Mirrors
/
uBlock
mirror of https://github.com/gorhill/uBlock.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
4,935 Commits 2 Branches 966 Tags 214 MiB
Commit Graph

4935 Commits

Author SHA1 Message Date
gorhill 126110c9a0
remove ability to pull latest version of resources.txt from remote repo. 
This is required as per Firefox extension reviewers. Mail exchange:

========

Reviewer:
> Do I read the code correctly that you are executing remote JS by
> downloading/updating from
> https://raw.githubusercontent.com/uBlockOrigin/uAssets/master/filters/resources.txt
> and injecting scripts in contentscripts.js?

Me:
> Yes, resources.txt contains scriptlets or other resources used to:
>
> - Minimize potential page breakage (e.g. google-analytics.com/ga.js);
> - Defuse anti-blockers (e.g. bab-defuser.js);
> - Defuse anti-blockers or minimize page breakage through redirection
> (e.g. 2x2-transparent.png)
>
> This is not a new feature -- this is also part of the legacy version,
> and I consider this is a major feature of uBO. Given how fast things can
> change out there, this allows me to quickly push fixes when a new issue
> is reported for a site without having to go through a full update of the
> extension.

Reviewer:
> I am aware that this is not a new feature. I am unclear why it has been
> allowed in the past, since it violates our policy about remote code
> execution. I assume it was missed due to the fairly complex codebase.
>
> I can approve this version so you are not blocked on the migration, but
> eventually, you cannot use functionality that executes remote code.
> Since we're moving to a more automated review process, you will be able
> to ship new versions without being blocked on a human review.

Me:
> Do I understand correctly that extensions such as TamperMonkey or
> ViolentMonkey won't be allowed on AMO?
>
> Those extensions are even more permissive than uBO given a user can
> import scripts from any source, while with uBO only scriptlets which are
> part of the project are allowed.

Reviewer:
> The key difference between add-ons like Tampermonkey and uBO is that in
> Tampermonkey, users are making an active and conscious decision to
> download and execute that specific code. In uBO, the user did not
> initiate that download/execution, nor are they even aware of it
> happening.

Me:
> So users of TamperMonkey -- tech-savvy or not -- can download & inject
> countless 3rd-party user scripts from countless authors, have them
> update on their own automatically at regular interval with no user
> intervention.
>
> On the other hand, it's not acceptable for me, the author of the
> extension, who users implicitly trusted when installing the extension,
> who is completely controlling and vouching for the content of
> "resources.txt", to have this one 1st-party resource file[1] to be
> updated at regular interval with no user intervention.
>
> So anyways, what is expected from me at this point? Do I need to remove
> scriptlet injection and resource redirection features? Do I need to
> remove only the updating part of resources.txt?
>
> [1] key to core features of uBO (counter anti-blockers + page breakage
> mitigations) and possibly an important factor in installing the
> extension.

========

Now about this commit: the purpose of the code change here is to
prevent "resources.txt" -- which is part of the package -- from being
updated -- this applies only to the Firefox webext[-hybrid] version
of uBO.
 2017-08-30 09:15:06 -04:00
gorhill d165432ded
deal properly with indexedDB not being available (#2925) 2017-08-30 08:41:22 -04:00
gorhill b1842ddf16
new revision for dev build 2017-08-29 18:32:46 -04:00
gorhill beb7933016
fix #2925 2017-08-29 18:32:00 -04:00
gorhill 572aecc517
import indexedDB-based vAPI.cacheStorage as is from d1538ea9be 2017-08-28 15:30:01 -04:00
gorhill fe4c59ec90
new revision for release candidate 2017-08-24 18:30:55 -04:00
gorhill b2e89c9ece
generate better regex for hostname-anchored generic filters 2017-08-24 18:30:05 -04:00
gorhill c31d29c2e3
fix bad test: regression from fdcc9515 2017-08-24 17:54:27 -04:00
gorhill 8758dfc061
fix AMO error: "Legacy add-ons are not compatible with Firefox 57 or higher. Use a maxVersion of 56.* or lower" 2017-08-23 08:02:40 -04:00
gorhill 2f922192c3
fix #2892: set proper minimum version for Opera 2017-08-23 07:27:53 -04:00
gorhill 592d5da490
new release 2017-08-22 23:51:02 -04:00
gorhill 9a64bf2282
translation work from https://crowdin.com/project/ublock 2017-08-22 19:00:53 -04:00
gorhill f72915f5b0
new revision for release candidate 2017-08-22 08:01:52 -04:00
gorhill 06f9ac033f
harden just a bit more the migration code 2017-08-22 08:00:46 -04:00
gorhill c9a5b4c6ac
new revision for release candidate 2017-08-21 12:06:12 -04:00
gorhill 70081dc115
Merge branch 'master' of github.com:gorhill/uBlock 2017-08-21 12:04:55 -04:00
gorhill 63be43a365
shield content script against exceptions in injected scriptlets 2017-08-21 12:04:35 -04:00
Sander Lepik 61c7f86fd2 Switch adblock.ee to HTTPS (#2884) 
* Switch adblock.ee to HTTPS

Signed-off-by: Sander Lepik <sander@lepik.eu>

* Undo changes on wrong files

Signed-off-by: Sander Lepik <sander@lepik.eu>
 2017-08-18 09:07:41 -04:00
gorhill 213c4e4de8
new revision for release candidate 2017-08-17 09:54:32 -04:00
gorhill a1350b8cff
fix #2882 2017-08-17 09:54:01 -04:00
gorhill 8e064d6b04
new revision for release candidate 2017-08-17 08:35:56 -04:00
gorhill b9f793e06f
translation work from https://crowdin.com/project/ublock 2017-08-17 08:34:00 -04:00
gorhill fdcc9515dc
fix #2029 2017-08-17 08:25:02 -04:00
gorhill d1c752da29
fix bad English in comment 2017-08-16 18:06:04 -04:00
gorhill 22ad39ea4d
new revision for dev build 2017-08-16 15:47:59 -04:00
gorhill 797082a36c
fix #2552 2017-08-16 14:10:41 -04:00
gorhill 5f72565f7a
fix #2873 2017-08-15 09:09:16 -04:00
Raymond Hill 1bda3a1cc3 Update README.md 2017-08-14 08:38:13 -04:00
gorhill 4a319d7a26
new revision for release candidate 2017-08-13 08:43:20 -04:00
gorhill d2af82bdbf
set proper min-max versions for Firefox 2017-08-13 08:25:07 -04:00
gorhill 655b0e491b
no reason to hold back: release candidate 2017-08-12 14:49:50 -04:00
gorhill 92c6d0fc33
new revision for dev build 2017-08-12 14:39:48 -04:00
gorhill 0e078e536d
eliminate validation warning on AMO: avoid innerHTML 2017-08-11 14:26:15 -04:00
Mike Tzou 0f9cd6c8c4 README.md: use crowdin svg icon (#2857) 2017-08-11 01:35:28 -04:00
gorhill ccc4324583
fix non-dev build versioning 2017-08-11 00:41:53 -04:00
gorhill 502dd89d53
fix AMO validation warning re. invalid CSS 2017-08-10 18:55:36 -04:00
gorhill 04057d40ea
fix #2855 2017-08-10 18:50:23 -04:00
gorhill 78d61eba86
new revision for dev build 2017-08-10 18:36:58 -04:00
gorhill 04718be3fd
translation work from https://crowdin.com/project/ublock 2017-08-09 10:52:27 -04:00
Raymond Hill 90470414e8 Update CONTRIBUTING.md 2017-08-08 19:02:44 -04:00
gorhill 3a1113b768
new revision for dev build 2017-08-08 13:40:00 -04:00
gorhill 7291227a64
fix #2836 2017-08-08 11:08:18 -04:00
gorhill faca2718fa
set FF56 as max version compatible with legacy version of uBO 2017-08-08 10:56:53 -04:00
gorhill c006167c65
new revision for dev build 2017-08-05 10:05:56 -04:00
gorhill af0b1b3db0
fix #2799 (uBO side), as per https://bugzilla.mozilla.org/show_bug.cgi?id=1383064#c4 2017-08-05 10:01:59 -04:00
gorhill 61a538e9f2
fix #2843: do not auto open dashboard on Firefox 2017-08-05 09:50:21 -04:00
gorhill dd2d15e36b
new revision for dev build 2017-08-04 18:31:30 -04:00
gorhill 7e4c872484
Merge branch 'master' of github.com:gorhill/uBlock 2017-08-04 18:20:08 -04:00
gorhill e903752037
rename webext to webext-hybrid, add pure webext version 2017-08-04 18:19:55 -04:00
gorhill 8393e77ab0
rename webext to webext-hybrid 2017-08-04 17:59:30 -04:00