summaryrefslogtreecommitdiff
path: root/src/xss
Commit message (Collapse)AuthorAgeFilesLines
* [XSS] Prevent DOS detection from being triggered for already aborted ↵hackademix2020-03-011-12/+36
| | | | requests (thanks therube).
* [XSS] More accurate base64 checks on hash.hackademix2020-02-291-7/+7
|
* Refactored XSS filter into an asynchronous worker to better handle DOS attempts.hackademix2020-02-294-59/+152
|
* [XSS] Abort on InjectionChecker timeouts.hackademix2020-02-101-1/+1
|
* [XSS] Updated recognized HTML events.hackademix2020-01-301-1/+1
|
* [XSS] Updated HTML 5 events inventory.hackademix2019-11-151-1/+1
|
* Fixed false positive (property assignment).hackademix2019-10-251-1/+2
|
* [XSS] Updated HTML5 events.hackademix2019-09-261-1/+1
|
* Removed XSS prompt for timeouts.hackademix2019-09-241-1/+1
|
* [XSS] Fix false positives due to overzealous HTML attribute checking.hackademix2019-08-021-2/+2
|
* [XSS] Enable InjectionChecker logging when debugging mode is on.hackademix2019-08-022-4/+4
|
* [XSS] Fixed false positives with parameters named "src".hackademix2019-06-241-1/+1
|
* Further JSON reduction optimizations.hackademix2019-05-281-4/+3
|
* Make XSS timeouts fatal and reported.hackademix2019-05-281-1/+2
|
* Fixed JSON parsing preamble regression.hackademix2019-05-281-1/+2
|
* XSS Filter made further asynchronous, prevents freezes on complex JSON payloads.hackademix2019-05-272-123/+147
|
* Updated InjectionChecker's HTML5 events.hackademix2019-05-221-1/+1
|
* Removed work-around for ↵hackademix2019-05-221-15/+2
| | | | https://bugzilla.mozilla.org/show_bug.cgi?id=1532530 (see https://trac.torproject.org/projects/tor/ticket/29969#comment:9).
* Work-around for potential issues with legacy prefs.hackademix2019-03-281-3/+5
|
* Merge branch 'chromium' into merge/chromiumhackademix2019-03-272-5/+6
|\
| * Remove usage of non-standard Array methods.hackademix2019-02-011-5/+4
| |
| * Fallback XSS filtering to XSS Auditor since asynchronous webRequest handlers ↵hackademix2019-02-011-0/+2
| | | | | | | | are not supported by Chromium.
* | Better detection of privileged URLs in the XSS filter.hackademix2019-03-241-0/+3
| |
* | Improved unscanned POST blocking.hackademix2019-03-201-2/+2
| |
* | Fixed searches from the url bar causing XSS warnings in the Tor Browser.hackademix2019-03-191-1/+3
| |
* | Selective handling of Tor Browser options and work-around for ↵hackademix2019-03-141-3/+15
| | | | | | | | https://bugzilla.mozilla.org/show_bug.cgi?id=1532530
* | Updated event names handled by InjectionChecker.hackademix2019-03-141-1/+1
|/
* [XSS] Updated known HTML events lists.hackademix2018-12-261-1/+1
|
* [XSS] Updated HTML5 events matching.hackademix2018-09-261-1/+1
|
* [XSS] Updated known HTML5 events.hackademix2018-09-141-1/+1
|
* Further CSP refactoring and removal of obsolete fallbacks.hackademix2018-08-271-1/+1
|
* Fixed typo in XSS name sanitization script injection (thanks skriptimaahinen).hackademix2018-08-231-1/+1
|
* [XSS] Updated HTML events matching generation to use both latest Mozilla ↵hackademix2018-08-181-2/+2
| | | | source code and archived data since Firefox ESR 52.
* Removed all references to RequestUtil.js and dependancies.hackademix2018-08-183-7/+13
|
* [XSS] Updated HTML event attributes matching.hackademix2018-07-261-1/+1
|
* [XSS] Updated HTML events matching.hackademix2018-07-241-1/+1
|
* [XSS] Fixed anti-HPP coalescing wrongly applied to POST requests causing ↵hackademix2018-07-121-2/+2
| | | | JSON reduction optimization to choke on big payloads.
* XSS filter autoupdated to latest HTML events supported by the browserhackademix2018-07-031-1/+1
|
* Initial commit starting at version 10.1.8.3rc4.hackademix2018-07-016-0/+2472