| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
| |
https://github.com/conformal/xombrero/issues/61
|
| |
|
|
|
|
|
|
| |
All floats are now doubles, and are represented as such with the
XT_S_DOUBLE macro. struct settings fval field is now renamed to dval.
Doubles are read in as %lf (double precision) instead of %f (single
precision). Finally, a floating point comparison using != was
removed.
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
Disabling at runtime looks to work, but enabling it again seems to
only take effect on open tabs once the page is reloaded. webkit bug?
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
| |
If enabled (the default), javascripts will be allowed to automatically
open windows (popups) based on the current browser_mode setting. This
is the current behavior.
If disabled (set to 0), the automatic opening of windows will never be
allowed, even if the site is whitelisted.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
When set to 1, web caching will be enabled. Default is 0.
|
| |
|
|
| |
gtk 3.0.
|
| | |
|
| | |
|
| |
|
|
| |
requested by many
|
| | |
|
| |
|
|
|
|
|
| |
This prevents displaying any extra whitespace between the comma and
the url in the alias definition from being displayed in the statusbar.
Found by Cody Write (writecode on Flyspray)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This change introduces a new RB tree to keep track of identities
(defined as being different combinations of modified HTTP headers, so
far only User-Agent and Accept). Whenever a site is visited, this
tree is checked to see if it has been accessed before, and if it has,
the previously used Accept and User-Agent headers will be used. If
the site has not been visited before during the browser's lifetime, a
new entry will be created in this tree to keep track of which headers
to use the next time. A site is defined as a FQDN, so requests made
to cross site resources or resources on a different subdomain will
generate a new saved identity.
The second change adds two new config files to the resource dir to
read in additional user_agent and http_accept values scraped from the
logs of www.bitrig.org. The idea of this is to keep rotating through
each of these on every new site visit to provide more anonymity and
thwart web tracking by looking at the headers being sent.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
This modifies the whitelist and https forcing code to internally use
unix extended regular expressions to match domains. The old config
syntax converted to an appropiate regular expression. Inputing of raw
regular expressions is possible by prepending the string "re:" in
front of a regular expression, for example:
js_wl = re:^(.*\.)*cyphertite\.com$
would be the same as
js_wl = .cyphertite.com
|
| |
|
|
|
|
|
|
|
| |
This change makes the can_go_* and go_* back/forward functions use the
same logic when determining whether we are on an about page, and makes
it so about:secviolation warning pages do not save the page that
generated the warning to t->item. This prevents hitting back and
going back to the exact same page that generated the warning
(triggering the warning a second time).
|
| |
|
|
| |
Thanks to user njw on FS for the patch.
|
| |
|
|
|
| |
Patch provided by Vadim Zhukov <persgray@gmail.com>, manpage bits by
me.
|
| |
|
|
|
|
| |
This may be used to modify the GnuTLS priority string used for the
soup session to enable or disable specific ciphers or TLS/SSL
versions. Default is empty (uses libsoup's defaults).
|
| |
|
|
| |
While here, kill a bunch of trailing whitespace.
|
| |
|
|
|
|
|
|
|
| |
This fixes the behavior of the whitelist code so that whitelist
toggling toggles the FQDN (not the domain and all subdomains), unless
domain is explicitly used. This was the intended behavior but the old
code would automatically assume all subdomains anyways. This also
makes the new force_https stuff work correctly with FQDNs (no
subdomains) for the preloaded HSTS list.
|
| |
|
|
|
|
| |
parameters to the g_strdup_printf() call. This makes the tooltips
appear correctly on about:runtime when compiled with gcc (clang never
exposed this issue).
|
| |
|
|
|
|
| |
change runtime settings. Settings that have been modified show in a
highlighted color in the table. Tooltips describe the setting's
function, as well as the default values.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
whitelist settings) to make all requests to that domain use the HTTPS
scheme, similar to HSTS.
Install a new file, hsts-preload, into the resource dir. This is a
regular config file with a bunch of force_https = ... lines, which is
used to implement a preloaded HSTS list. Right now all the domains in
this file, except for conformal.com and cyphertite.com, are taken
directly from chromium's preloaded HSTS list (and should be synced
with this file every so often). Also implement a new setting,
preload_strict_transport (enabled by default), to enable or disable
the loading of this preloaded HSTS list. Document force_https and
preload_strict_transport in the manpage.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
widgets (with the exception of the uri, we need this for the
progressbar). Because labels only take up as much room as they need,
the statusbar elements now dynamically fit together in a GtkBox
instead of giving GtkEntry a fixed size. Because the background color
of labels can not be colored directly, place a GtkEventBox underneath
the packing GtkBox (which is also transparent) and color that when
changing the colors for HTTPS sites.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
be immediatelly shown due to fancy_bar = 0 or an empty search_string.
We need these to be created in case they are shown again by changing
these gui settings at runtime later. This also prevents a lot of
Gtk-CRITICAL warnings due to trying to set various widgets active or
inactive based on the current page status (for example, stop and the
js toggle button).
While here, kill some useless boxes around both the uri and search
entries in the toolbar.
|
| |
|
|
| |
warning to about:startpage. While in here, clean up some #ifdefs.
|
| |
|
|
|
| |
(keep current behavior) for gui_mode = normal, and disable for
gui_mode = minimal. Requires GTK3.
|
| |
|
|
|
|
| |
and p work with CLIPBOARD in addition to PRIMARY. Yanking copies to
both, and pasting tries PRIMARY first, and if empty, reads from
CLIPBOARD. This should make y/p/P work on windows.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
allow_insecure_scripts, which, if WebKitWebSettings has the
enable-display-of-insecure-content and/or
enable-running-of-insecure-content properties, sets those to enable or
disable viewing or running of insecure content from secure websites.
Make these default to 0 in whitelist mode, and 1 otherwise.
* * *
Document in manpage.
|
| | |
|
| |
|
|
|
|
| |
g_filename_to_uri() and g_filename_from_uri() functions. These
functions automatically encode/decode the urls or paths, which wasn't
being done before.
|
| |
|
|
|
| |
globally for all connections), and implement http_accept which acts
the same way but sets the HTTP Accept header.
|
| | |
|
| |
|
|
| |
currently enabled or disabled in the statusbar.
|