Commit graph

69 commits

Author SHA1 Message Date
Raymond Hill
a9f68fe02f
Fix #3069, and consequently #3374, #3378.
A new filtering class has been created: "static extended filtering".
This new class is an umbrella class for more specialized filtering
engines:
- Cosmetic filtering
- Scriptlet filtering
- HTML filtering

HTML filtering is available only on platforms which support modifying
the response body on the fly, so only Firefox 57+ at the moment.

With the ability to modify the response body, HTML filtering has
been introduced: removing elements from the DOM before the source
data has been parsed by the browser.

A consequence of HTML filtering ability is to bring back script tag
filtering feature.
2017-12-28 13:49:02 -05:00
Raymond Hill
8e7ccef14c
code review for #3331: support relative paths as per https://github.com/AdguardTeam/AdguardBrowserExtension/issues/917 2017-12-15 09:24:06 -05:00
Raymond Hill
912582ce4b
code review: remove space as per https://github.com/AdguardTeam/AdguardBrowserExtension/issues/917 2017-12-15 07:55:15 -05:00
Raymond Hill
6a8c27b6df
fix #3331: ability to fetch sublists using !# include directives 2017-12-15 07:39:21 -05:00
Raymond Hill
36956cbc7a
remove obsolete resource caching code 2017-12-14 16:42:54 -05:00
gorhill
6a71fc59a4
evict possible remnant of resources.txt from cache [Firefox] 2017-09-29 08:22:17 -04:00
gorhill
126110c9a0
remove ability to pull latest version of resources.txt from remote repo.
This is required as per Firefox extension reviewers. Mail exchange:

========

Reviewer:
> Do I read the code correctly that you are executing remote JS by
> downloading/updating from
> https://raw.githubusercontent.com/uBlockOrigin/uAssets/master/filters/resources.txt
> and injecting scripts in contentscripts.js?

Me:
> Yes, resources.txt contains scriptlets or other resources used to:
>
> - Minimize potential page breakage (e.g. google-analytics.com/ga.js);
> - Defuse anti-blockers (e.g. bab-defuser.js);
> - Defuse anti-blockers or minimize page breakage through redirection
> (e.g. 2x2-transparent.png)
>
> This is not a new feature -- this is also part of the legacy version,
> and I consider this is a major feature of uBO. Given how fast things can
> change out there, this allows me to quickly push fixes when a new issue
> is reported for a site without having to go through a full update of the
> extension.

Reviewer:
> I am aware that this is not a new feature. I am unclear why it has been
> allowed in the past, since it violates our policy about remote code
> execution. I assume it was missed due to the fairly complex codebase.
>
> I can approve this version so you are not blocked on the migration, but
> eventually, you cannot use functionality that executes remote code.
> Since we're moving to a more automated review process, you will be able
> to ship new versions without being blocked on a human review.

Me:
> Do I understand correctly that extensions such as TamperMonkey or
> ViolentMonkey won't be allowed on AMO?
>
> Those extensions are even more permissive than uBO given a user can
> import scripts from any source, while with uBO only scriptlets which are
> part of the project are allowed.

Reviewer:
> The key difference between add-ons like Tampermonkey and uBO is that in
> Tampermonkey, users are making an active and conscious decision to
> download and execute that specific code. In uBO, the user did not
> initiate that download/execution, nor are they even aware of it
> happening.

Me:
> So users of TamperMonkey -- tech-savvy or not -- can download & inject
> countless 3rd-party user scripts from countless authors, have them
> update on their own automatically at regular interval with no user
> intervention.
>
> On the other hand, it's not acceptable for me, the author of the
> extension, who users implicitly trusted when installing the extension,
> who is completely controlling and vouching for the content of
> "resources.txt", to have this one 1st-party resource file[1] to be
> updated at regular interval with no user intervention.
>
> So anyways, what is expected from me at this point? Do I need to remove
> scriptlet injection and resource redirection features? Do I need to
> remove only the updating part of resources.txt?
>
> [1] key to core features of uBO (counter anti-blockers + page breakage
> mitigations) and possibly an important factor in installing the
> extension.

========

Now about this commit: the purpose of the code change here is to
prevent "resources.txt" -- which is part of the package -- from being
updated -- this applies only to the Firefox webext[-hybrid] version
of uBO.
2017-08-30 09:15:06 -04:00
gorhill
1c7c703d8b
fix #2594 2017-05-08 14:00:41 -04:00
gorhill
622d8f22fb
minor code review re. #2592 2017-05-08 12:12:56 -04:00
gorhill
22d74421e3
fix #2594 2017-05-08 11:49:48 -04:00
gorhill
733917d176
fix #2526: better handle timeout conditions 2017-04-23 09:00:15 -04:00
gorhill
5015826546 fix #2267 2017-03-05 12:54:47 -05:00
gorhill
aadf4a6427 fix #2340 2017-01-26 10:17:38 -05:00
gorhill
96df129ddb code reivew: do not cache assets fetched for viewing purpose 2017-01-23 10:13:07 -05:00
gorhill
50800427b3 generic code review related to the new 3rd-party filter pane 2017-01-23 09:35:05 -05:00
gorhill
9309df4196 3rd-party filters pane revisited 2017-01-22 16:05:16 -05:00
gorhill
6e48c74e4e code review: auto-select new built-in asset if it matches locale (https://github.com/uBlockOrigin/uAssets/issues/268#issuecomment-274146120) 2017-01-20 15:17:11 -05:00
gorhill
726f0d6e1f remove stray change mistakenly added to last commit 2017-01-18 18:22:33 -05:00
gorhill
f4d2d6c891 forgot to adjust alises after modifying assts.json 2017-01-18 17:59:49 -05:00
gorhill
ff64a8340c code review: only built-in assets are candidates for removal when updating assets.json 2017-01-18 13:35:10 -05:00
Raymond Hill
3b9fd49c50 Assets management refactored (#2314)
* refactoring assets management code

* finalizing refactoring of assets management

* various code review of new assets management code

* fix #2281

* fix #1961

* fix #1293

* fix #1275

* fix update scheduler timing logic

* forward compatibility (to be removed once 1.11+ is widespread)

* more codereview; give admins ability to specify own assets.json

* "assetKey" is more accurate than "path"

* fix group count update when building dom incrementally

* reorganize content (order, added URLs, etc.)

* ability to customize updater through advanced settings

* better spinner icon
2017-01-18 13:17:47 -05:00
gorhill
50889da226 code review re. 3628de7a9d 2016-10-29 10:28:50 -04:00
gorhill
de3054b485 code review re. 3628de7a9d 2016-10-29 08:42:29 -04:00
gorhill
3628de7a9d necessary changes for https://github.com/nikrolls/uBlock-Edge/pull/22 2016-10-28 08:40:38 -04:00
gorhill
cad3c5f5cb update packaging scripts for https://github.com/uBlockOrigin/uAssets repo 2016-04-03 13:07:46 -04:00
gorhill
d286eff4ba spin-off filter lists into their own dedicated project 2016-04-01 20:58:35 -04:00
gorhill
c7f1027ab9 this fixes #1321 2016-01-30 19:16:30 -05:00
gorhill
ea49484dd3 this fixes #1067 + partially fixes #1070 2015-12-15 10:40:40 -05:00
gorhill
640452ad42 reverting last change 2015-11-23 09:57:46 -05:00
gorhill
30039ff9c7 code review 2015-11-23 09:49:50 -05:00
gorhill
135ad95d61 #760: reflect obsolete status immediately in UI 2015-10-14 14:16:43 -04:00
gorhill
4fcdac821d this fixes #760 2015-10-14 10:28:37 -04:00
gorhill
de2d993d61 re. #724: configurable xhr timeout 2015-09-25 08:31:46 -04:00
gorhill
b685af177e code review 2015-08-25 15:43:32 -04:00
gorhill
57a7f6bcd7 code review last commit re. #602
External filter lists are not meant to appear in checksums.txt.
2015-08-25 11:21:35 -04:00
gorhill
8f01f7309e this fixes #528 + checksums.txt needs patching re. #602 2015-08-25 10:09:37 -04:00
gorhill
efccaf1416 All third-party assets which are not enabled by default will no longer be
part of the package. The code here is to ensure a seamless transition from
local assets which have been converted to remote assets. The only side
effect to expect is that the selfie, if any, will be invalidated.
2015-08-18 13:15:58 -04:00
gorhill
9b4b998364 #608: this fixes a bunch of strictness-related warnings 2015-08-18 11:44:24 -04:00
gorhill
6c1678d718 Firefox: this fixes uBlock lingering in memory after disabling it 2015-06-23 11:37:54 -04:00
gorhill
93ec8ac55d not all schemes are "external" 2015-06-08 12:26:14 -04:00
gorhill
90d009ea3f this fixes https://github.com/chrisaljoudi/uBlock/issues/675 2015-06-07 20:27:19 -04:00
gorhill
facef0dc05 this fixes many addon validation warnings 2015-05-17 13:02:56 -04:00
YFdyh000
6e77ec33ff Correct issue links 2015-04-07 09:46:26 +08:00
gorhill
b938022d0b this fixes #1102 2015-03-27 09:50:31 -04:00
gorhill
d0113278aa code review 2015-03-11 14:52:20 -04:00
gorhill
145e5da7ce this fixes #990 + code review for #978 2015-03-11 11:05:13 -04:00
gorhill
7b21d7270d code review 2015-03-11 00:31:11 -04:00
gorhill
39ad1585e9 this fixes #982, #978, #965 2015-03-10 23:46:18 -04:00
Deathamns
95b778fbc7 Change extension description 2015-03-07 19:20:18 +01:00
gorhill
a9a4c739a1 comment review 2015-02-24 15:35:32 -05:00