +01:00
hackademix 3753e8184a [XSS] Fixed memoization bug resulting in performance degradation on some payloads. 2021-01-15 17:33:56 +01:00
hackademix 10e02b41ed [XSS] Include call stack in debugging log output. 2021-01-15 17:33:56 +01:00
hackademix 445d7ff1af [XSS] Skip naps when InjectionChecker runs in its own worker. 2021-01-15 17:33:56 +01:00
hackademix 17f3bfd14b Shortcut for easier XSS filter testing. 2021-01-15 17:33:56 +01:00
hackademix 5499f5fe01 [XSS] Fix for old pre-screening optimization exploitable to bypass the filter in recent browsers (thanks Tsubasa FUJII for reporting). 2021-01-07 23:36:17 +01:00
hackademix 404869418c Replace DOM-based entity decoding with the he.js pure JS library. 2021-01-07 23:36:17 +01:00
hackademix d514d8022e Updated HTML events. 2020-12-02 23:03:29 +01:00
hackademix 888a284f58 [XSS] Fixed escape detection bug causing strage false positives (thanks Dave Howorth for report). 2020-09-10 00:30:34 +02:00