| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
| |
Based on initial patch from Tim Meunier <trondd@gmail.com>).
Add temporary files to .gitignore.
|
| | |
|
| |
|
|
| |
requested by many
|
| | |
|
| |
|
|
| |
Found by Cody Write (writecode on flyspray)
|
| |
|
|
| |
From cody on irc
|
| |
|
|
| |
From cody on irc
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This change introduces a new RB tree to keep track of identities
(defined as being different combinations of modified HTTP headers, so
far only User-Agent and Accept). Whenever a site is visited, this
tree is checked to see if it has been accessed before, and if it has,
the previously used Accept and User-Agent headers will be used. If
the site has not been visited before during the browser's lifetime, a
new entry will be created in this tree to keep track of which headers
to use the next time. A site is defined as a FQDN, so requests made
to cross site resources or resources on a different subdomain will
generate a new saved identity.
The second change adds two new config files to the resource dir to
read in additional user_agent and http_accept values scraped from the
logs of www.bitrig.org. The idea of this is to keep rotating through
each of these on every new site visit to provide more anonymity and
thwart web tracking by looking at the headers being sent.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
This modifies the whitelist and https forcing code to internally use
unix extended regular expressions to match domains. The old config
syntax converted to an appropiate regular expression. Inputing of raw
regular expressions is possible by prepending the string "re:" in
front of a regular expression, for example:
js_wl = re:^(.*\.)*cyphertite\.com$
would be the same as
js_wl = .cyphertite.com
|
| |
|
|
|
|
|
| |
This changes the order custom and invalid URI checking so that items
set with custom_uri are still able to be handled properly, even if the
URI scheme is invalid (not whitelisted) and we don't want xombrero
opening it.
|
| |
|
|
| |
Reported by Thomas in the irc channel
|
| |
|
|
|
|
|
|
|
| |
This change makes the can_go_* and go_* back/forward functions use the
same logic when determining whether we are on an about page, and makes
it so about:secviolation warning pages do not save the page that
generated the warning to t->item. This prevents hitting back and
going back to the exact same page that generated the warning
(triggering the warning a second time).
|
| |
|
|
|
|
|
|
| |
This should incorporate all the fixes in my previous back/forward list
change, but still uses marco's horrible hack for determining if and
how back/forward works. Code is still ugly but deal with it.
Any remaining issues will be worked out in-tree.
|
| |
|
|
|
|
| |
This changed worked wonders for me but others still saw some problems.
I could not reproduce any of them. This will bring back some problems
with refresh not working again, but I'll work around that next.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
| |
This should prevent bait and switch attacks when using data: or
javascript: uris (see http://lcamtuf.coredump.cx/switch/ for an
example of the attack).
|
| |
|
|
|
|
| |
This stops the webview's deprecated load-finished and
load-progress-changed signals from being attached to. May help with
stability.
|
| |
|
|
| |
Much simpler, and less buggy.
|
| |
|
|
|
|
| |
Now that wl_add works correctly (doesn't automatically insert leading
periods), remove the old struct sv_ignore and use struct domain and
wl_add/wl_find instead.
|
| |
|
|
|
|
|
|
| |
This makes using :fav with link hinting less likely to accidentally
remove an entry by typing the wrong number. The old favorites page
with the rm links is still available by using the favedit command.
Patch slightly modified from a patch provide by user wallex on FS.
|
| |
|
|
|
|
|
| |
This should fix any crashes when determining if t->active is an active
input element or not. The pointer is from a function which returns
transfer none, so if we want to keep it alive (we do), we need
manually add reference to it, and unrefernce it so it is freed.
|
| |
|
|
|
| |
This reorders some gtk calls and adds another to unset the text in the
GtkEntry before showing it.
|
| |
|
|
|
| |
This prevents sites from even being able to correctly guess an xtp
session key.
|
| |
|
|
| |
While here, kill a bunch of trailing whitespace.
|
| |
|
|
|
|
| |
This adds the full url to the about:secviolation warning page, as well
as implementing a new link to show the local cached cert instead of
only the new remote one.
|
| |
|
|
|
|
| |
We thought these were the cause of the focus bugs, but it was
something else instead. Now that we have that fixed, these can go
back in.
|
| |
|
|
|
| |
We probably shouldn't be relying on internal gtk functions (especially
since we can't link to them on linux), so try this instead.
|
| |
|
|
|
|
|
| |
Accidentally pushed a bunch of stuff to master that wasn't ready yet
when making the FreeBSD Makefile changes. Sorry marco for the merges
in the logs. This should revert everything back to how it was at
d397399c349d36f611a5aac6fa53528d2fe2eaea.
|
| |
|
|
| |
window.
|
| |
|
|
|
| |
keeps the toplevel window count from incrementing each time the arrow
is clicked.
|
| |
|
|
|
|
|
|
|
| |
We need to hide t->cmd, t->oops, and t->buffers when creating a new
tab, because when the tab is switched to, they are automatically
hidden in the notebook callback. Removing this also prevents focusing
the url GtkEntry when using middle click to create a new tab, since
t->focus_wv would not have been set to 1 yet in the create_new_tab()
function.
|
| |
|
|
|
|
| |
Whenever t->cmd is hidden we need to make a decision about what to
focus (in most cases, the webview). Before this may not have always
happened if t->cmd was hidden and no focus was explicitly set.
|
| |
|
|
|
|
|
|
| |
This change modifies the paste_uri function to change all newlines in
the uri with spaces. This stops the new tab from expanding to twice
it's correct height when using the P command, if pasting a link that
contains any newlines (usually these would come from copying the
newline out of a terminal).
|
| | |
|
| |
|
|
|
|
|
| |
It was likely something from one of these changes that introduced all
of our focus bugs. We can reintroduce these commits again, much
slower than as I first developed them, and see if the focus issues
still appear.
|
| |
|
|
|
|
| |
change runtime settings. Settings that have been modified show in a
highlighted color in the table. Tooltips describe the setting's
function, as well as the default values.
|
| |
|
|
|
|
| |
widgets that should not be receiving focus, and try focusing the HTML
body to try to prevent some of the focus bugs that have been popping
up. No idea if this will solve our problems but they can't hurt.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
whitelist settings) to make all requests to that domain use the HTTPS
scheme, similar to HSTS.
Install a new file, hsts-preload, into the resource dir. This is a
regular config file with a bunch of force_https = ... lines, which is
used to implement a preloaded HSTS list. Right now all the domains in
this file, except for conformal.com and cyphertite.com, are taken
directly from chromium's preloaded HSTS list (and should be synced
with this file every so often). Also implement a new setting,
preload_strict_transport (enabled by default), to enable or disable
the loading of this preloaded HSTS list. Document force_https and
preload_strict_transport in the manpage.
|
| | |
|
| | |
|
| | |
|