Raymond Hill
7b138b58c6
Fix potential exfiltration of browsing history by a rogue list author through permissions=
...
As with `csp=` option, reporting capabilities need to be taken
into account with `permissions=` option.
Reference:
https://github.com/w3c/webappsec-permissions-policy/blob/main/reporting.md
This commit ensures that `permissions=` option using `report-to` are
marked as invalid.
2024-02-13 15:09:38 -05:00
Raymond Hill
3037ae5f04
Ignore event handler-related attributes in `set-attr` scriptlet
...
As suggested by https://github.com/distinctmondaylilac in internal
email to ubo-security:
> As a sidenote, it may be worth considering if `set-attr` should
> be able to set event handler attributes. It could potentially
> be used to copy the contents of e.g. onclick to other event handlers,
> resulting in self-clicking buttons.
2024-02-13 14:59:00 -05:00
Raymond Hill
db5656f607
Fix potential exfiltration of browsing history by a rogue list author through `csp=`
...
As reported internally to ubo-security by https://github.com/distinctmondaylila
One issue is a regression from the rewriting of the static filtering
parser in version 1.47.0, specifically the following commit:
https://github.com/gorhill/uBlock/commit/8ea3b0f64c
The existing regex was no longer suitable to properly detect
some usage of `report-xxx` in the rwritten parser.
Another issue which predates 1.47.0 is that the regex used for
validation was case-sensititive, while the `report-uri` directive
can be written using uppercase letters, i.e. `Report-uri`.
2024-02-13 14:35:08 -05:00
Raymond Hill
2705059d7a
Make Firefox dev build auto-update
2024-02-02 12:55:48 -05:00
Raymond Hill
ca3bd00d74
New revision for dev build
2024-02-02 12:48:23 -05:00
Raymond Hill
9b40b2150a
Fix argument list lookup in `trusted-replace-argument` scriptlet
2024-02-02 12:46:59 -05:00
Raymond Hill
8c7a33fe90
Make Firefox dev build auto-update
2024-02-02 09:56:17 -05:00
Raymond Hill
4688138d0f
New revision for dev build
2024-02-02 09:47:45 -05:00
Raymond Hill
b4da81f8d4
Improve logging information in `prevent-window-open` scriptlet
2024-02-02 09:36:08 -05:00
Raymond Hill
28e1424058
Fall back to console if log info can't be relayed to logger
2024-02-02 09:24:24 -05:00
Raymond Hill
b0122bb9fc
Do not rely on `vAPI` presence in logger broadcast code
...
Related feedback:
https://github.com/uBlockOrigin/uBlock-issues/discussions/3096#discussioncomment-8339494
2024-02-02 09:15:09 -05:00
Raymond Hill
605c830312
Review/fix content of `assets.json`
2024-02-01 18:22:48 -05:00
Raymond Hill
12a9245164
Remove outdated, unused scriptlet
...
Related commit:
2b2e0fcb14
2024-01-31 11:31:24 -05:00
Raymond Hill
0e8ff10e92
[mv3] Mind service workers for sites in "no filtering" mode
...
Related issue:
https://github.com/uBlockOrigin/uBOL-home/issues/114
2024-01-31 09:59:45 -05:00
Raymond Hill
ad88ff213b
Make Firefox dev build auto-update
2024-01-30 21:11:07 -05:00
Raymond Hill
46d09c5b7a
New revision for dev build
2024-01-30 20:53:35 -05:00
Raymond Hill
1db54c47e1
Fix the logging of all `prevent-xhr` calls
...
Related feedback:
https://github.com/uBlockOrigin/uBlock-issues/discussions/3096#discussioncomment-8309729
2024-01-30 20:52:07 -05:00
Raymond Hill
1e614a7b10
Remove duplicate URL
...
Related issue:
https://github.com/uBlockOrigin/uBlock-issues/issues/3099
2024-01-29 09:04:27 -05:00
Raymond Hill
d731ea11e0
Make Firefox dev build auto-update
2024-01-28 19:05:37 -05:00
Raymond Hill
0d1b9a14e2
New revision for dev build
2024-01-28 18:58:30 -05:00
Raymond Hill
7282d953b6
Fix last commit
...
Related feedback:
https://github.com/uBlockOrigin/uBlock-issues/discussions/3096#discussioncomment-8272470
Related commit:
6cfba082f9
2024-01-28 18:54:37 -05:00
Raymond Hill
0f12d5f344
Make Firefox dev build auto-update
2024-01-28 11:45:31 -05:00
Raymond Hill
2b257d86fc
New revision for dev build
2024-01-28 11:31:18 -05:00
Raymond Hill
59d46ecd78
Postprocess selections only from from logger entries
...
Related issue:
https://github.com/uBlockOrigin/uBlock-issues/issues/3097
2024-01-28 11:17:36 -05:00
Raymond Hill
6cfba082f9
Add more output to logger re. scriptlets
2024-01-28 10:58:41 -05:00
Raymond Hill
55879e6014
Add more output to logger re. scriptlets
2024-01-28 10:27:46 -05:00
Raymond Hill
54fba5270f
Make Firefox dev build auto-update
2024-01-27 18:36:13 -05:00
Raymond Hill
6173610422
New revision for dev build
2024-01-27 18:25:43 -05:00
Raymond Hill
030072c324
Output more information to dev console when loading filter lists
...
Related discussion:
https://github.com/uBlockOrigin/uBlock-issues/discussions/2993#discussioncomment-8265914
2024-01-27 18:23:04 -05:00
Raymond Hill
6c54731a72
Add `remove-cache-storage-item` scriptlet
...
Usage:
...##+js(remove-cache-storage-item, cacheNamePattern[, urlPattern])
`cacheNamePattern`: the name of the cache to target. Plain string
or regex.
`urlPattern`: the URL of the resource to remove. Plain string
or regex. If no pattern is provided, the whole cache is removed.
Reference:
https://developer.mozilla.org/en-US/docs/Web/API/CacheStorage
2024-01-27 18:17:28 -05:00
Raymond Hill
fa162e2a31
Fix type
...
Related feedback:
https://github.com/uBlockOrigin/uBlock-issues/discussions/3096#discussioncomment-8265304
2024-01-27 08:56:00 -05:00
Raymond Hill
cd736b515c
Fix bad CSS style
2024-01-27 07:54:37 -05:00
Raymond Hill
7fee16a4bd
Minor CSS changes in logger's 'Export' tool
2024-01-27 07:51:05 -05:00
Raymond Hill
9d1d5f9839
Support 'week' unit in `! Expires: ` directive
2024-01-27 07:36:58 -05:00
Raymond Hill
7cd0ef6ab5
Make Firefox dev build auto-update
2024-01-27 07:30:30 -05:00
Raymond Hill
d1b3f78ba8
New revision for dev build
2024-01-27 07:23:05 -05:00
Raymond Hill
f200bbf5d5
Add trace information to console
2024-01-27 07:22:32 -05:00
Raymond Hill
8be8ac57a7
Bring back ability to log all calls to `JSON.parse`
...
Related feedback:
https://github.com/uBlockOrigin/uBlock-issues/discussions/3096
2024-01-27 06:43:36 -05:00
Raymond Hill
0df57e08d2
Make Firefox dev build auto-update
2024-01-26 22:45:41 -05:00
Raymond Hill
efddb727bd
New revision for dev build
2024-01-26 22:42:02 -05:00
Raymond Hill
302d2f5670
Fix type
...
Related issue:
https://github.com/uBlockOrigin/uAssets/pull/22228
2024-01-26 22:38:31 -05:00
Raymond Hill
11dc33eb02
Make Firefox dev build auto-update
2024-01-26 21:11:08 -05:00
Raymond Hill
98ef5f0576
Update changelog
2024-01-26 21:05:42 -05:00
Raymond Hill
f37aa96033
New revision for dev build
2024-01-26 21:03:01 -05:00
Raymond Hill
cb6ff38f86
Fix error when site has only exception scriptlet filters
...
Cause by recent refactoring of scriptlet-related code.
2024-01-26 20:57:26 -05:00
Raymond Hill
be1f938c17
[mv3] Adjust as per changes in uBO base
2024-01-26 14:51:50 -05:00
Raymond Hill
120e845a81
Make Firefox dev build auto-update
2024-01-26 13:56:28 -05:00
Raymond Hill
f941043fc9
New revision for dev build
2024-01-26 13:53:00 -05:00
Raymond Hill
94ec65b7db
Fix regression in response body filtering
2024-01-26 13:52:17 -05:00
Raymond Hill
6148d450ac
Make Firefox dev build auto-update
2024-01-26 13:11:18 -05:00