| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This change introduces a new RB tree to keep track of identities
(defined as being different combinations of modified HTTP headers, so
far only User-Agent and Accept). Whenever a site is visited, this
tree is checked to see if it has been accessed before, and if it has,
the previously used Accept and User-Agent headers will be used. If
the site has not been visited before during the browser's lifetime, a
new entry will be created in this tree to keep track of which headers
to use the next time. A site is defined as a FQDN, so requests made
to cross site resources or resources on a different subdomain will
generate a new saved identity.
The second change adds two new config files to the resource dir to
read in additional user_agent and http_accept values scraped from the
logs of www.bitrig.org. The idea of this is to keep rotating through
each of these on every new site visit to provide more anonymity and
thwart web tracking by looking at the headers being sent.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This modifies the whitelist and https forcing code to internally use
unix extended regular expressions to match domains. The old config
syntax converted to an appropiate regular expression. Inputing of raw
regular expressions is possible by prepending the string "re:" in
front of a regular expression, for example:
js_wl = re:^(.*\.)*cyphertite\.com$
would be the same as
js_wl = .cyphertite.com
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
| |
This changes the order custom and invalid URI checking so that items
set with custom_uri are still able to be handled properly, even if the
URI scheme is invalid (not whitelisted) and we don't want xombrero
opening it.
|
|
|
|
| |
Reported by Thomas in the irc channel
|
| |
|
|
|
|
| |
Patch from user Zplay on the forum
|
|
|
|
|
|
|
|
|
| |
This change makes the can_go_* and go_* back/forward functions use the
same logic when determining whether we are on an about page, and makes
it so about:secviolation warning pages do not save the page that
generated the warning to t->item. This prevents hitting back and
going back to the exact same page that generated the warning
(triggering the warning a second time).
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
| |
This should incorporate all the fixes in my previous back/forward list
change, but still uses marco's horrible hack for determining if and
how back/forward works. Code is still ugly but deal with it.
Any remaining issues will be worked out in-tree.
|
|
|
|
|
|
| |
This changed worked wonders for me but others still saw some problems.
I could not reproduce any of them. This will bring back some problems
with refresh not working again, but I'll work around that next.
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
Thanks to user njw on FS for the patch.
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
| |
Patch provided by Vadim Zhukov <persgray@gmail.com>, manpage bits by
me.
|
|
|
|
|
|
| |
This should prevent bait and switch attacks when using data: or
javascript: uris (see http://lcamtuf.coredump.cx/switch/ for an
example of the attack).
|
|
|
|
|
|
| |
This stops the webview's deprecated load-finished and
load-progress-changed signals from being attached to. May help with
stability.
|
| |
|
|
|
|
| |
Much simpler, and less buggy.
|
|
|
|
|
|
| |
Now that wl_add works correctly (doesn't automatically insert leading
periods), remove the old struct sv_ignore and use struct domain and
wl_add/wl_find instead.
|
|
|
|
|
|
|
|
| |
This makes using :fav with link hinting less likely to accidentally
remove an entry by typing the wrong number. The old favorites page
with the rm links is still available by using the favedit command.
Patch slightly modified from a patch provide by user wallex on FS.
|
|
|
|
|
|
| |
This may be used to modify the GnuTLS priority string used for the
soup session to enable or disable specific ciphers or TLS/SSL
versions. Default is empty (uses libsoup's defaults).
|
|
|
|
|
|
|
| |
This should fix any crashes when determining if t->active is an active
input element or not. The pointer is from a function which returns
transfer none, so if we want to keep it alive (we do), we need
manually add reference to it, and unrefernce it so it is freed.
|
|
|
|
|
| |
This reorders some gtk calls and adds another to unset the text in the
GtkEntry before showing it.
|
|
|
|
|
| |
This prevents sites from even being able to correctly guess an xtp
session key.
|
|
|
|
| |
While here, kill a bunch of trailing whitespace.
|
|
|
|
|
|
| |
This adds the full url to the about:secviolation warning page, as well
as implementing a new link to show the local cached cert instead of
only the new remote one.
|
| |
|
| |
|