Commit Graph

12235 Commits

Author SHA1 Message Date
Raymond Hill 57c387af36
Update changelog 2024-02-14 14:57:56 -05:00
Raymond Hill a2ced90398
Update changelog 2024-02-14 14:54:13 -05:00
Raymond Hill bc0248bd07
Merge remote-tracking branch 'origin/master' 2024-02-14 14:51:43 -05:00
Raymond Hill 41511726dc
Further improve detection of forbidden `report-xxx` usage in filters
As per feedback from https://github.com/distinctmondaylila

Related commit:
https://github.com/gorhill/uBlock/commit/db5656f607
2024-02-14 14:48:31 -05:00
Raymond Hill e8194aecf0
Further improve detection of forbidden `report-xxx` usage in filters
As per feedback from https://github.com/distinctmondaylila
2024-02-14 14:43:29 -05:00
Raymond Hill 1ef2ea0e93
Update changelog 2024-02-14 14:34:23 -05:00
Raymond Hill b39dac34b1
New revision for release candidate 2024-02-14 14:33:25 -05:00
Raymond Hill 21ec5a277c
Fix improper invalidation of valid `uritransform` exception filters
Related feedback:
https://github.com/uBlockOrigin/uBlock-discussions/discussions/831#discussioncomment-8461847
2024-02-14 14:30:05 -05:00
Raymond Hill f2d7413a42
[mv3] Reuse rule ids across release where possible
This is to reduce the diff size of rulesets in new
releases. Beside smaller diff size, this also makes it
easier to investigate rule changes across releases.
2024-02-14 14:27:36 -05:00
Raymond Hill d6b88d5d6e
Make Firefox dev build auto-update 2024-02-14 11:50:43 -05:00
Raymond Hill 65b71f2e19
New revision for release candidate 2024-02-14 11:43:39 -05:00
Raymond Hill ebb110fb3e
Fix logging code in `trusted-replace-argument` scriptlet
Related feedback:
https://github.com/uBlockOrigin/uBlock-discussions/discussions/859#discussioncomment-8368839
2024-02-14 11:41:58 -05:00
Raymond Hill e16cedb18d
Make Firefox dev build auto-update 2024-02-14 09:11:15 -05:00
Raymond Hill 71eccf94dc
Update changelog 2024-02-14 08:46:40 -05:00
Raymond Hill f2c1e72661
New revision for release candidate 2024-02-14 08:40:09 -05:00
Raymond Hill 50ebfb9932
Mind that attribute names are case-insensitive
Related issue:
https://github.com/uBlockOrigin/uBlock-issues/issues/3121
2024-02-14 08:37:01 -05:00
Raymond Hill b22b3d729b
Improve `prevent-addEventListener` scriptlet
Related feedback:
https://github.com/uBlockOrigin/uBlock-issues/issues/3061#issuecomment-1899042062
2024-02-14 08:23:16 -05:00
Raymond Hill 068b625bef
In `set-attr`, restrict `on...` attributes to empty string only
As per feedback from https://github.com/distinctmondaylilac

Related commit:
https://github.com/gorhill/uBlock/commit/3037ae5f04

Additionally, added logging ability to the scriptlet.
2024-02-13 19:41:25 -05:00
Raymond Hill 68186a9242
Minor code review 2024-02-13 17:52:05 -05:00
Raymond Hill e2d40cc446
Make Firefox dev build auto-update 2024-02-13 17:00:29 -05:00
Raymond Hill 9e1e19bdf3
New revision for release candidate 2024-02-13 16:49:00 -05:00
Raymond Hill d80a3e30f8
Minor code review 2024-02-13 16:41:45 -05:00
Fanboynz 397d6d47b9
Fix Chartbeat flicker control div's (#3913) 2024-02-13 16:35:20 -05:00
Raymond Hill 6551cab525
Improve loggger output of `prevent-fetch` scriptlet
Related feedback:
https://github.com/uBlockOrigin/uBlock-issues/discussions/3115
2024-02-13 16:12:11 -05:00
Raymond Hill 246ae91c79
Make Firefox dev build auto-update 2024-02-13 15:46:21 -05:00
Raymond Hill a7786a0a32
Import translation work from https://crowdin.com/project/ublock 2024-02-13 15:36:10 -05:00
Raymond Hill 00d90570a3
Update changelog 2024-02-13 15:16:11 -05:00
Raymond Hill cc1199f4b6
New revision for dev build 2024-02-13 15:13:40 -05:00
Raymond Hill 7b138b58c6
Fix potential exfiltration of browsing history by a rogue list author through permissions=
As with `csp=` option, reporting capabilities need to be taken
into account with `permissions=` option.

Reference:
https://github.com/w3c/webappsec-permissions-policy/blob/main/reporting.md

This commit ensures that `permissions=` option using `report-to` are
marked as invalid.
2024-02-13 15:09:38 -05:00
Raymond Hill 3037ae5f04
Ignore event handler-related attributes in `set-attr` scriptlet
As suggested by https://github.com/distinctmondaylilac in internal
email to ubo-security:

> As a sidenote, it may be worth considering if `set-attr` should
> be able to set event handler attributes. It could potentially
> be used to copy the contents of e.g. onclick to other event handlers,
> resulting in self-clicking buttons.
2024-02-13 14:59:00 -05:00
Raymond Hill db5656f607
Fix potential exfiltration of browsing history by a rogue list author through `csp=`
As reported internally to ubo-security by https://github.com/distinctmondaylila

One issue is a regression from the rewriting of the static filtering
parser in version 1.47.0, specifically the following commit:
https://github.com/gorhill/uBlock/commit/8ea3b0f64c
The existing regex was no longer suitable to properly detect
some usage of `report-xxx` in the rwritten parser.

Another issue which predates 1.47.0 is that the regex used for
validation was case-sensititive, while the `report-uri` directive
can be written using uppercase letters, i.e. `Report-uri`.
2024-02-13 14:35:08 -05:00
Raymond Hill 2705059d7a
Make Firefox dev build auto-update 2024-02-02 12:55:48 -05:00
Raymond Hill ca3bd00d74
New revision for dev build 2024-02-02 12:48:23 -05:00
Raymond Hill 9b40b2150a
Fix argument list lookup in `trusted-replace-argument` scriptlet 2024-02-02 12:46:59 -05:00
Raymond Hill 8c7a33fe90
Make Firefox dev build auto-update 2024-02-02 09:56:17 -05:00
Raymond Hill 4688138d0f
New revision for dev build 2024-02-02 09:47:45 -05:00
Raymond Hill b4da81f8d4
Improve logging information in `prevent-window-open` scriptlet 2024-02-02 09:36:08 -05:00
Raymond Hill 28e1424058
Fall back to console if log info can't be relayed to logger 2024-02-02 09:24:24 -05:00
Raymond Hill b0122bb9fc
Do not rely on `vAPI` presence in logger broadcast code
Related feedback:
https://github.com/uBlockOrigin/uBlock-issues/discussions/3096#discussioncomment-8339494
2024-02-02 09:15:09 -05:00
Raymond Hill 605c830312
Review/fix content of `assets.json` 2024-02-01 18:22:48 -05:00
Raymond Hill 12a9245164
Remove outdated, unused scriptlet
Related commit:
2b2e0fcb14
2024-01-31 11:31:24 -05:00
Raymond Hill 0e8ff10e92
[mv3] Mind service workers for sites in "no filtering" mode
Related issue:
https://github.com/uBlockOrigin/uBOL-home/issues/114
2024-01-31 09:59:45 -05:00
Raymond Hill ad88ff213b
Make Firefox dev build auto-update 2024-01-30 21:11:07 -05:00
Raymond Hill 46d09c5b7a
New revision for dev build 2024-01-30 20:53:35 -05:00
Raymond Hill 1db54c47e1
Fix the logging of all `prevent-xhr` calls
Related feedback:
https://github.com/uBlockOrigin/uBlock-issues/discussions/3096#discussioncomment-8309729
2024-01-30 20:52:07 -05:00
Raymond Hill 1e614a7b10
Remove duplicate URL
Related issue:
https://github.com/uBlockOrigin/uBlock-issues/issues/3099
2024-01-29 09:04:27 -05:00
Raymond Hill d731ea11e0
Make Firefox dev build auto-update 2024-01-28 19:05:37 -05:00
Raymond Hill 0d1b9a14e2
New revision for dev build 2024-01-28 18:58:30 -05:00
Raymond Hill 7282d953b6
Fix last commit
Related feedback:
https://github.com/uBlockOrigin/uBlock-issues/discussions/3096#discussioncomment-8272470

Related commit:
6cfba082f9
2024-01-28 18:54:37 -05:00
Raymond Hill 0f12d5f344
Make Firefox dev build auto-update 2024-01-28 11:45:31 -05:00