Commit graph

1670 commits

Author SHA1 Message Date
gorhill
faeedeaf56
fix #2283 2017-09-13 23:41:20 -04:00
gorhill
5626b5005a
fix #2946 2017-09-12 11:43:43 -04:00
gorhill
147dc4f987
translation work from https://crowdin.com/project/ublock 2017-09-11 17:10:43 -04:00
gorhill
dfe18111b9
fix #1539 2017-09-11 09:53:42 -04:00
gorhill
c641cadea9
rename "Social" filter list category to "Annoyances" 2017-09-10 13:02:04 -04:00
gorhill
2660bee0d2
fix #2919 2017-09-05 19:49:48 -04:00
gorhill
a0c595d02d
fix #2950 2017-09-02 06:11:33 -04:00
gorhill
8b4b1fa9db
properly fix #2938 2017-08-31 14:17:55 -04:00
gorhill
73387e54ad
fix #2938 2017-08-30 19:03:02 -04:00
gorhill
126110c9a0
remove ability to pull latest version of resources.txt from remote repo.
This is required as per Firefox extension reviewers. Mail exchange:

========

Reviewer:
> Do I read the code correctly that you are executing remote JS by
> downloading/updating from
> https://raw.githubusercontent.com/uBlockOrigin/uAssets/master/filters/resources.txt
> and injecting scripts in contentscripts.js?

Me:
> Yes, resources.txt contains scriptlets or other resources used to:
>
> - Minimize potential page breakage (e.g. google-analytics.com/ga.js);
> - Defuse anti-blockers (e.g. bab-defuser.js);
> - Defuse anti-blockers or minimize page breakage through redirection
> (e.g. 2x2-transparent.png)
>
> This is not a new feature -- this is also part of the legacy version,
> and I consider this is a major feature of uBO. Given how fast things can
> change out there, this allows me to quickly push fixes when a new issue
> is reported for a site without having to go through a full update of the
> extension.

Reviewer:
> I am aware that this is not a new feature. I am unclear why it has been
> allowed in the past, since it violates our policy about remote code
> execution. I assume it was missed due to the fairly complex codebase.
>
> I can approve this version so you are not blocked on the migration, but
> eventually, you cannot use functionality that executes remote code.
> Since we're moving to a more automated review process, you will be able
> to ship new versions without being blocked on a human review.

Me:
> Do I understand correctly that extensions such as TamperMonkey or
> ViolentMonkey won't be allowed on AMO?
>
> Those extensions are even more permissive than uBO given a user can
> import scripts from any source, while with uBO only scriptlets which are
> part of the project are allowed.

Reviewer:
> The key difference between add-ons like Tampermonkey and uBO is that in
> Tampermonkey, users are making an active and conscious decision to
> download and execute that specific code. In uBO, the user did not
> initiate that download/execution, nor are they even aware of it
> happening.

Me:
> So users of TamperMonkey -- tech-savvy or not -- can download & inject
> countless 3rd-party user scripts from countless authors, have them
> update on their own automatically at regular interval with no user
> intervention.
>
> On the other hand, it's not acceptable for me, the author of the
> extension, who users implicitly trusted when installing the extension,
> who is completely controlling and vouching for the content of
> "resources.txt", to have this one 1st-party resource file[1] to be
> updated at regular interval with no user intervention.
>
> So anyways, what is expected from me at this point? Do I need to remove
> scriptlet injection and resource redirection features? Do I need to
> remove only the updating part of resources.txt?
>
> [1] key to core features of uBO (counter anti-blockers + page breakage
> mitigations) and possibly an important factor in installing the
> extension.

========

Now about this commit: the purpose of the code change here is to
prevent "resources.txt" -- which is part of the package -- from being
updated -- this applies only to the Firefox webext[-hybrid] version
of uBO.
2017-08-30 09:15:06 -04:00
gorhill
beb7933016
fix #2925 2017-08-29 18:32:00 -04:00
gorhill
b2e89c9ece
generate better regex for hostname-anchored generic filters 2017-08-24 18:30:05 -04:00
gorhill
c31d29c2e3
fix bad test: regression from fdcc9515 2017-08-24 17:54:27 -04:00
gorhill
9a64bf2282
translation work from https://crowdin.com/project/ublock 2017-08-22 19:00:53 -04:00
gorhill
63be43a365
shield content script against exceptions in injected scriptlets 2017-08-21 12:04:35 -04:00
gorhill
a1350b8cff
fix #2882 2017-08-17 09:54:01 -04:00
gorhill
b9f793e06f
translation work from https://crowdin.com/project/ublock 2017-08-17 08:34:00 -04:00
gorhill
fdcc9515dc
fix #2029 2017-08-17 08:25:02 -04:00
gorhill
d1c752da29
fix bad English in comment 2017-08-16 18:06:04 -04:00
gorhill
797082a36c
fix #2552 2017-08-16 14:10:41 -04:00
gorhill
5f72565f7a
fix #2873 2017-08-15 09:09:16 -04:00
gorhill
0e078e536d
eliminate validation warning on AMO: avoid innerHTML 2017-08-11 14:26:15 -04:00
gorhill
502dd89d53
fix AMO validation warning re. invalid CSS 2017-08-10 18:55:36 -04:00
gorhill
04718be3fd
translation work from https://crowdin.com/project/ublock 2017-08-09 10:52:27 -04:00
gorhill
7291227a64
fix #2836 2017-08-08 11:08:18 -04:00
Alex Silva
06237767fa Update about.html (#2841) 2017-08-03 17:07:30 -04:00
gorhill
eb3519b075
fix #2839 2017-08-03 10:18:05 -04:00
gorhill
43512277c6
fix #2835 2017-07-31 17:03:09 -04:00
gorhill
645c862886
always set browserAction title 2017-07-25 09:16:48 -04:00
gorhill
906cb34716
make uBO/webext functional on Firefox for Android Nightly 2017-07-24 19:25:49 -04:00
gorhill
d866e4d472
add proper handling of potentially unsupported webext APIs 2017-07-24 11:35:22 -04:00
gorhill
0d892a8856
fix #2810 2017-07-23 09:56:43 -04:00
gorhill
48ee02980b
remove stray code change from f5ef83719c 2017-07-22 17:13:21 -04:00
gorhill
b429e1c7ba
fix #2813 2017-07-22 16:58:08 -04:00
gorhill
f5ef83719c
address #2806 2017-07-21 07:48:50 -04:00
gorhill
f1036395f7
add workaround for https://bugzilla.mozilla.org/show_bug.cgi?id=1360285 2017-07-19 09:36:17 -04:00
gorhill
ebf89751b9
translation work from https://crowdin.com/project/ublock 2017-07-18 09:47:38 -04:00
gorhill
49d287994f
remove obsolete default whitelist directive 2017-07-14 07:49:58 -04:00
gorhill
4c39461ab6
translation work from https://crowdin.com/project/ublock 2017-07-13 15:16:20 -04:00
gorhill
36317e67a2
#2781: code review, small fine tuning 2017-07-13 14:34:43 -04:00
gorhill
3aed25ff2c
#2781: code review, try a bit harder to find a good token 2017-07-11 15:04:25 -04:00
gorhill
f0ea2b6f9a
#2781: code review 2017-07-11 13:57:31 -04:00
gorhill
2862368a99
fix #2781 2017-07-11 12:21:08 -04:00
gorhill
93f575c4c0
fix https://github.com/gorhill/uBlock/issues/2776#issuecomment-313922863 2017-07-09 10:39:23 -04:00
gorhill
7fb034f640
minor code review: logData can still be set when not logging 2017-07-09 08:45:55 -04:00
gorhill
9701a519a2
really fix #2776 2017-07-09 06:58:34 -04:00
gorhill
974194ab8d
fix #2776 2017-07-08 20:03:37 -04:00
gorhill
efffa5e183
trashcan instead of X to remove an imported list 2017-07-07 11:31:37 -04:00
gorhill
9ac4dc9f81
fix #2768 2017-07-07 11:23:24 -04:00
gorhill
6273b5d7bf
translation work from https://crowdin.com/project/ublock 2017-07-05 11:01:02 -04:00