hiro/tridactyl
1
0
Fork 0
mirror of https://github.com/vale981/tridactyl synced 2025-03-05 17:41:40 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
2997 commits 128 branches 79 tags 35 MiB
Commit graph

2997 commits

This branch
This branch
All branches
Author SHA1 Message Date
Oliver Blanthorn
57f6a368c5
Merge pull request #1729 from tridactyl/dependabot/npm_and_yarn/types/node-12.6.2 
Bump @types/node from 12.6.1 to 12.6.2
 2019-07-11 10:44:52 +01:00
dependabot-preview[bot]
d4313ee6b8
Bump @types/node from 12.6.1 to 12.6.2 
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 12.6.1 to 12.6.2.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
 2019-07-10 05:42:45 +00:00
Oliver Blanthorn
14e272cde9
Merge pull request #1724 from tridactyl/dependabot/npm_and_yarn/types/node-12.6.1 
Bump @types/node from 12.0.12 to 12.6.1
 2019-07-09 18:07:21 +01:00
Oliver Blanthorn
05ee43b25a
Merge pull request #1722 from tridactyl/dependabot/npm_and_yarn/marked-0.7.0 
Bump marked from 0.6.3 to 0.7.0
 2019-07-09 18:07:10 +01:00
dependabot-preview[bot]
b9da660f22
Bump @types/node from 12.0.12 to 12.6.1 
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 12.0.12 to 12.6.1.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
 2019-07-09 05:48:56 +00:00
dependabot-preview[bot]
ad3ba32138
Bump marked from 0.6.3 to 0.7.0 
Bumps [marked](https://github.com/markedjs/marked) from 0.6.3 to 0.7.0.
- [Release notes](https://github.com/markedjs/marked/releases)
- [Commits](https://github.com/markedjs/marked/compare/v0.6.3...v0.7.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
 2019-07-08 05:40:33 +00:00
Oliver Blanthorn
59aabd99d8
Fix betas location for buildbot 2019-07-06 22:21:02 +01:00
Oliver Blanthorn
110f955d84
Merge pull request #1700 from joaomsa/fix-e2e-tests-on-windows 
Fix e2e tests on windows
 2019-07-06 21:34:15 +01:00
Oliver Blanthorn
65cc2cc394
Merge pull request #1698 from joaomsa/fix-editor-and-rcfile-encoding-errors 
Fix editor and rcfile encoding errors
 2019-07-06 21:32:37 +01:00
Oliver Blanthorn
6a88e0a2e9
Merge pull request #1718 from rob-3/master 
Implement `urlparenttrailingslash` option
 2019-07-06 21:29:49 +01:00
Oliver Blanthorn
01923ae983
Add security bug to changelog now it is no-longer embargoed 2019-07-06 21:25:57 +01:00
Oliver Blanthorn
0ffc083850
Merge pull request #1714 from tridactyl/dependabot/npm_and_yarn/marked-0.6.3 
Bump marked from 0.6.2 to 0.6.3
 2019-07-06 21:06:05 +01:00
Oliver Blanthorn
a9de7aa7b1
Merge pull request #1719 from tridactyl/dependabot/npm_and_yarn/web-ext-types-3.2.0 
Bump web-ext-types from 3.1.0 to 3.2.0
 2019-07-05 15:15:41 +01:00
dependabot-preview[bot]
57332a5395
Bump web-ext-types from 3.1.0 to 3.2.0 
Bumps [web-ext-types](https://github.com/kelseasy/web-ext-types) from 3.1.0 to 3.2.0.
- [Release notes](https://github.com/kelseasy/web-ext-types/releases)
- [Commits](https://github.com/kelseasy/web-ext-types/commits/v3.2.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
 2019-07-05 05:35:15 +00:00
Robert Boyd III
33991afd74
Add test for getUrlParent with slash stripping 2019-07-04 16:09:10 -04:00
Robert Boyd III
32f63ab116
Update test 2019-07-04 15:16:11 -04:00
Robert Boyd III
474b6f00c5
Implement #1565: Add option to strip trailing slash 2019-07-04 15:12:48 -04:00
Oliver Blanthorn
2d6929a320
Merge pull request #1717 from tridactyl/dependabot/npm_and_yarn/rss-parser-3.7.2 
Bump rss-parser from 3.7.1 to 3.7.2
 2019-07-04 09:46:31 +01:00
Oliver Blanthorn
a3562c6e26
Merge pull request #1716 from tridactyl/dependabot/npm_and_yarn/web-ext-3.1.0 
Bump web-ext from 3.0.0 to 3.1.0
 2019-07-04 09:46:04 +01:00
Oliver Blanthorn
991ba5ddbd
Merge pull request #1715 from tridactyl/dependabot/npm_and_yarn/types/node-12.0.12 
Bump @types/node from 12.0.10 to 12.0.12
 2019-07-04 09:44:53 +01:00
dependabot-preview[bot]
af5afd2746
Bump rss-parser from 3.7.1 to 3.7.2 
Bumps [rss-parser](https://github.com/bobby-brennan/rss-parser) from 3.7.1 to 3.7.2.
- [Release notes](https://github.com/bobby-brennan/rss-parser/releases)
- [Commits](https://github.com/bobby-brennan/rss-parser/compare/v3.7.1...v3.7.2)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
 2019-07-04 06:05:43 +00:00
dependabot-preview[bot]
28a24bca24
Bump web-ext from 3.0.0 to 3.1.0 
Bumps [web-ext](https://github.com/mozilla/web-ext) from 3.0.0 to 3.1.0.
- [Release notes](https://github.com/mozilla/web-ext/releases)
- [Commits](https://github.com/mozilla/web-ext/compare/3.0.0...3.1.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
 2019-07-04 06:04:31 +00:00
dependabot-preview[bot]
61f848c237
Bump @types/node from 12.0.10 to 12.0.12 
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 12.0.10 to 12.0.12.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
 2019-07-04 06:02:36 +00:00
dependabot-preview[bot]
d762d796d0
Bump marked from 0.6.2 to 0.6.3 
Bumps [marked](https://github.com/markedjs/marked) from 0.6.2 to 0.6.3.
- [Release notes](https://github.com/markedjs/marked/releases)
- [Commits](https://github.com/markedjs/marked/compare/v0.6.2...v0.6.3)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
 2019-07-04 06:01:52 +00:00
Oliver Blanthorn
c13329ddfb
Merge pull request #1689 from tridactyl/dependabot/npm_and_yarn/ts-node-8.3.0 
Bump ts-node from 8.2.0 to 8.3.0
 2019-07-03 22:04:15 +01:00
dependabot-preview[bot]
fced30826a
Bump ts-node from 8.2.0 to 8.3.0 
Bumps [ts-node](https://github.com/TypeStrong/ts-node) from 8.2.0 to 8.3.0.
- [Release notes](https://github.com/TypeStrong/ts-node/releases)
- [Commits](https://github.com/TypeStrong/ts-node/compare/v8.2.0...v8.3.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
 2019-07-03 14:13:12 +00:00
Oliver Blanthorn
18f9a9e74c
Merge pull request #1702 from tridactyl/dependabot/npm_and_yarn/@types/node-12.0.10 
Bump @types/node from 12.0.8 to 12.0.10
 2019-07-03 15:11:50 +01:00
Oliver Blanthorn
7c6d6119e1
Merge pull request #1709 from tridactyl/dependabot/npm_and_yarn/tslint-etc-1.5.6 
Bump tslint-etc from 1.5.3 to 1.5.6
 2019-07-03 15:11:03 +01:00
Oliver Blanthorn
546c5cc7b0
Merge pull request #1712 from tridactyl/dependabot/npm_and_yarn/webpack-4.35.2 
Bump webpack from 4.34.0 to 4.35.2
 2019-07-03 15:10:51 +01:00
dependabot-preview[bot]
3f247cf504
Bump @types/node from 12.0.8 to 12.0.10 
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 12.0.8 to 12.0.10.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
 2019-07-03 10:48:34 +00:00
dependabot-preview[bot]
57bb3081c3
Bump tslint-etc from 1.5.3 to 1.5.6 
Bumps [tslint-etc](https://github.com/cartant/tslint-etc) from 1.5.3 to 1.5.6.
- [Release notes](https://github.com/cartant/tslint-etc/releases)
- [Changelog](https://github.com/cartant/tslint-etc/blob/master/CHANGELOG.md)
- [Commits](https://github.com/cartant/tslint-etc/compare/v1.5.3...v1.5.6)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
 2019-07-03 10:47:47 +00:00
dependabot-preview[bot]
59cde6016a
Bump webpack from 4.34.0 to 4.35.2 
Bumps [webpack](https://github.com/webpack/webpack) from 4.34.0 to 4.35.2.
- [Release notes](https://github.com/webpack/webpack/releases)
- [Commits](https://github.com/webpack/webpack/compare/v4.34.0...v4.35.2)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
 2019-07-03 10:47:44 +00:00
Oliver Blanthorn
947501bad9
Merge pull request #1684 from tridactyl/dependabot/npm_and_yarn/typescript-3.5.2 
Bump typescript from 3.5.1 to 3.5.2
 2019-07-03 11:46:30 +01:00
Oliver Blanthorn
b9570a09fe
Merge pull request #1686 from tridactyl/dependabot/npm_and_yarn/@types/jest-24.0.15 
Bump @types/jest from 24.0.14 to 24.0.15
 2019-07-03 11:46:19 +01:00
Oliver Blanthorn
e2efc2f140
Merge pull request #1706 from tridactyl/dependabot/npm_and_yarn/selenium-webdriver-4.0.0-alpha.4 
Bump selenium-webdriver from 4.0.0-alpha.1 to 4.0.0-alpha.4
 2019-07-03 11:46:11 +01:00
Oliver Blanthorn
578edace98
Merge pull request #1703 from tridactyl/dependabot/npm_and_yarn/webpack-cli-3.3.5 
Bump webpack-cli from 3.3.4 to 3.3.5
 2019-07-03 11:45:46 +01:00
Oliver Blanthorn
1ad4ecfc07
Merge pull request #1701 from tridactyl/dependabot/npm_and_yarn/tslint-5.18.0 
Bump tslint from 5.17.0 to 5.18.0
 2019-07-03 11:45:34 +01:00
Oliver Blanthorn
1f49f4ac23
Merge pull request #1705 from grpala/master 
Add a reference to editor functions in :help bind
 2019-07-02 19:42:30 +01:00
Oliver Blanthorn
9cd4622c5c
Merge remote-tracking branch 'badbugs/master' 
This merge closes #1713.
 2019-07-02 16:50:58 +01:00
Colin Caine
df5c6f830b
release 1.16.1 2019-07-02 16:48:47 +01:00
Oliver Blanthorn
d129c47913
Switch to cmcaine's shell escape library 2019-07-02 16:48:47 +01:00
Colin Caine
a71398dc1e
nativeopen: fix shell escaping 2019-07-02 16:48:47 +01:00
Colin Caine
2e591272a5
hinting: make rapid mpv hint mode safe 2019-07-02 16:48:47 +01:00
Colin Caine
d2106c8b3e
release 1.16.0 2019-07-02 16:48:47 +01:00
Colin Caine
b53bbe9c01
script to thank contributors in changelog 2019-07-02 16:48:47 +01:00
Colin Caine
0faf4be41a
This allowed malicious web pages to send artificial key events to 
the  parsers for  all modes  except the  command line  (which has
always been protected inside an iframe).

If the native  messenger was not installed, the bug  could not be
exploited  for  any more  than  nuisance  attacks (closing  tabs,
quitting Firefox,  etc.). If the native  messenger was installed,
an attack using the mpv hint  mode (bound to `;v` by default) and
a specially crafted link would  allow an attacker to execute some
commands  in the  user's shell.  Due  to the  way hyperlinks  are
encoded,  it  would  require  more  cunning  than  the  Tridactyl
developers possess to usefully exploit as it is difficult to pass
arguments to commands.

This  did mean  that the  standard output  of mpv  (including the
attacker's URL) was  also available to an attacker  via pipes. We
are not  aware of any way  to abuse that with  commonly installed
utilities.

We are unaware of any pages exploiting this in the wild.

Nevertheless, this security regression  should not have happened.
A short incident report follows:

These  checks were  accidentally  removed when  key handling  was
rewritten in  September 2018. The PR  was reviewed, but it  was a
large PR and the regression was missed by the reviewers.

We became aware of the regression after a question in our support
chat prompted  @glacambre to check  on exactly how we  were using
`isTrusted` and they realised that we weren't using it any more.

We  will  shortly  introduce  automated testing  to  check  these
security properties that we rely on.

We will  consider adding a  check to continuous  integration that
flags any change  to files containing security  relevant code for
more detailed review.

Affected versions: - Tridactyl 1.14.0 - 1.14.10, 1.15.0.

Mitigation:

- Update to Tridactyl 1.16.0+ or 1.14.13+

- If  updating is  unfeasible, we  recommend removing  the native
messenger by running `:! pwd` in Tridactyl and then deleting that
directory from your filesystem.

-  If  you've  thought  of   a  clever  exploit,  please  contact
bovine3dom or cmcaine privately on Matrix or by email.
 2019-07-02 16:45:31 +01:00
dependabot-preview[bot]
50c7c68f93
Bump selenium-webdriver from 4.0.0-alpha.1 to 4.0.0-alpha.4 
Bumps [selenium-webdriver](https://github.com/SeleniumHQ/selenium) from 4.0.0-alpha.1 to 4.0.0-alpha.4.
- [Release notes](https://github.com/SeleniumHQ/selenium/releases)
- [Commits](https://github.com/SeleniumHQ/selenium/commits)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
 2019-06-25 05:45:09 +00:00
Guillermo R. Palavecino
ed5d1b0bd4 Add a reference to editor functions in :help bind 2019-06-24 17:31:39 -03:00
dependabot-preview[bot]
10e7941eab
Bump webpack-cli from 3.3.4 to 3.3.5 
Bumps [webpack-cli](https://github.com/webpack/webpack-cli) from 3.3.4 to 3.3.5.
- [Release notes](https://github.com/webpack/webpack-cli/releases)
- [Changelog](https://github.com/webpack/webpack-cli/blob/master/CHANGELOG.md)
- [Commits](https://github.com/webpack/webpack-cli/compare/v3.3.4...v3.3.5)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
 2019-06-24 06:06:15 +00:00
dependabot-preview[bot]
49ea3a25dc
Bump tslint from 5.17.0 to 5.18.0 
Bumps [tslint](https://github.com/palantir/tslint) from 5.17.0 to 5.18.0.
- [Release notes](https://github.com/palantir/tslint/releases)
- [Changelog](https://github.com/palantir/tslint/blob/master/CHANGELOG.md)
- [Commits](https://github.com/palantir/tslint/compare/5.17.0...5.18.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
 2019-06-24 06:04:46 +00:00