Commit Graph

12328 Commits

Author SHA1 Message Date
Raymond Hill fc40393c81
Improve `trusted-prune-inbound-object` scriptlet
Trap incoming argument only if it matches the properties to
prune and matches. If there is no match, the inbound object
is passed through untouched.
2023-10-28 07:35:38 -04:00
Raymond Hill 9829ee12a5
Make Firefox dev build auto-update 2023-10-27 21:36:22 -04:00
Raymond Hill 0b59ebf1c6
Import translation work from https://crowdin.com/project/ublock 2023-10-27 21:27:28 -04:00
Raymond Hill e2f5814c50
New revision for release candidate 2023-10-27 21:14:13 -04:00
Raymond Hill 07ac27e07b
Give precedence to `Last modified:` field when evaluating "age" if lists
Available network information is not very reliable and should be
used only when `Last modified:` is not available.
2023-10-27 21:09:49 -04:00
Raymond Hill ed4b31931a
Prepare to ship minified lists in package 2023-10-26 13:38:24 -04:00
Raymond Hill 88a510cf7c
Make Firefox dev build auto-update 2023-10-25 20:16:33 -04:00
Raymond Hill a87813614a
New revision for release candidate 2023-10-25 20:05:44 -04:00
Raymond Hill 51dfde8f41
Import translation work from https://crowdin.com/project/ublock 2023-10-25 20:04:58 -04:00
Dave Vandyke 0fa30a73c5
Further improve google-ima shim script (#3900)
I worked through some of the websites listed in the google-ima shim
script issue[1], to see what was going wrong. It turned out the
addEventListener method supports an optional context Object, which is
bound to the listener if provided. Some websites make use of that,
and then break when `this` is not bound correctly when events are
dispatched.

See also https://github.com/duckduckgo/tracker-surrogates/pull/24

1 - https://github.com/uBlockOrigin/uBlock-issues/issues/2265
2023-10-25 12:00:21 -04:00
Raymond Hill c2217a170e
Update user interface srings as suggested 2023-10-25 07:31:23 -04:00
Raymond Hill e2b9e090ce
Update user interface srings as suggested 2023-10-25 07:28:41 -04:00
Raymond Hill 33a9b97f25
Make Firefox dev build auto-update 2023-10-24 12:45:46 -04:00
Raymond Hill 5d4f0da5aa
New revision for release candidate 2023-10-24 12:31:56 -04:00
Raymond Hill c1657c2f9c
Import translation work from https://crowdin.com/project/ublock 2023-10-24 11:22:21 -04:00
Dave Vandyke b445f4f4cd
Improve google-ima shim script (#3899)
We made use of the google-ima shim script from uBlock in the
DuckDuckGo Privacy Essentials extension recently, but found a few
issues with website breakage. After debugging and fixing those[1], I
thought it would be worth sharing the improvements back again. Issues
we ran into:

- The AdDisplayContainer[2] constructor usually creates some DOM
  elements inside the given container. They are all nested within a
  DIV and some websites break when at least that top DIV element isn't
  created.
- While not documented (that I could see), the event listeners can be
  added using an array of event types. Some websites make use of that
  and then hang forever when the expected events aren't fired. This
  caused videos not to play on some websites.
- The Ad.prototype.getUniversalAdIds()[3] method should return an
  array of UniversalAdIdInfo Objects, instead of an Array of
  strings. When an array of strings are returned, some websites then
  break when the UniversalAdIdInfo's methods are missing.
- The UniversalAdIdInfo.prototype.getAdIdValue()[4] method had a typo
  in the name ("getAsIdValue") and was effectively missing. That
  caused some websites to break when the missing method was called.
- The google.ima.OmidVerificationVendor[5] Object was missing, which
  broke some websites that attempted to access it.

1 - 52f2999523
2 - https://developers.google.com/interactive-media-ads/docs/sdks/html5/client-side/reference/js/google.ima.AdDisplayContainer
3 - https://developers.google.com/interactive-media-ads/docs/sdks/html5/client-side/reference/js/google.ima.Ad#getUniversalAdIds
4 - https://developers.google.com/interactive-media-ads/docs/sdks/html5/client-side/reference/js/google.ima.UniversalAdIdInfo#getAdIdValue
5 - https://developers.google.com/interactive-media-ads/docs/sdks/html5/client-side/reference/js/google.ima#.OmidVerificationVendor
2023-10-24 11:16:14 -04:00
Raymond Hill d32204f984
Match `type` exactly in `prevent-addEventListener` scriptlet
Unless `type` is a regex of course.

Related feedback:
https://github.com/uBlockOrigin/uAssets/discussions/17907#discussioncomment-7362212
2023-10-23 21:15:00 -04:00
Raymond Hill b8542cb894
Make Firefox dev build auto-update 2023-10-23 10:11:19 -04:00
Raymond Hill e351551dc4
Move warning sentence to the start
Related discussion:
https://github.com/uBlockOrigin/uBlock-issues/discussions/2895#discussioncomment-7353454
2023-10-23 10:01:33 -04:00
Raymond Hill 4e0b74e562
new revision for release candidate 2023-10-23 10:00:52 -04:00
Raymond Hill 6c672c99c2
Import translation work from https://crowdin.com/project/ublock 2023-10-23 09:20:59 -04:00
Raymond Hill 3c04ae41b3
Make Firefox dev build auto-update 2023-10-22 18:41:37 -04:00
Raymond Hill 589f281f21
Fine tune CSS
Related discussion:
https://github.com/uBlockOrigin/uBlock-issues/discussions/2895#discussioncomment-7353182
2023-10-22 18:33:28 -04:00
Raymond Hill 3562cc2e4c
New revision for release candidate 2023-10-22 18:22:59 -04:00
Raymond Hill 1a1876e593
Import translation work from https://crowdin.com/project/ublock 2023-10-22 18:22:27 -04:00
Raymond Hill 82c59b4b6e
Add `domain` vararg to `trusted-set-cookie`
Related issue:
https://github.com/uBlockOrigin/uBlock-issues/issues/2893
2023-10-22 18:19:18 -04:00
Raymond Hill 1e745c2f4d
Emphasize warning in "My filters"
Related feedback:
f1ce3b2191 (commitcomment-130633291)
2023-10-22 17:52:38 -04:00
Raymond Hill 9bd483bec3
Enable "not permissions" filtering expression in logger
Related feedback:
https://github.com/uBlockOrigin/uBlock-issues/discussions/2714#discussioncomment-6959861
2023-10-22 17:50:45 -04:00
Raymond Hill 7ca18f77d9
Make Firefox dev build auto-update 2023-10-22 15:51:26 -04:00
Raymond Hill 9fed114374
New revision for dev build 2023-10-22 15:40:48 -04:00
Raymond Hill 9e2c919c24
Import translation work from https://crowdin.com/project/ublock 2023-10-22 15:40:16 -04:00
Raymond Hill a9ff41ae55
Add filter expressions for logger output
Related feedback:
https://github.com/uBlockOrigin/uBlock-issues/discussions/2714#discussioncomment-6959761
2023-10-22 15:33:21 -04:00
Raymond Hill 70019e41a6
Make Firefox dev build auto-update 2023-10-22 13:21:19 -04:00
Raymond Hill 52d1357c67
New revision for release candidate 2023-10-22 13:10:33 -04:00
Raymond Hill 86f0d6dd97
Add `trusted-prune-outbound-object.js` scriptlet
Essentially a complement of `trusted-prune-inbound-object.js` added in
1c9da227d7

To perform object pruning on any object returned synchronously by
any given call.

The arguments for `trusted-prune-outbound-object` in order are:

- The name of the property to trap. Must be a function, and must
  exist when the scriptlet tries to install the trap.

- The properties to prune (as with `json-prune`)

- The properties which must all be present for pruning to occur
  (as with `json-prune`)

The scriptlets `json-prune.js` and `evaldata-prune.js` essentially
perform the same function, and will eventually be rewritten to
internally delegate to generic `trusted-prune-outbound-object.js`.
2023-10-22 12:35:49 -04:00
Raymond Hill 0b9b5a4802
Enable dev console by default in dev build 2023-10-22 12:33:10 -04:00
Raymond Hill 8c283d4d38
Flush the registered scriptlet cache as needed only
Related commit:
e5b438257f
2023-10-22 12:31:33 -04:00
Raymond Hill f1ce3b2191
Add warning against adding custom filters from untrusted sources
Related discussion:
https://github.com/uBlockOrigin/uBlock-issues/discussions/2895#discussioncomment-7351138
2023-10-22 10:47:52 -04:00
Raymond Hill e33c0f9d9c
Minor refactoring plus other minor changes
Added more evocative error messages to linter.

Made the content of _My filters_ trusted by default in
dev build.
2023-10-22 08:53:01 -04:00
Raymond Hill 5dd9584da2
Make Firefox dev build auto-update 2023-10-21 19:45:50 -04:00
Raymond Hill fe36da3525
New revision for release candidate 2023-10-21 19:35:06 -04:00
Raymond Hill 64c1f8767c
Add ability to control trusted status of filter lists
Related discussion:
https://github.com/uBlockOrigin/uBlock-issues/discussions/2895

Changes:

The _content of the My filters_ pane is now considered untrusted by
default, and only uBO's own lists are now trusted by default.

It has been observed that too many people will readily copy-paste
filters from random sources. Copy-pasting filters which require trust
represents a security risk to users with no understanding of how the
filters work and their potential abuse.

Using a filter which requires trust in a filter list from an untrusted
source will cause the filter to be invalid, i.e. shown as an error.

A new advanced setting has been added to control which lists are
considered trustworthy: `trustedListPrefixes`, which is a space-
separated list of tokens. Examples of possible values:

- `ublock-`: trust only uBO lists, exclude everything else including
  content of _My filters_ (default value)

- `ublock- user-`: trust uBO lists and content of _My filters_

- `-`: trust no list, essentially disabling all filters requiring
  trust (admins or people who don't trust us may want to use this)

One can also decide to trust lists maintained elsewhere. For example,
for stock AdGuard lists add ` adguard-`. To trust stock EasyList lists,
add ` easylist-`.

To trust a specific regional stock list, look-up its token in
assets.json and add to `trustedListPrefixes`.

The matching is made with String.startsWith(), hence why `ublock-`
matches all uBO's own filter lists.

This also allows to trust imported lists, for example add
` https://filters.adtidy.org/extension/ublock/filters/` to trust all
non-stock AdGuard lists.

Add the complete URL of a given imported list to trust only that one
list.

URLs not starting with `https://` or `file:///` will be rejected,
i.e. `http://example.org` will be ignored.

Invalid URLs are rejected.
2023-10-21 19:29:10 -04:00
Raymond Hill 801d569585
Make Firefox dev build auto-update 2023-10-21 14:56:27 -04:00
Raymond Hill e275e1b197
New revision for release candidate 2023-10-21 14:36:38 -04:00
Raymond Hill e5b438257f
Ensure scriptlet cache is reset when filtering profile changes
Related issue:
https://github.com/uBlockOrigin/uBlock-issues/issues/2896

TODO: Eventually, distinguish between filtering profile increasing
or decreasing so as to avoid flushing caches when increasing
filtering, which should not affect the scriptlets cache.
2023-10-21 14:25:26 -04:00
Raymond Hill d6bd14d708
Make Firefox dev build auto-update 2023-10-21 10:11:30 -04:00
Raymond Hill e4490ee92a
New revision for release candidate 2023-10-21 10:00:02 -04:00
Raymond Hill 1c9da227d7
Add `trusted-prune-inbound-object` scriptlet
As per discussion with filter list maintainers.

To perform object pruning for any given call which has an object
as argument (hence "inbound").

Since `json-prune-stringify` scriptlet is a specific form of
pruning inbound objects, it has been removed.

The arguments for `trusted-prune-inbound-object` in order are:

- The name of the property to trap. Must be a function, and must
  exist when the scriptlet tries to install the trap.

- The position of the object to prune in the argument list when
  the trapped function is called. The position is 1-based and
  must be an integer greater than 0.

- The properties to prune (as with `json-prune`)

- The properties which must all be present for pruning to occur
  (as with `json-prune`)

- Varargs:
  - `, dontOverwrite, 1`: do not modify the target inbound object

Examples:

Remove `title` and `name` properties before passing the object to
`JSON.stringify` call:

  example.org##+js(trusted-prune-inbound-object, JSON.stringify, 1, title name)

Remove `status` property before passing the object to `Object.keys`
call but do not modify caller's instance of the object:

  example.org##+js(trusted-prune-inbound-object, Object.keys, 1, status, , dontOverwrite, 1)
2023-10-21 09:31:50 -04:00
Raymond Hill 287f7711aa
Import translation work from https://crowdin.com/project/ublock 2023-10-21 08:19:28 -04:00
Raymond Hill 6af4494946
[mv3] Honor scriptlets' target world in Firefox
When the target world of a scriptlet is the ISOLATED one,
skip Blob-based injection in Firefox, as the current world
is always the ISOLATED one. This should make ISOLATED
world-based scriptlets more reliable (i.e. execute sooner)
in Firefox.
2023-10-21 07:11:12 -04:00