diff options
author | hackademix | 2019-05-22 18:26:05 +0200 |
---|---|---|
committer | hackademix | 2019-05-22 18:45:34 +0200 |
commit | 0eb42450d4f63759c0cfc61d433ffd5f9453c339 (patch) | |
tree | e47323f3bc356943a10f88f244cb0e120e593988 | |
parent | c84673b110a3843d52ff3a531fc7593cef2b7ca3 (diff) | |
download | noscript-0eb42450d4f63759c0cfc61d433ffd5f9453c339.tar.gz noscript-0eb42450d4f63759c0cfc61d433ffd5f9453c339.tar.xz noscript-0eb42450d4f63759c0cfc61d433ffd5f9453c339.zip |
Removed work-around for https://bugzilla.mozilla.org/show_bug.cgi?id=1532530 (see https://trac.torproject.org/projects/tor/ticket/29969#comment:9).
-rw-r--r-- | src/_locales/br/messages.json | 14 | ||||
-rw-r--r-- | src/_locales/ca/messages.json | 12 | ||||
-rw-r--r-- | src/_locales/de/messages.json | 12 | ||||
-rw-r--r-- | src/_locales/el/messages.json | 12 | ||||
-rw-r--r-- | src/_locales/en/messages.json | 9 | ||||
-rw-r--r-- | src/_locales/es/messages.json | 12 | ||||
-rw-r--r-- | src/_locales/fr/messages.json | 12 | ||||
-rw-r--r-- | src/_locales/he/messages.json | 12 | ||||
-rw-r--r-- | src/_locales/it/messages.json | 14 | ||||
-rw-r--r-- | src/_locales/ms/messages.json | 14 | ||||
-rw-r--r-- | src/_locales/nb/messages.json | 14 | ||||
-rw-r--r-- | src/_locales/nl/messages.json | 12 | ||||
-rw-r--r-- | src/_locales/pt_BR/messages.json | 12 | ||||
-rw-r--r-- | src/_locales/ru/messages.json | 12 | ||||
-rw-r--r-- | src/_locales/sv_SE/messages.json | 14 | ||||
-rw-r--r-- | src/_locales/tr/messages.json | 14 | ||||
-rw-r--r-- | src/_locales/zh_CN/messages.json | 14 | ||||
-rw-r--r-- | src/bg/Defaults.js | 2 | ||||
-rw-r--r-- | src/bg/Settings.js | 2 | ||||
-rw-r--r-- | src/ui/options.html | 9 | ||||
-rw-r--r-- | src/ui/options.js | 2 | ||||
-rw-r--r-- | src/xss/XSS.js | 17 |
22 files changed, 9 insertions, 238 deletions
diff --git a/src/_locales/br/messages.json b/src/_locales/br/messages.json index 61bb192..47ad1bb 100644 --- a/src/_locales/br/messages.json +++ b/src/_locales/br/messages.json @@ -359,18 +359,6 @@ "message": "Treuzfurmiñ ar rekedoù POST dreuz-lec'hiennoù e-barzh rekedoù GET diroadenn", "description": "" }, - "OptScanXUpload": { - "message": "Skanañ an uskargadennoù evit diguzhañ tagadennoù etre lec'hienn a c'hall bezañ", - "description": "" - }, - "OptBlockUnscannedXPost": { - "message": "Goulenn kadarnaat ar goulennoù POST etre-lec'hienn n'o deus ket gallet bezañ skanet", - "description": "" - }, - "UnscannedXPost": { - "message": "Ar goulenn etre-lec'hienn-mañ n'hall ket bezañ skanet evit an XSS.\nGellout a ra bezañ un hanter-dra, met NoScript n'hall ket touiñ en un doare sur. Aotreit an dra-se m'ho peus fiziañs e-barzh an div lec'hienn, hepken.", - "description": "" - }, "OptOverrideTorBrowserPolicy": { "message": "Erlec'hiañ rak-arventennoù live surentez ar Merdeer Tor", "description": "" @@ -911,4 +899,4 @@ "message": "v $1", "description": "" } -}
\ No newline at end of file +} diff --git a/src/_locales/ca/messages.json b/src/_locales/ca/messages.json index 70e8869..b96aaf8 100644 --- a/src/_locales/ca/messages.json +++ b/src/_locales/ca/messages.json @@ -359,18 +359,6 @@ "message": "Converteix sol·licituds «POST» entre llocs en sol·licituds «GET» sense dades", "description": "" }, - "OptScanXUpload": { - "message": "Escaneja les pujades per a possibles atacs entre llocs", - "description": "" - }, - "OptBlockUnscannedXPost": { - "message": "Solicita confirmació de sol·licituds POST entre llocs que no s'han pogut analitzar.", - "description": "" - }, - "UnscannedXPost": { - "message": "No s'ha pogut escanejar aquesta sol·licitud entre llocs per a XSS.\nPot ser que sigui innocu, però el NoScript no pot dir-ho amb seguretat. Permeteu-ho només si confieu en els dos llocs.", - "description": "" - }, "OptOverrideTorBrowserPolicy": { "message": "Anul·la el nivell de seguretat del navegador Tor", "description": "" diff --git a/src/_locales/de/messages.json b/src/_locales/de/messages.json index 08ccaa1..365a6fe 100644 --- a/src/_locales/de/messages.json +++ b/src/_locales/de/messages.json @@ -359,18 +359,6 @@ "message": "Webseitenübergreifende POST-Anfragen in datenlose GET-Anfragen umwandeln", "description": "" }, - "OptScanXUpload": { - "message": "Uploads auf potenzielle webseitenübergreifende Angriffe überprüfen", - "description": "" - }, - "OptBlockUnscannedXPost": { - "message": "Rückfrage bei webseitenübergreifenden POST-Anfragen, die nicht überprüft werden konnten", - "description": "" - }, - "UnscannedXPost": { - "message": "Diese webseitenübergreifende Anfrage konnte nicht auf XSS überprüft werden.\nSie könnte harmlos sein, aber NoScript kann das nicht sicher feststellen. Nur zulassen, wenn Sie beiden Webseiten vertrauen.", - "description": "" - }, "OptOverrideTorBrowserPolicy": { "message": "Die Sicherheitsstufe des Tor Browsers übersteuern", "description": "" diff --git a/src/_locales/el/messages.json b/src/_locales/el/messages.json index 2d7e3e0..7698e84 100644 --- a/src/_locales/el/messages.json +++ b/src/_locales/el/messages.json @@ -359,18 +359,6 @@ "message": "Turn cross-site POST requests into data-less GET requests", "description": "" }, - "OptScanXUpload": { - "message": "Scan uploads for potential cross-site attacks", - "description": "" - }, - "OptBlockUnscannedXPost": { - "message": "Ask confirmation for cross-site POST requests which could not be scanned", - "description": "" - }, - "UnscannedXPost": { - "message": "This cross-site request could not be scanned for XSS.\nIt might be innocuous, but NoScript cannot tell for sure. Allow only if you trust both sites.", - "description": "" - }, "OptOverrideTorBrowserPolicy": { "message": "Override Tor Browser's Security Level preset", "description": "" diff --git a/src/_locales/en/messages.json b/src/_locales/en/messages.json index 381e118..cce0ed5 100644 --- a/src/_locales/en/messages.json +++ b/src/_locales/en/messages.json @@ -270,15 +270,6 @@ "OptFilterXPost": { "message": "Turn cross-site POST requests into data-less GET requests" }, - "OptScanXUpload": { - "message": "Scan uploads for potential cross-site attacks" - }, - "OptBlockUnscannedXPost": { - "message": "Ask confirmation for cross-site POST requests which could not be scanned" - }, - "UnscannedXPost": { - "message": "This cross-site request could not be scanned for XSS.\nIt might be innocuous, but NoScript cannot tell for sure. Allow only if you trust both sites." - }, "OptOverrideTorBrowserPolicy": { "message": "Override Tor Browser's Security Level preset" }, diff --git a/src/_locales/es/messages.json b/src/_locales/es/messages.json index 9f04aa3..34036d9 100644 --- a/src/_locales/es/messages.json +++ b/src/_locales/es/messages.json @@ -359,18 +359,6 @@ "message": "Convertir peticiones POST de sitios entrecruzados en peticiones GET sin datos", "description": "" }, - "OptScanXUpload": { - "message": "Escanear subidas por potenciales ataques de sitios cruzados", - "description": "" - }, - "OptBlockUnscannedXPost": { - "message": "Preguntar por confirmación de solicitudes POST de sitio cruzado que no pudieron ser escaneadas.", - "description": "" - }, - "UnscannedXPost": { - "message": "Esta solicitud de sitio cruzado no pudo ser escaneada por XSS.\nPodría ser inocua, pero NoScript no puede afirmarlo. Permítela solamente si confías en ambos sitios.", - "description": "" - }, "OptOverrideTorBrowserPolicy": { "message": "Sobreponer al Nivel de Seguridad predeterminado del Navegador Tor", "description": "" diff --git a/src/_locales/fr/messages.json b/src/_locales/fr/messages.json index 9b395b5..5f593ca 100644 --- a/src/_locales/fr/messages.json +++ b/src/_locales/fr/messages.json @@ -359,18 +359,6 @@ "message": "Transformer les requêtes POST intersites en requêtes GET sans données", "description": "" }, - "OptScanXUpload": { - "message": "Chercher des attaques potentielles par script intersites dans les téléversements", - "description": "" - }, - "OptBlockUnscannedXPost": { - "message": "Demander une confirmation pour les requêtes POST intersites qui n’ont pas pu être analysées", - "description": "" - }, - "UnscannedXPost": { - "message": "La recherche de scripts intersites n’a pas pu être effectuée pour cette requête intersites.\nElle pourrait être inoffensive, mais NoScript ne peut pas en être certain. Ne l’autorisez que si vous faites confiance aux deux sites.", - "description": "" - }, "OptOverrideTorBrowserPolicy": { "message": "Remplacer le préréglage du niveau de sécurité du Navigateur Tor", "description": "" diff --git a/src/_locales/he/messages.json b/src/_locales/he/messages.json index 36b062d..014c126 100644 --- a/src/_locales/he/messages.json +++ b/src/_locales/he/messages.json @@ -359,18 +359,6 @@ "message": "הפוך בקשות POST חוצות־אתרים אל בקשות GET מופחתות־נתונים", "description": "" }, - "OptScanXUpload": { - "message": "סרוק העלאות עבור מתקפות חוצות־אתרים פוטנציאליות", - "description": "" - }, - "OptBlockUnscannedXPost": { - "message": "בקש אימות עבור בקשות POST חוצות־אתרים שאינן יכולות להיסרק", - "description": "" - }, - "UnscannedXPost": { - "message": "בקשת חוצת־אתרים זו לא יכלה להיסרק עבור XSS.\nהיא עשויה להיות בלתי־מזיקה, אבל NoScript אינו יכול לדעת בוודאות. התר רק אם אתה בוטח בשני האתרים.", - "description": "" - }, "OptOverrideTorBrowserPolicy": { "message": "דרוס הגדרה של רמת אבטחה של דפדפן Tor", "description": "" diff --git a/src/_locales/it/messages.json b/src/_locales/it/messages.json index 6afe594..60857fa 100644 --- a/src/_locales/it/messages.json +++ b/src/_locales/it/messages.json @@ -359,18 +359,6 @@ "message": "Trasforma le richieste POST cross-site in richieste GET", "description": "" }, - "OptScanXUpload": { - "message": "Ispeziona gli upload cercando potenziali attacchi XSS", - "description": "" - }, - "OptBlockUnscannedXPost": { - "message": "Chiedi conferma per gli upload potenzialmente pericolosi che non si sono potuti ispezionare", - "description": "" - }, - "UnscannedXPost": { - "message": "NoScript non ha potuto ispezionare questo caricamento da un sito ad un'altro. \nPotrebbe essere innocuo, ma NoScript non può assicurarlo con certezza.\nPermettilo solo se ti fidi di entrambi i siti.", - "description": "" - }, "OptOverrideTorBrowserPolicy": { "message": "Fai prevalere le mie impostazioni sul \"Livello di Sicurezza\" del Tor Browser", "description": "" @@ -911,4 +899,4 @@ "message": "v $1", "description": "" } -}
\ No newline at end of file +} diff --git a/src/_locales/ms/messages.json b/src/_locales/ms/messages.json index 127c6c4..0250d8e 100644 --- a/src/_locales/ms/messages.json +++ b/src/_locales/ms/messages.json @@ -359,19 +359,7 @@ "message": "Ubah permohonan HANTARAN laman-silang menjadi pemohonan GET kurang-data", "description": "" }, - "OptScanXUpload": { - "message": "Imbas muat naik bagi serang laman-silang yang berpotensi", - "description": "" - }, - "OptBlockUnscannedXPost": { - "message": "Tanya pengesahan untuk permohonan HANTARAN laman-silang yang tidak diimbas", - "description": "" - }, - "UnscannedXPost": { - "message": "Pemohonan laman-silang ini tidak diimbas bagi XSS.\nIa mungkin tidak merbahaya, tetapi NoScript tidak pasti berkenaannya. Hanya beri kebenaran sekiranya anda benar-benar mempercayai kedua-dua laman.", - "description": "" - }, - "OptOverrideTorBrowserPolicy": { + "OptOverrideTorBrowserPolicy": { "message": "Batalkan praset Aras Keselamatan Pelayar Tor", "description": "" }, diff --git a/src/_locales/nb/messages.json b/src/_locales/nb/messages.json index b9b82dd..9e335a6 100644 --- a/src/_locales/nb/messages.json +++ b/src/_locales/nb/messages.json @@ -359,18 +359,6 @@ "message": "Gjør mellomsidige POST-forespørsler til mindre datakrevende GET-forepørsler", "description": "" }, - "OptScanXUpload": { - "message": "Scan uploads for potential cross-site attacks", - "description": "" - }, - "OptBlockUnscannedXPost": { - "message": "Ask confirmation for cross-site POST requests which could not be scanned", - "description": "" - }, - "UnscannedXPost": { - "message": "This cross-site request could not be scanned for XSS.\nIt might be innocuous, but NoScript cannot tell for sure. Allow only if you trust both sites.", - "description": "" - }, "OptOverrideTorBrowserPolicy": { "message": "Override Tor Browser's Security Level preset", "description": "" @@ -911,4 +899,4 @@ "message": "v $1", "description": "" } -}
\ No newline at end of file +} diff --git a/src/_locales/nl/messages.json b/src/_locales/nl/messages.json index 3390665..54f31a9 100644 --- a/src/_locales/nl/messages.json +++ b/src/_locales/nl/messages.json @@ -359,18 +359,6 @@ "message": "Cross-site-POST-aanvragen omzetten naar gegevensarme GET-aanvragen", "description": "" }, - "OptScanXUpload": { - "message": "Uploads scannen op potentiële cross-site-aanvallen", - "description": "" - }, - "OptBlockUnscannedXPost": { - "message": "Bevestiging vragen voor cross-site-POST-aanvragen die niet konden worden gescand", - "description": "" - }, - "UnscannedXPost": { - "message": "Deze cross-site-aanvraag kon niet op XSS worden gescand.\nDit kan onschuldig zijn, maar NoScript weet het niet zeker. Sta dit alleen toe als u beide websites vertrouwt.", - "description": "" - }, "OptOverrideTorBrowserPolicy": { "message": "Voorkeuze van beveiligingsniveau van Tor Browser negeren", "description": "" diff --git a/src/_locales/pt_BR/messages.json b/src/_locales/pt_BR/messages.json index 3495581..187e4a3 100644 --- a/src/_locales/pt_BR/messages.json +++ b/src/_locales/pt_BR/messages.json @@ -359,18 +359,6 @@ "message": "Transformar solicitações POST entre sites em solicitações GET sem dados", "description": "" }, - "OptScanXUpload": { - "message": "Scan uploads for potential cross-site attacks", - "description": "" - }, - "OptBlockUnscannedXPost": { - "message": "Ask confirmation for cross-site POST requests which could not be scanned", - "description": "" - }, - "UnscannedXPost": { - "message": "This cross-site request could not be scanned for XSS.\nIt might be innocuous, but NoScript cannot tell for sure. Allow only if you trust both sites.", - "description": "" - }, "OptOverrideTorBrowserPolicy": { "message": "Override Tor Browser's Security Level preset", "description": "" diff --git a/src/_locales/ru/messages.json b/src/_locales/ru/messages.json index 0983060..26c4373 100644 --- a/src/_locales/ru/messages.json +++ b/src/_locales/ru/messages.json @@ -359,18 +359,6 @@ "message": "Заменять межсайтовые POST-запросы на GET-запросы без данных", "description": "" }, - "OptScanXUpload": { - "message": "Сканирование загрузок на предмет возможных межсайтовых атак", - "description": "" - }, - "OptBlockUnscannedXPost": { - "message": "Спрашивать подтверждение для межсайтовых POST-запросов, которые не могут быть просканированы", - "description": "" - }, - "UnscannedXPost": { - "message": "Этот межсайтовый запрос не может быть просканирован на наличие XSS.\nОн может быть безвредным, но NoScript не может определить точно.\nРазрешайте, только если доверяете обоим сайтам.", - "description": "" - }, "OptOverrideTorBrowserPolicy": { "message": "Переопределить заданный уровень безопасности Tor Browser’а", "description": "" diff --git a/src/_locales/sv_SE/messages.json b/src/_locales/sv_SE/messages.json index 56dbd8b..19a68fa 100644 --- a/src/_locales/sv_SE/messages.json +++ b/src/_locales/sv_SE/messages.json @@ -359,18 +359,6 @@ "message": "Förvandla webbplatsöverskridande POST-förfrågningar till mindre-data GET-förfrågningar", "description": "" }, - "OptScanXUpload": { - "message": "Scan uploads for potential cross-site attacks", - "description": "" - }, - "OptBlockUnscannedXPost": { - "message": "Ask confirmation for cross-site POST requests which could not be scanned", - "description": "" - }, - "UnscannedXPost": { - "message": "This cross-site request could not be scanned for XSS.\nIt might be innocuous, but NoScript cannot tell for sure. Allow only if you trust both sites.", - "description": "" - }, "OptOverrideTorBrowserPolicy": { "message": "Override Tor Browser's Security Level preset", "description": "" @@ -911,4 +899,4 @@ "message": "v $1", "description": "" } -}
\ No newline at end of file +} diff --git a/src/_locales/tr/messages.json b/src/_locales/tr/messages.json index 9bbbfed..1000747 100644 --- a/src/_locales/tr/messages.json +++ b/src/_locales/tr/messages.json @@ -359,18 +359,6 @@ "message": "Siteler arası POST istekleri veriden arındırılmış GET isteklerine dönüştürülsün", "description": "" }, - "OptScanXUpload": { - "message": "Yüklenen dosyalar olası siteler arası saldırılara karşı taransın", - "description": "" - }, - "OptBlockUnscannedXPost": { - "message": "Taranamayan siteler arası POST istekleri için onay istensin", - "description": "" - }, - "UnscannedXPost": { - "message": "Bu siteler arası istek XSS saldırılarına karşı taranamadı.\nZararsız olabilir ancak NoScript kesin olarak bir şey söyleyemiyor. Ancak her iki siteye de güveniyorsanız onaylayın.", - "description": "" - }, "OptOverrideTorBrowserPolicy": { "message": "Tor Browser Güvenlik Duvarı ayarı değiştirilsin", "description": "" @@ -911,4 +899,4 @@ "message": "v $1", "description": "" } -}
\ No newline at end of file +} diff --git a/src/_locales/zh_CN/messages.json b/src/_locales/zh_CN/messages.json index 061b8fd..2c3127c 100644 --- a/src/_locales/zh_CN/messages.json +++ b/src/_locales/zh_CN/messages.json @@ -359,18 +359,6 @@ "message": "将跨网站的 POST 请求转换为无数据的 GET 请求", "description": "" }, - "OptScanXUpload": { - "message": "Scan uploads for potential cross-site attacks", - "description": "" - }, - "OptBlockUnscannedXPost": { - "message": "Ask confirmation for cross-site POST requests which could not be scanned", - "description": "" - }, - "UnscannedXPost": { - "message": "This cross-site request could not be scanned for XSS.\nIt might be innocuous, but NoScript cannot tell for sure. Allow only if you trust both sites.", - "description": "" - }, "OptOverrideTorBrowserPolicy": { "message": "Override Tor Browser's Security Level preset", "description": "" @@ -911,4 +899,4 @@ "message": "v $1", "description": "" } -}
\ No newline at end of file +} diff --git a/src/bg/Defaults.js b/src/bg/Defaults.js index f1b9a18..1d55f6b 100644 --- a/src/bg/Defaults.js +++ b/src/bg/Defaults.js @@ -13,8 +13,6 @@ var Defaults = { global: false,
xss: true,
cascadeRestrictions : false,
- xssScanRequestBody: true,
- xssBlockUnscannedPOST: false,
overrideTorBrowserPolicy: false, // note: Settings.update() on reset will flip this to true
clearclick: true,
}
diff --git a/src/bg/Settings.js b/src/bg/Settings.js index 4fa83d0..202fae5 100644 --- a/src/bg/Settings.js +++ b/src/bg/Settings.js @@ -113,8 +113,6 @@ var Settings = { }, sync: { cascadeRestrictions: true, - xssScanRequestBody: false, - xssBlockUnscannedPOST: true, } } for (let [storage, prefs] of Object.entries(torBrowserSettings)) { diff --git a/src/ui/options.html b/src/ui/options.html index dbf1e15..5053ef7 100644 --- a/src/ui/options.html +++ b/src/ui/options.html @@ -109,15 +109,6 @@ <span id="xssFaq">(<a href="https://noscript.net/faq#xss" title="https://noscript.net/faq#xss">__MSG_XssFaq__</a>)</span> </span> <button id="btn-delete-xss-choices" disabled>__MSG_XSS_clearUserChoices__</button> - <br /> - <span id="xssScanRequestBody-opt"> - <input type="checkbox" id="opt-xssScanRequestBody"> - <label for="opt-xssScanRequestBody" id="lbl-opt-xssScanRequestBody">__MSG_OptScanXUpload__</label> - </span> - <span id="xssBlockUnscannedPOST-opt"> - <input type="checkbox" id="opt-xssBlockUnscannedPOST"> - <label for="opt-xssBlockUnscannedPOST" id="lbl-opt-xssBlockUnscannedPOST">__MSG_OptBlockUnscannedXPost__</label> - </span> </div> <div id="clearclick-options" class="opt-group"> <input type="checkbox" id="opt-clearclick"><label for="opt-clearclick" id="lbl-clearclick">ClearClick</label> diff --git a/src/ui/options.js b/src/ui/options.js index 2a52a82..999b130 100644 --- a/src/ui/options.js +++ b/src/ui/options.js @@ -35,8 +35,6 @@ opt("cascadeRestrictions"); opt("xss"); - opt("xssScanRequestBody"); - opt("xssBlockUnscannedPOST"); opt("overrideTorBrowserPolicy"); diff --git a/src/xss/XSS.js b/src/xss/XSS.js index 9c2fca3..93230cd 100644 --- a/src/xss/XSS.js +++ b/src/xss/XSS.js @@ -116,12 +116,6 @@ var XSS = (() => { if (!UA.isMozilla) return; // async webRequest is supported on Mozilla only let {onBeforeRequest} = browser.webRequest; - let {xssScanRequestBody} = ns.sync; - if (xssScanRequestBody !== this.xssScanRequestBody) { - this.stop(); - this.xssScanRequestBody = xssScanRequestBody; - } - this.xssBlockUnscannedPOST = ns.sync.xssBlockUnscannedPOST; if (onBeforeRequest.hasListener(requestListener)) return; @@ -144,9 +138,7 @@ var XSS = (() => { onBeforeRequest.addListener(requestListener, { urls: ["*://*/*"], types: ["main_frame", "sub_frame", "object"] - }, - // work-around for https://bugzilla.mozilla.org/show_bug.cgi?id=1532530 - xssScanRequestBody ? ["blocking", "requestBody"] : ["blocking"]); + }, ["blocking", "requestBody"]); }, stop() { @@ -247,13 +239,8 @@ var XSS = (() => { ic.reset(); let postInjection = xssReq.isPost && - (XSS.xssScanRequestBody ? request.requestBody && request.requestBody.formData && - ic.checkPost(request.requestBody.formData, skipParams) - : XSS.xssBlockUnscannedPOST && - (request.originUrl || request.documentUrl) && // exclude non-document POSTs, such as url bar searches - ns.requestCan(request, "script") && ("\n" + _("UnscannedXPost")) - ); + ic.checkPost(request.requestBody.formData, skipParams); let protectName = ic.nameAssignment; let urlInjection = ic.checkUrl(destUrl, skipRx); |