Commit Graph

11487 Commits

Author SHA1 Message Date
Raymond Hill 64c1f8767c
Add ability to control trusted status of filter lists
Related discussion:
https://github.com/uBlockOrigin/uBlock-issues/discussions/2895

Changes:

The _content of the My filters_ pane is now considered untrusted by
default, and only uBO's own lists are now trusted by default.

It has been observed that too many people will readily copy-paste
filters from random sources. Copy-pasting filters which require trust
represents a security risk to users with no understanding of how the
filters work and their potential abuse.

Using a filter which requires trust in a filter list from an untrusted
source will cause the filter to be invalid, i.e. shown as an error.

A new advanced setting has been added to control which lists are
considered trustworthy: `trustedListPrefixes`, which is a space-
separated list of tokens. Examples of possible values:

- `ublock-`: trust only uBO lists, exclude everything else including
  content of _My filters_ (default value)

- `ublock- user-`: trust uBO lists and content of _My filters_

- `-`: trust no list, essentially disabling all filters requiring
  trust (admins or people who don't trust us may want to use this)

One can also decide to trust lists maintained elsewhere. For example,
for stock AdGuard lists add ` adguard-`. To trust stock EasyList lists,
add ` easylist-`.

To trust a specific regional stock list, look-up its token in
assets.json and add to `trustedListPrefixes`.

The matching is made with String.startsWith(), hence why `ublock-`
matches all uBO's own filter lists.

This also allows to trust imported lists, for example add
` https://filters.adtidy.org/extension/ublock/filters/` to trust all
non-stock AdGuard lists.

Add the complete URL of a given imported list to trust only that one
list.

URLs not starting with `https://` or `file:///` will be rejected,
i.e. `http://example.org` will be ignored.

Invalid URLs are rejected.
2023-10-21 19:29:10 -04:00
Raymond Hill 801d569585
Make Firefox dev build auto-update 2023-10-21 14:56:27 -04:00
Raymond Hill e275e1b197
New revision for release candidate 2023-10-21 14:36:38 -04:00
Raymond Hill e5b438257f
Ensure scriptlet cache is reset when filtering profile changes
Related issue:
https://github.com/uBlockOrigin/uBlock-issues/issues/2896

TODO: Eventually, distinguish between filtering profile increasing
or decreasing so as to avoid flushing caches when increasing
filtering, which should not affect the scriptlets cache.
2023-10-21 14:25:26 -04:00
Raymond Hill d6bd14d708
Make Firefox dev build auto-update 2023-10-21 10:11:30 -04:00
Raymond Hill e4490ee92a
New revision for release candidate 2023-10-21 10:00:02 -04:00
Raymond Hill 1c9da227d7
Add `trusted-prune-inbound-object` scriptlet
As per discussion with filter list maintainers.

To perform object pruning for any given call which has an object
as argument (hence "inbound").

Since `json-prune-stringify` scriptlet is a specific form of
pruning inbound objects, it has been removed.

The arguments for `trusted-prune-inbound-object` in order are:

- The name of the property to trap. Must be a function, and must
  exist when the scriptlet tries to install the trap.

- The position of the object to prune in the argument list when
  the trapped function is called. The position is 1-based and
  must be an integer greater than 0.

- The properties to prune (as with `json-prune`)

- The properties which must all be present for pruning to occur
  (as with `json-prune`)

- Varargs:
  - `, dontOverwrite, 1`: do not modify the target inbound object

Examples:

Remove `title` and `name` properties before passing the object to
`JSON.stringify` call:

  example.org##+js(trusted-prune-inbound-object, JSON.stringify, 1, title name)

Remove `status` property before passing the object to `Object.keys`
call but do not modify caller's instance of the object:

  example.org##+js(trusted-prune-inbound-object, Object.keys, 1, status, , dontOverwrite, 1)
2023-10-21 09:31:50 -04:00
Raymond Hill 287f7711aa
Import translation work from https://crowdin.com/project/ublock 2023-10-21 08:19:28 -04:00
Raymond Hill 6af4494946
[mv3] Honor scriptlets' target world in Firefox
When the target world of a scriptlet is the ISOLATED one,
skip Blob-based injection in Firefox, as the current world
is always the ISOLATED one. This should make ISOLATED
world-based scriptlets more reliable (i.e. execute sooner)
in Firefox.
2023-10-21 07:11:12 -04:00
Raymond Hill 607bba6eaf
Add `dontOverwrite` vararg to `(trusted-)set-cookie` scriptlet
When the vararg `, dontOverwrite, 1` is present, the scriptlet will
not modify the cookie if it already exists.

Related discussion:
https://github.com/uBlockOrigin/uAssets/issues/19976#issuecomment-1773466740
2023-10-20 21:38:54 -04:00
Raymond Hill 009c572cb0
Make Firefox dev build auto-update 2023-10-20 20:56:10 -04:00
Raymond Hill 9aaa7ab3f5
New revision for dev build 2023-10-20 20:44:57 -04:00
peace2000 eb66129fbf
Add "on" and "off" values to set-cookie (#3898)
* Add "on" and "off" values to set-cookie

Used on praxisplan.at.

0cd4612e18

* Update scriptlets.js
2023-10-20 20:43:52 -04:00
Raymond Hill 41d91ed080
Fine tune `set-local-storage-item` as per feedback
Related feedback:
- https://github.com/uBlockOrigin/uAssets/discussions/20194
- https://github.com/gorhill/uBlock/pull/3898
2023-10-20 20:10:35 -04:00
Raymond Hill f0cd93335e
Revert "Turns out `delay` does apply to first element"
This reverts commit 906c6eb430.
2023-10-19 17:23:05 -04:00
Raymond Hill 906c6eb430
Turns out `delay` does apply to first element
Regarding `trusted-click-element`, and as per documentation
and code:
- https://github.com/AdguardTeam/Scriptlets/blob/master/wiki/about-trusted-scriptlets.md#trusted-scriptlets
- https://github.com/AdguardTeam/Scriptlets/blob/master/src/scriptlets/trusted-click-element.js
2023-10-19 14:08:57 -04:00
Raymond Hill e873fd5378
Add `cdn.statically.io` as CDN for `ublock-quick-fixes` (dev build) 2023-10-18 11:38:00 -04:00
Raymond Hill b219faf3c7
Make Firefox dev build auto-update 2023-10-18 10:51:36 -04:00
Raymond Hill b73a0bef59
New revision for dev build 2023-10-18 10:18:55 -04:00
Raymond Hill 4dc396ff05
Fix typos in comments 2023-10-18 09:50:58 -04:00
Raymond Hill 9d3acd91b8
Support AdGuard's `[trusted-]set-cookie-reload` scriptlets
Related issue:
https://github.com/uBlockOrigin/uBlock-issues/issues/2881
2023-10-18 09:48:08 -04:00
Raymond Hill 5bd40b34cd
Support pairing `doc` with `urltransform`
Related feedback:
2e4525fe3c (commitcomment-130203742)
2023-10-18 09:06:28 -04:00
Raymond Hill 74a4772e41
Fix comment 2023-10-18 08:55:09 -04:00
Raymond Hill b0fe6d228a
Use `@latest` instead of `@main` for jsDelivr CDN 2023-10-17 23:25:06 -04:00
Raymond Hill b98ee0f442
Minor code review 2023-10-17 23:11:06 -04:00
Raymond Hill 31bdc9ef0d
Make Firefox dev build auto-update 2023-10-17 17:50:55 -04:00
Raymond Hill 5a471c2a01
New revision for dev build 2023-10-17 17:35:39 -04:00
Raymond Hill 51359c6585
[experimental] Add `json-stringify` scriptlet
Will be evaluated this current dev cycle and as a result
might be removed before next stable.

Other changes to increase code consistency.
2023-10-17 17:33:49 -04:00
Raymond Hill c0ea5ebab5
Make Firefox dev build auto-update 2023-10-17 12:41:16 -04:00
Raymond Hill 5827f7161e
New revision for dev build 2023-10-17 12:32:05 -04:00
Raymond Hill f34855b859
Do not consider same-creation time to be a stale status
Related commit:
7daf31336a
2023-10-17 12:30:06 -04:00
Raymond Hill 7daf31336a
Ignore assets older than cached version when fetching from CDNs
As discussed with filter list volunteers.

https://github.com/uBlockOrigin/uBlock-discussions/discussions/781#discussioncomment-7283981
2023-10-17 12:08:10 -04:00
Raymond Hill f122ce7320
Add logging ability to `trusted-click-element`
If the vararg `, log, 1` is present, the scriptlet will log to
the console it's execution steps. Works only in dev build.
2023-10-16 19:53:48 -04:00
Raymond Hill 5a24fad8ad
Make fine-tuned `json-prune-[...]` scriptlets the default behavior
As discussed with filter list maintainers.
2023-10-16 19:36:16 -04:00
Raymond Hill 05ae51beb2
Minor code review of last commit
Related commit:
027c7a4fb5
2023-10-16 18:05:41 -04:00
Raymond Hill 027c7a4fb5
Support quoting scriptlet parameters with backticks
(In addition to in already supported single- and double-quote).

The parsing of (optionally) quoted arguments from an argument
list has been spinned off into a standalone helper in order to
be reused in other parts of the parser eventually.
2023-10-16 17:38:57 -04:00
Raymond Hill 1e4818a6e3
Make Firefox dev build auto-update 2023-10-16 11:21:00 -04:00
Raymond Hill 5f0a883475
New revision for dev build 2023-10-16 11:16:06 -04:00
Raymond Hill c06f5e014f
Prevent redirecting when URL is not transformed
Related commit:
https://github.com/gorhill/uBlock/commit/2e4525fe3c
2023-10-16 11:14:12 -04:00
Raymond Hill 8b107e1bac
Make Firefox dev build auto-update 2023-10-16 10:21:22 -04:00
Raymond Hill 90e4a57062
New revision for dev build 2023-10-16 10:11:27 -04:00
Raymond Hill 2e4525fe3c
Add new static network filter option: `urltransform`
The `urltransform` option allows to redirect a non-blocked network
request to another URL. There are restrictions on its usage:

- require a trusted source -- thus uBO-maintained lists or user
  filters
- the `urltransform` value must start with a `/`

If at least one of these conditions is not fulfilled, the filter
will be invalid and rejected.

The requirement to start with `/` is to enforce that only the path
part of a URL can be modified, thus ensuring the network request
is redirected to the same scheme and authority (as defined at
https://en.wikipedia.org/wiki/Uniform_Resource_Identifier#Syntax).

Usage example (redirect requests for CSS resources to a non-existing
resource, for demonstration purpose):

    ||iana.org^$css,urltransform=/notfound.css

Name of this option is inspired from DNR API:
https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/API/declarativeNetRequest/URLTransform

This commit required to bring the concept of "trusted source" to
the static network filtering engine.
2023-10-16 09:47:29 -04:00
Raymond Hill bee64ebd90
Support pane: mark lists as obsolete only when update button is clicked
Lists older than 2 hours were unconditionally marked as obsolete when
opening the _Support_ pane. Those lists will now be marked as obsolete
only when the _Update now_ button in the _Support_ pane is pressed, i.e.
when launching an update cycle.

Related discussion:
https://github.com/uBlockOrigin/uBlock-discussions/discussions/781#discussioncomment-7287323
2023-10-16 07:33:38 -04:00
Raymond Hill b1530e2659
Fix #2874 as suggested 2023-10-15 20:16:44 -04:00
Raymond Hill 763e9eb2a8
Make Firefox dev build auto-update 2023-10-15 16:51:30 -04:00
Raymond Hill 99fb888328
New revision for dev build 2023-10-15 16:41:08 -04:00
Raymond Hill 7c660b2aad
Remove stray tab 2023-10-15 16:40:35 -04:00
Raymond Hill c0d80ac510
Fine tune `trusted-click-element` scriptlet 2023-10-15 16:14:44 -04:00
Raymond Hill 906c6072d6
Make Firefox dev build auto-update 2023-10-15 13:46:14 -04:00
Raymond Hill 349825ac08
New revision for dev build 2023-10-15 13:35:06 -04:00