Commit Graph

4929 Commits

Author SHA1 Message Date
gorhill 3b67516aee
new revision for dev build 2017-09-13 13:56:41 -04:00
gorhill 04a41d8b22
fix bad regex: all URLs were seen as needing punycoding 2017-09-13 13:08:31 -04:00
gorhill 5626b5005a
fix #2946 2017-09-12 11:43:43 -04:00
gorhill 3e6d365cb1
new revision for dev build 2017-09-11 17:11:31 -04:00
gorhill 147dc4f987
translation work from https://crowdin.com/project/ublock 2017-09-11 17:10:43 -04:00
gorhill 0d18d996be
fix #3006 2017-09-11 17:02:44 -04:00
Raymond Hill d3cd79c5b0 Update CONTRIBUTING.md 2017-09-11 10:23:34 -04:00
gorhill dfe18111b9
fix #1539 2017-09-11 09:53:42 -04:00
gorhill 462406ecf1
add Adguard's Annoyance List to stock filter lists 2017-09-10 13:14:14 -04:00
gorhill c641cadea9
rename "Social" filter list category to "Annoyances" 2017-09-10 13:02:04 -04:00
gorhill 355dbc00ba
fix #2997 2017-09-10 12:39:56 -04:00
gorhill 651da7157a
remove obsolete lists: reek's anti-adblock-killer, immortal_domains 2017-09-10 08:33:41 -04:00
gorhill fa9aa68da3
new revision for dev build 2017-09-05 19:53:57 -04:00
gorhill 1a3df881d0
code review: handle tab gone + decrease user css overhead 2017-09-05 19:51:16 -04:00
gorhill 2660bee0d2
fix #2919 2017-09-05 19:49:48 -04:00
Raymond Hill 162d612317 Update README.md 2017-09-04 07:29:20 -04:00
Raymond Hill 6fc94401b7 Update README.md 2017-09-04 07:27:53 -04:00
Raymond Hill 9518279901 Update README.md 2017-09-04 07:27:38 -04:00
Raymond Hill d0fe240b83 Update README.md 2017-09-04 07:26:33 -04:00
Raymond Hill 5f7202f7f7 Update README.md 2017-09-04 07:25:40 -04:00
Raymond Hill 6682640685 Update README.md 2017-09-04 07:23:32 -04:00
gorhill d19780fcb5
new revision for stable release 2017-09-03 21:45:21 -04:00
gorhill f8dac35f42
new revision for release candidate 2017-09-02 18:27:41 -04:00
gorhill 867eeebc19
fix #2957 2017-09-02 18:27:03 -04:00
gorhill 937e8a048d
new revision for stable release 2017-09-02 16:18:42 -04:00
gorhill 537df0f619
new revision for release candidate 2017-09-02 11:57:36 -04:00
gorhill 40cfd1505e
further fix #2950: FF56 also suffers non-punycoded URLs 2017-09-02 11:56:59 -04:00
gorhill 8116afabc4
use "let": this code is not meant for chromium 2017-09-02 09:57:44 -04:00
gorhill 2598f48a34
new revision for release candidate 2017-09-02 08:27:43 -04:00
gorhill 000d15d8ab
code review: try to remove not found keys from storage.local 2017-09-02 07:08:07 -04:00
gorhill a0c595d02d
fix #2950 2017-09-02 06:11:33 -04:00
gorhill c0f42c5021
drop webext-hybrid build 2017-09-01 20:12:49 -04:00
gorhill 13afea5405
new revision for release build 2017-09-01 17:36:23 -04:00
gorhill 511d8a098e
fix #2945 2017-09-01 17:34:33 -04:00
gorhill 194951d3bd
new revision for dev build 2017-08-31 14:37:42 -04:00
gorhill 8b4b1fa9db
properly fix #2938 2017-08-31 14:17:55 -04:00
gorhill 5cc7a3a852
new revision for dev build 2017-08-30 23:13:28 -04:00
gorhill 4d3ac0d980
new revision for emergency fix 2017-08-30 19:10:03 -04:00
gorhill 2600a400b7
Merge branch 'master' of github.com:gorhill/uBlock 2017-08-30 19:03:10 -04:00
gorhill 73387e54ad
fix #2938 2017-08-30 19:03:02 -04:00
Raymond Hill 3f0aa0d00d Update CONTRIBUTING.md 2017-08-30 15:32:54 -04:00
Raymond Hill ab1b23a398 Update CONTRIBUTING.md 2017-08-30 12:37:18 -04:00
gorhill b5035b2e0b
new release: skip webext-hybrid and go pure webext 2017-08-30 11:18:55 -04:00
gorhill 17d54f6ded
new revision for release candidate 2017-08-30 09:34:12 -04:00
gorhill 126110c9a0
remove ability to pull latest version of resources.txt from remote repo.
This is required as per Firefox extension reviewers. Mail exchange:

========

Reviewer:
> Do I read the code correctly that you are executing remote JS by
> downloading/updating from
> https://raw.githubusercontent.com/uBlockOrigin/uAssets/master/filters/resources.txt
> and injecting scripts in contentscripts.js?

Me:
> Yes, resources.txt contains scriptlets or other resources used to:
>
> - Minimize potential page breakage (e.g. google-analytics.com/ga.js);
> - Defuse anti-blockers (e.g. bab-defuser.js);
> - Defuse anti-blockers or minimize page breakage through redirection
> (e.g. 2x2-transparent.png)
>
> This is not a new feature -- this is also part of the legacy version,
> and I consider this is a major feature of uBO. Given how fast things can
> change out there, this allows me to quickly push fixes when a new issue
> is reported for a site without having to go through a full update of the
> extension.

Reviewer:
> I am aware that this is not a new feature. I am unclear why it has been
> allowed in the past, since it violates our policy about remote code
> execution. I assume it was missed due to the fairly complex codebase.
>
> I can approve this version so you are not blocked on the migration, but
> eventually, you cannot use functionality that executes remote code.
> Since we're moving to a more automated review process, you will be able
> to ship new versions without being blocked on a human review.

Me:
> Do I understand correctly that extensions such as TamperMonkey or
> ViolentMonkey won't be allowed on AMO?
>
> Those extensions are even more permissive than uBO given a user can
> import scripts from any source, while with uBO only scriptlets which are
> part of the project are allowed.

Reviewer:
> The key difference between add-ons like Tampermonkey and uBO is that in
> Tampermonkey, users are making an active and conscious decision to
> download and execute that specific code. In uBO, the user did not
> initiate that download/execution, nor are they even aware of it
> happening.

Me:
> So users of TamperMonkey -- tech-savvy or not -- can download & inject
> countless 3rd-party user scripts from countless authors, have them
> update on their own automatically at regular interval with no user
> intervention.
>
> On the other hand, it's not acceptable for me, the author of the
> extension, who users implicitly trusted when installing the extension,
> who is completely controlling and vouching for the content of
> "resources.txt", to have this one 1st-party resource file[1] to be
> updated at regular interval with no user intervention.
>
> So anyways, what is expected from me at this point? Do I need to remove
> scriptlet injection and resource redirection features? Do I need to
> remove only the updating part of resources.txt?
>
> [1] key to core features of uBO (counter anti-blockers + page breakage
> mitigations) and possibly an important factor in installing the
> extension.

========

Now about this commit: the purpose of the code change here is to
prevent "resources.txt" -- which is part of the package -- from being
updated -- this applies only to the Firefox webext[-hybrid] version
of uBO.
2017-08-30 09:15:06 -04:00
gorhill d165432ded
deal properly with indexedDB not being available (#2925) 2017-08-30 08:41:22 -04:00
gorhill b1842ddf16
new revision for dev build 2017-08-29 18:32:46 -04:00
gorhill beb7933016
fix #2925 2017-08-29 18:32:00 -04:00
gorhill 572aecc517
import indexedDB-based vAPI.cacheStorage as is from d1538ea9be 2017-08-28 15:30:01 -04:00
gorhill fe4c59ec90
new revision for release candidate 2017-08-24 18:30:55 -04:00