Commit Graph

12607 Commits

Author SHA1 Message Date
Raymond Hill 7b138b58c6
Fix potential exfiltration of browsing history by a rogue list author through permissions=
As with `csp=` option, reporting capabilities need to be taken
into account with `permissions=` option.

Reference:
https://github.com/w3c/webappsec-permissions-policy/blob/main/reporting.md

This commit ensures that `permissions=` option using `report-to` are
marked as invalid.
2024-02-13 15:09:38 -05:00
Raymond Hill 3037ae5f04
Ignore event handler-related attributes in `set-attr` scriptlet
As suggested by https://github.com/distinctmondaylilac in internal
email to ubo-security:

> As a sidenote, it may be worth considering if `set-attr` should
> be able to set event handler attributes. It could potentially
> be used to copy the contents of e.g. onclick to other event handlers,
> resulting in self-clicking buttons.
2024-02-13 14:59:00 -05:00
Raymond Hill db5656f607
Fix potential exfiltration of browsing history by a rogue list author through `csp=`
As reported internally to ubo-security by https://github.com/distinctmondaylila

One issue is a regression from the rewriting of the static filtering
parser in version 1.47.0, specifically the following commit:
https://github.com/gorhill/uBlock/commit/8ea3b0f64c
The existing regex was no longer suitable to properly detect
some usage of `report-xxx` in the rwritten parser.

Another issue which predates 1.47.0 is that the regex used for
validation was case-sensititive, while the `report-uri` directive
can be written using uppercase letters, i.e. `Report-uri`.
2024-02-13 14:35:08 -05:00
Raymond Hill 2705059d7a
Make Firefox dev build auto-update 2024-02-02 12:55:48 -05:00
Raymond Hill ca3bd00d74
New revision for dev build 2024-02-02 12:48:23 -05:00
Raymond Hill 9b40b2150a
Fix argument list lookup in `trusted-replace-argument` scriptlet 2024-02-02 12:46:59 -05:00
Raymond Hill 8c7a33fe90
Make Firefox dev build auto-update 2024-02-02 09:56:17 -05:00
Raymond Hill 4688138d0f
New revision for dev build 2024-02-02 09:47:45 -05:00
Raymond Hill b4da81f8d4
Improve logging information in `prevent-window-open` scriptlet 2024-02-02 09:36:08 -05:00
Raymond Hill 28e1424058
Fall back to console if log info can't be relayed to logger 2024-02-02 09:24:24 -05:00
Raymond Hill b0122bb9fc
Do not rely on `vAPI` presence in logger broadcast code
Related feedback:
https://github.com/uBlockOrigin/uBlock-issues/discussions/3096#discussioncomment-8339494
2024-02-02 09:15:09 -05:00
Raymond Hill 605c830312
Review/fix content of `assets.json` 2024-02-01 18:22:48 -05:00
Raymond Hill 12a9245164
Remove outdated, unused scriptlet
Related commit:
2b2e0fcb14
2024-01-31 11:31:24 -05:00
Raymond Hill 0e8ff10e92
[mv3] Mind service workers for sites in "no filtering" mode
Related issue:
https://github.com/uBlockOrigin/uBOL-home/issues/114
2024-01-31 09:59:45 -05:00
Raymond Hill ad88ff213b
Make Firefox dev build auto-update 2024-01-30 21:11:07 -05:00
Raymond Hill 46d09c5b7a
New revision for dev build 2024-01-30 20:53:35 -05:00
Raymond Hill 1db54c47e1
Fix the logging of all `prevent-xhr` calls
Related feedback:
https://github.com/uBlockOrigin/uBlock-issues/discussions/3096#discussioncomment-8309729
2024-01-30 20:52:07 -05:00
Raymond Hill 1e614a7b10
Remove duplicate URL
Related issue:
https://github.com/uBlockOrigin/uBlock-issues/issues/3099
2024-01-29 09:04:27 -05:00
Raymond Hill d731ea11e0
Make Firefox dev build auto-update 2024-01-28 19:05:37 -05:00
Raymond Hill 0d1b9a14e2
New revision for dev build 2024-01-28 18:58:30 -05:00
Raymond Hill 7282d953b6
Fix last commit
Related feedback:
https://github.com/uBlockOrigin/uBlock-issues/discussions/3096#discussioncomment-8272470

Related commit:
6cfba082f9
2024-01-28 18:54:37 -05:00
Raymond Hill 0f12d5f344
Make Firefox dev build auto-update 2024-01-28 11:45:31 -05:00
Raymond Hill 2b257d86fc
New revision for dev build 2024-01-28 11:31:18 -05:00
Raymond Hill 59d46ecd78
Postprocess selections only from from logger entries
Related issue:
https://github.com/uBlockOrigin/uBlock-issues/issues/3097
2024-01-28 11:17:36 -05:00
Raymond Hill 6cfba082f9
Add more output to logger re. scriptlets 2024-01-28 10:58:41 -05:00
Raymond Hill 55879e6014
Add more output to logger re. scriptlets 2024-01-28 10:27:46 -05:00
Raymond Hill 54fba5270f
Make Firefox dev build auto-update 2024-01-27 18:36:13 -05:00
Raymond Hill 6173610422
New revision for dev build 2024-01-27 18:25:43 -05:00
Raymond Hill 030072c324
Output more information to dev console when loading filter lists
Related discussion:
https://github.com/uBlockOrigin/uBlock-issues/discussions/2993#discussioncomment-8265914
2024-01-27 18:23:04 -05:00
Raymond Hill 6c54731a72
Add `remove-cache-storage-item` scriptlet
Usage:

...##+js(remove-cache-storage-item, cacheNamePattern[, urlPattern])

`cacheNamePattern`: the name of the cache to target. Plain string
  or regex.

`urlPattern`: the URL of the resource to remove. Plain string
  or regex. If no pattern is provided, the whole cache is removed.

Reference:
https://developer.mozilla.org/en-US/docs/Web/API/CacheStorage
2024-01-27 18:17:28 -05:00
Raymond Hill fa162e2a31
Fix type
Related feedback:
https://github.com/uBlockOrigin/uBlock-issues/discussions/3096#discussioncomment-8265304
2024-01-27 08:56:00 -05:00
Raymond Hill cd736b515c
Fix bad CSS style 2024-01-27 07:54:37 -05:00
Raymond Hill 7fee16a4bd
Minor CSS changes in logger's 'Export' tool 2024-01-27 07:51:05 -05:00
Raymond Hill 9d1d5f9839
Support 'week' unit in `! Expires: ` directive 2024-01-27 07:36:58 -05:00
Raymond Hill 7cd0ef6ab5
Make Firefox dev build auto-update 2024-01-27 07:30:30 -05:00
Raymond Hill d1b3f78ba8
New revision for dev build 2024-01-27 07:23:05 -05:00
Raymond Hill f200bbf5d5
Add trace information to console 2024-01-27 07:22:32 -05:00
Raymond Hill 8be8ac57a7
Bring back ability to log all calls to `JSON.parse`
Related feedback:
https://github.com/uBlockOrigin/uBlock-issues/discussions/3096
2024-01-27 06:43:36 -05:00
Raymond Hill 0df57e08d2
Make Firefox dev build auto-update 2024-01-26 22:45:41 -05:00
Raymond Hill efddb727bd
New revision for dev build 2024-01-26 22:42:02 -05:00
Raymond Hill 302d2f5670
Fix type
Related issue:
https://github.com/uBlockOrigin/uAssets/pull/22228
2024-01-26 22:38:31 -05:00
Raymond Hill 11dc33eb02
Make Firefox dev build auto-update 2024-01-26 21:11:08 -05:00
Raymond Hill 98ef5f0576
Update changelog 2024-01-26 21:05:42 -05:00
Raymond Hill f37aa96033
New revision for dev build 2024-01-26 21:03:01 -05:00
Raymond Hill cb6ff38f86
Fix error when site has only exception scriptlet filters
Cause by recent refactoring of scriptlet-related code.
2024-01-26 20:57:26 -05:00
Raymond Hill be1f938c17
[mv3] Adjust as per changes in uBO base 2024-01-26 14:51:50 -05:00
Raymond Hill 120e845a81
Make Firefox dev build auto-update 2024-01-26 13:56:28 -05:00
Raymond Hill f941043fc9
New revision for dev build 2024-01-26 13:53:00 -05:00
Raymond Hill 94ec65b7db
Fix regression in response body filtering 2024-01-26 13:52:17 -05:00
Raymond Hill 6148d450ac
Make Firefox dev build auto-update 2024-01-26 13:11:18 -05:00