| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
| |
Initial work by dhill, fixes by jrick.
|
| |
|
|
| |
Spotted by dhill.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
| |
If enabled (the default), javascripts will be allowed to automatically
open windows (popups) based on the current browser_mode setting. This
is the current behavior.
If disabled (set to 0), the automatic opening of windows will never be
allowed, even if the site is whitelisted.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
This modifies the whitelist and https forcing code to internally use
unix extended regular expressions to match domains. The old config
syntax converted to an appropiate regular expression. Inputing of raw
regular expressions is possible by prepending the string "re:" in
front of a regular expression, for example:
js_wl = re:^(.*\.)*cyphertite\.com$
would be the same as
js_wl = .cyphertite.com
|
| |
|
|
|
|
|
|
|
| |
This change makes the can_go_* and go_* back/forward functions use the
same logic when determining whether we are on an about page, and makes
it so about:secviolation warning pages do not save the page that
generated the warning to t->item. This prevents hitting back and
going back to the exact same page that generated the warning
(triggering the warning a second time).
|
| | |
|
| |
|
|
|
|
|
|
|
| |
This fixes the behavior of the whitelist code so that whitelist
toggling toggles the FQDN (not the domain and all subdomains), unless
domain is explicitly used. This was the intended behavior but the old
code would automatically assume all subdomains anyways. This also
makes the new force_https stuff work correctly with FQDNs (no
subdomains) for the preloaded HSTS list.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
whitelist settings) to make all requests to that domain use the HTTPS
scheme, similar to HSTS.
Install a new file, hsts-preload, into the resource dir. This is a
regular config file with a bunch of force_https = ... lines, which is
used to implement a preloaded HSTS list. Right now all the domains in
this file, except for conformal.com and cyphertite.com, are taken
directly from chromium's preloaded HSTS list (and should be synced
with this file every so often). Also implement a new setting,
preload_strict_transport (enabled by default), to enable or disable
the loading of this preloaded HSTS list. Document force_https and
preload_strict_transport in the manpage.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
The list used is from publicsuffix.org. It gets installed
to the resource-directory as 'tld-rules'
|
| |
|
|
| |
Found by gcc!
|
| |
|
|
|
|
|
|
|
| |
First :js/pl/cookie domain save wasn't saving the actual domain. I
tried being clever to save a switch statement. FAIL.
Second I tried to save an else statement. Again FAIL.
Next time I am doing clever things please yell at me.
|
| | |
|
| |
|
|
| |
Add whitelist and settings files.
|
| |
|
|
|
| |
This reverts commit e562a275ba9277803a4a6fe89e71545268986a7b, reversing
changes made to b07b1b86ecd74b3042de4f7eb021ee0e39acb7d1.
|
| |
|