From 227203269e9f53f6fc688838c88606be15fbdbbe Mon Sep 17 00:00:00 2001 From: Janek <27jf@pm.me> Date: Tue, 26 Jul 2022 08:28:31 +0200 Subject: [PATCH 1/3] Fix typos in .tridactylrc --- .tridactylrc | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/.tridactylrc b/.tridactylrc index b9924926..e0f88df2 100644 --- a/.tridactylrc +++ b/.tridactylrc @@ -28,7 +28,7 @@ " " May require the latest beta builds. " " " Uncomment the lines you want to keep then move this file to -" " $XDG_CONFIG_DIR/tridactyl/tridactylrc (that's +" " $XDG_CONFIG_HOME/tridactyl/tridactylrc (that's " " ~/.config/tridactyl/tridactylrc to mere mortals) or ~/.tridactylrc and " " install the native messenger (:installnative in Tridactyl). Run :source to " " get it in the browser, or just restart. @@ -122,10 +122,10 @@ " " details, read the comment at the top of this file. " fixamo_quiet " -" " Equivalent to `set csp clobber` before it was removed. This weakens your -" " defences against cross-site-scripting attacks and other types of -" " code-injection by reducing the strictness of Content Security Policy on -" " every site in a couple of ways. +" " Equivalent to `set csp clobber` before it was removed. +" " This weakens your defences against cross-site-scripting attacks +" " and other types of code-injection by reducing the strictness +" " of Content Security Policy onevery site in a couple of ways. " " " " You may not wish to run this. Mozilla strongly feels that you shouldn't. " " @@ -133,12 +133,12 @@ " " " " We remove the sandbox directive " " https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/sandbox -" " which allows our iframe to run (and anyone else's) on any website. +" " which allows our iframe (and anyone else's) to run on any website. " " " " We weaken the style-src directive " " https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/style-src -" " to allow us to theme our elements. This exposes you to 'cross site styling' -" " attacks. +" " to allow us to theme our elements. +" " This exposes you to 'cross site styling' attacks. " " " " Read https://wiki.mozilla.org/Security/CSP#Goals for more information. " jsb browser.webRequest.onHeadersReceived.addListener(tri.request.clobberCSP,{urls:[""],types:["main_frame"]},["blocking","responseHeaders"]) From 69e57485b91308ba3b807c0900f4a39cd3096fb1 Mon Sep 17 00:00:00 2001 From: Janek <27jf@pm.me> Date: Tue, 26 Jul 2022 23:25:34 +0200 Subject: [PATCH 2/3] Update .tridactylrc --- .tridactylrc | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.tridactylrc b/.tridactylrc index e0f88df2..d4a6c5f2 100644 --- a/.tridactylrc +++ b/.tridactylrc @@ -118,14 +118,14 @@ " command fixamo_quiet jsb tri.excmds.setpref("privacy.resistFingerprinting.block_mozAddonManager", "true").then(tri.excmds.setpref("extensions.webextensions.restrictedDomains", '""')) " command fixamo js tri.excmds.setpref("privacy.resistFingerprinting.block_mozAddonManager", "true").then(tri.excmds.setpref("extensions.webextensions.restrictedDomains", '""').then(tri.excmds.fillcmdline_tmp(3000, "Permissions added to user.js. Please restart Firefox to make them take affect."))) " -" " Make Tridactyl work on more sites at the expense of some security. For -" " details, read the comment at the top of this file. +" " Make Tridactyl work on more sites at the expense of some security. +" " For details, read the comment at the top of this file. " fixamo_quiet " " " Equivalent to `set csp clobber` before it was removed. " " This weakens your defences against cross-site-scripting attacks " " and other types of code-injection by reducing the strictness -" " of Content Security Policy onevery site in a couple of ways. +" " of Content Security Policy on all sites in a couple of ways. " " " " You may not wish to run this. Mozilla strongly feels that you shouldn't. " " From e4cafb71c1c459ff27755110a8c3765bb7c5d035 Mon Sep 17 00:00:00 2001 From: Janek <27jf@pm.me> Date: Wed, 27 Jul 2022 22:42:49 +0200 Subject: [PATCH 3/3] Clarify .tridactylrc --- .tridactylrc | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/.tridactylrc b/.tridactylrc index d4a6c5f2..c914941c 100644 --- a/.tridactylrc +++ b/.tridactylrc @@ -122,14 +122,14 @@ " " For details, read the comment at the top of this file. " fixamo_quiet " +" " The following modification allows Tridactyl to function on more pages, e.g. raw GitHub pages. +" " You may not wish to run this. Mozilla strongly feels that you shouldn't. +" " Read https://wiki.mozilla.org/Security/CSP#Goals for more information. +" " " " Equivalent to `set csp clobber` before it was removed. " " This weakens your defences against cross-site-scripting attacks " " and other types of code-injection by reducing the strictness " " of Content Security Policy on all sites in a couple of ways. -" " -" " You may not wish to run this. Mozilla strongly feels that you shouldn't. -" " -" " It allows Tridactyl to function on more pages, e.g. raw GitHub pages. " " " " We remove the sandbox directive " " https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/sandbox @@ -138,9 +138,7 @@ " " We weaken the style-src directive " " https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/style-src " " to allow us to theme our elements. -" " This exposes you to 'cross site styling' attacks. -" " -" " Read https://wiki.mozilla.org/Security/CSP#Goals for more information. +" " This exposes you to 'cross site styling' attacks " jsb browser.webRequest.onHeadersReceived.addListener(tri.request.clobberCSP,{urls:[""],types:["main_frame"]},["blocking","responseHeaders"]) " " " Make quickmarks for the sane Tridactyl issue view