1
0
mirror of https://github.com/gorhill/uBlock.git synced 2024-11-05 18:32:30 +01:00
Commit Graph

1206 Commits

Author SHA1 Message Date
gorhill
a76f5b15ac
fix https://github.com/gorhill/uBlock/issues/3160#issuecomment-338509997 2017-10-23 12:21:37 -04:00
gorhill
6e18829f02
add to #2984: fix regressions, as per feedback and code review 2017-10-23 09:01:00 -04:00
gorhill
14109b33d6
minor code review 2017-10-22 14:20:33 -04:00
gorhill
ef84e6d8fd
fix https://github.com/gorhill/uBlock/issues/2984#issuecomment-338475886 2017-10-22 12:48:13 -04:00
gorhill
4f7aab695c
fix #3160 2017-10-22 08:59:29 -04:00
gorhill
6112a68faf
fix #2984 2017-10-21 13:43:46 -04:00
gorhill
95b25f7d49
fix #3150 2017-10-19 09:35:28 -04:00
gorhill
143e9c7414
more code review re. #3140 2017-10-19 08:07:00 -04:00
gorhill
7e21eec7ce
code review for #3140: handle case where both blockedURI & sourceFile are not found 2017-10-19 00:45:24 -04:00
gorhill
eb7bdba47f
fix #3140 2017-10-18 15:00:22 -04:00
gorhill
d44c54a477
code review: diregard letter case when validating popup filters as popunder ones 2017-10-13 09:52:17 -04:00
gorhill
9b83033785
code review of 7713597e (oops) 2017-10-13 09:38:16 -04:00
gorhill
7713597e3e
fix #3129, #3112, #2277 2017-10-13 09:33:02 -04:00
gorhill
0c1207bd7a
fix #3110 2017-10-09 09:28:28 -04:00
gorhill
8c33720d16
fix #3111 2017-10-08 23:47:23 -04:00
gorhill
49c19f2dcc
remove stray console.log used for development purpose 2017-10-06 13:47:39 -04:00
gorhill
4639d75896
fix #3101 2017-10-06 13:35:45 -04:00
gorhill
c49ba60f0b
minor code review 2017-10-05 08:38:34 -04:00
gorhill
bd18fe3901
fix #2793: user-friendlier normalization 2017-10-04 13:20:43 -04:00
gorhill
a6b01cb0e5
fix #3090 2017-10-04 11:14:24 -04:00
gorhill
e7e390d2e2
fix #3077 2017-10-01 07:56:28 -04:00
gorhill
ca299a394f
code review fix as per https://github.com/gorhill/uBlock/issues/2793#issuecomment-333269387 2017-09-30 10:18:41 -04:00
gorhill
6a71fc59a4
evict possible remnant of resources.txt from cache [Firefox] 2017-09-29 08:22:17 -04:00
gorhill
8559669e89
fix #2755 2017-09-28 12:53:05 -04:00
gorhill
d73b888150
fix #3060 2017-09-27 10:27:29 -04:00
gorhill
c74526a895
fix #3057 2017-09-26 16:09:35 -04:00
gorhill
83ff2ef26e
fix #3053 2017-09-26 07:54:06 -04:00
gorhill
ac481ec1f2
fix #1510 2017-09-21 11:46:15 -04:00
gorhill
e9beccba51
code review of fix #3038 2017-09-19 23:25:08 -04:00
gorhill
1b6c211fa0
fix #3038 2017-09-19 12:58:11 -04:00
gorhill
59ba5248f5
fix #3034 2017-09-18 13:06:36 -04:00
gorhill
b677600637
fix #3032 -- hopefully 2017-09-18 10:52:30 -04:00
gorhill
1e760f9429
fix #3024: regression from 5626b500 2017-09-16 07:59:56 -04:00
gorhill
2c4faaa84d
fix #3020 2017-09-16 07:49:43 -04:00
gorhill
f632171566
remove spurious space character 2017-09-14 17:54:59 -04:00
gorhill
faeedeaf56
fix #2283 2017-09-13 23:41:20 -04:00
gorhill
5626b5005a
fix #2946 2017-09-12 11:43:43 -04:00
gorhill
dfe18111b9
fix #1539 2017-09-11 09:53:42 -04:00
gorhill
c641cadea9
rename "Social" filter list category to "Annoyances" 2017-09-10 13:02:04 -04:00
gorhill
2660bee0d2
fix #2919 2017-09-05 19:49:48 -04:00
gorhill
8b4b1fa9db
properly fix #2938 2017-08-31 14:17:55 -04:00
gorhill
73387e54ad
fix #2938 2017-08-30 19:03:02 -04:00
gorhill
126110c9a0
remove ability to pull latest version of resources.txt from remote repo.
This is required as per Firefox extension reviewers. Mail exchange:

========

Reviewer:
> Do I read the code correctly that you are executing remote JS by
> downloading/updating from
> https://raw.githubusercontent.com/uBlockOrigin/uAssets/master/filters/resources.txt
> and injecting scripts in contentscripts.js?

Me:
> Yes, resources.txt contains scriptlets or other resources used to:
>
> - Minimize potential page breakage (e.g. google-analytics.com/ga.js);
> - Defuse anti-blockers (e.g. bab-defuser.js);
> - Defuse anti-blockers or minimize page breakage through redirection
> (e.g. 2x2-transparent.png)
>
> This is not a new feature -- this is also part of the legacy version,
> and I consider this is a major feature of uBO. Given how fast things can
> change out there, this allows me to quickly push fixes when a new issue
> is reported for a site without having to go through a full update of the
> extension.

Reviewer:
> I am aware that this is not a new feature. I am unclear why it has been
> allowed in the past, since it violates our policy about remote code
> execution. I assume it was missed due to the fairly complex codebase.
>
> I can approve this version so you are not blocked on the migration, but
> eventually, you cannot use functionality that executes remote code.
> Since we're moving to a more automated review process, you will be able
> to ship new versions without being blocked on a human review.

Me:
> Do I understand correctly that extensions such as TamperMonkey or
> ViolentMonkey won't be allowed on AMO?
>
> Those extensions are even more permissive than uBO given a user can
> import scripts from any source, while with uBO only scriptlets which are
> part of the project are allowed.

Reviewer:
> The key difference between add-ons like Tampermonkey and uBO is that in
> Tampermonkey, users are making an active and conscious decision to
> download and execute that specific code. In uBO, the user did not
> initiate that download/execution, nor are they even aware of it
> happening.

Me:
> So users of TamperMonkey -- tech-savvy or not -- can download & inject
> countless 3rd-party user scripts from countless authors, have them
> update on their own automatically at regular interval with no user
> intervention.
>
> On the other hand, it's not acceptable for me, the author of the
> extension, who users implicitly trusted when installing the extension,
> who is completely controlling and vouching for the content of
> "resources.txt", to have this one 1st-party resource file[1] to be
> updated at regular interval with no user intervention.
>
> So anyways, what is expected from me at this point? Do I need to remove
> scriptlet injection and resource redirection features? Do I need to
> remove only the updating part of resources.txt?
>
> [1] key to core features of uBO (counter anti-blockers + page breakage
> mitigations) and possibly an important factor in installing the
> extension.

========

Now about this commit: the purpose of the code change here is to
prevent "resources.txt" -- which is part of the package -- from being
updated -- this applies only to the Firefox webext[-hybrid] version
of uBO.
2017-08-30 09:15:06 -04:00
gorhill
beb7933016
fix #2925 2017-08-29 18:32:00 -04:00
gorhill
b2e89c9ece
generate better regex for hostname-anchored generic filters 2017-08-24 18:30:05 -04:00
gorhill
c31d29c2e3
fix bad test: regression from fdcc9515 2017-08-24 17:54:27 -04:00
gorhill
63be43a365
shield content script against exceptions in injected scriptlets 2017-08-21 12:04:35 -04:00
gorhill
a1350b8cff
fix #2882 2017-08-17 09:54:01 -04:00
gorhill
fdcc9515dc
fix #2029 2017-08-17 08:25:02 -04:00
gorhill
d1c752da29
fix bad English in comment 2017-08-16 18:06:04 -04:00