Update HTTPS Everywhere to 2020.3.16.

1 files changed, 190 insertions, 292 deletions

diff --git a/data/extensions/https-everywhere@eff.org/background-scripts/background.js b/data/extensions/https-everywhere@eff.org/background-scripts/background.js
index c432d74..7d999f7 100644
--- a/data/extensions/https-everywhere@eff.org/background-scripts/background.js
+++ b/data/extensions/https-everywhere@eff.org/background-scripts/background.js
@@ -7,12 +7,15 @@ const rules = require('./rules'),
   incognito = require('./incognito'),
   util = require('./util'),
   update = require('./update'),
-  { update_channels } = require('./update_channels');
+  { update_channels } = require('./update_channels'),
+  wasm = require('./wasm'),
+  ipUtils = require('./ip_utils');
 
 
 let all_rules = new rules.RuleSets();
 
 async function initialize() {
+  await wasm.initialize();
   await store.initialize();
   await store.performMigrations();
   await initializeStoredGlobals();
@@ -39,6 +42,33 @@ async function initializeAllRules() {
 var httpNowhereOn = false;
 var isExtensionEnabled = true;
 let disabledList = new Set();
+let httpOnceList = new Set();
+
+/**
+ * Check if HTTPS Everywhere should be ON for host
+ */
+function isExtensionDisabledOnSite(host) {
+  // make sure the host is not matched in the httpOnceList
+  if (httpOnceList.has(host)) {
+    return true;
+  }
+
+  // make sure the host is not matched in the disabledList
+  if (disabledList.has(host)) {
+    return true;
+  }
+
+  // make sure the host is matched by any wildcard expressions in the disabledList
+  const experessions = util.getWildcardExpressions(host);
+  for (const expression of experessions) {
+    if (disabledList.has(expression)) {
+      return true;
+    }
+  }
+
+  // otherwise return false
+  return false;
+}
 
 function initializeStoredGlobals() {
   return new Promise(resolve => {
@@ -112,20 +142,23 @@ if (chrome.windows) {
   chrome.windows.onFocusChanged.addListener(function() {
     updateState();
   });
+
+  // Grant access to HTTP site only during session, clear once window is closed
+  chrome.windows.onRemoved.addListener(function() {
+    chrome.windows.getAll({}, function(windows) {
+      if(windows.length > 0) {
+        return;
+      } else {
+        httpOnceList.clear();
+      }
+    });
+  });
+
 }
 chrome.webNavigation.onCompleted.addListener(function() {
   updateState();
 });
 
-// Records which tabId's are active in the HTTPS Switch Planner (see
-// pages/devtools/panel-ux.js).
-var switchPlannerEnabledFor = {};
-// Detailed information recorded when the HTTPS Switch Planner is active.
-// Structure is:
-//   switchPlannerInfo[tabId]["rw"/"nrw"][resource_host][active_content][url];
-// rw / nrw stand for "rewritten" versus "not rewritten"
-var switchPlannerInfo = {};
-
 /**
  * Set the icon color correctly
  * active: extension is enabled.
@@ -153,8 +186,9 @@ function updateState () {
       return;
     }
     const tabUrl = new URL(tabs[0].url);
+    const hostname = util.getNormalisedHostname(tabUrl.hostname);
 
-    if (disabledList.has(tabUrl.host) || iconState == "disabled") {
+    if (isExtensionDisabledOnSite(hostname) || iconState == "disabled") {
       if ('setIcon' in chrome.browserAction) {
         chrome.browserAction.setIcon({
           path: {
@@ -184,38 +218,57 @@ chrome.browserAction.onClicked.addListener(e => {
   });
 });
 
-
-
 /**
- * Add a listener for removed tabs
+ * A centralized storage for browsing data within the browser session.
  */
-function AppliedRulesets() {
-  this.active_tab_rules = new Map();
-  this.active_tab_main_frames = new Map();
+function BrowserSession() {
+  this.tabs = new Map();
+  this.requests = new Map();
 
-  let that = this;
   if (chrome.tabs) {
-    chrome.tabs.onRemoved.addListener(function(tabId) {
-      that.removeTab(tabId);
+    chrome.tabs.onRemoved.addListener(tabId => {
+      this.deleteTab(tabId);
     });
   }
 }
 
-AppliedRulesets.prototype = {
-  addRulesetToTab: function(tabId, type, ruleset) {
-    if (!this.active_tab_main_frames.has(tabId)) {
-      this.active_tab_main_frames.set(tabId, false);
+BrowserSession.prototype = {
+  putTab: function(tabId, key, value, overwrite) {
+    if (!this.tabs.has(tabId)) {
+      this.tabs.set(tabId, {});
+    }
+
+    if (!(key in this.tabs.get(tabId)) || overwrite) {
+      this.tabs.get(tabId)[key] = value;
     }
+  },
+
+  getTab: function(tabId, key, defaultValue) {
+    if (this.tabs.has(tabId) && key in this.tabs.get(tabId)) {
+      return this.tabs.get(tabId)[key];
+    }
+    return defaultValue;
+  },
+
+  deleteTab: function(tabId) {
+    if (this.tabs.has(tabId)) {
+      this.tabs.delete(tabId);
+    }
+  },
+
+  putTabAppliedRulesets: function(tabId, type, ruleset) {
+    this.putTab(tabId, "main_frame", false, false);
 
     // always show main_frame ruleset on the top
     if (type == "main_frame") {
-      this.active_tab_main_frames.set(tabId, true);
-      this.active_tab_rules.set(tabId, [ruleset,]);
+      this.putTab(tabId, "main_frame", true, true);
+      this.putTab(tabId, "applied_rulesets", [ruleset,], true);
       return ;
     }
 
-    if (this.active_tab_rules.has(tabId)) {
-      let rulesets = this.active_tab_rules.get(tabId);
+    // sort by ruleset names alphabetically, case-insensitive
+    if (this.getTab(tabId, "applied_rulesets", null)) {
+      let rulesets = this.getTab(tabId, "applied_rulesets");
       let insertIndex = 0;
 
       const ruleset_name = ruleset.name.toLowerCase();
@@ -225,7 +278,7 @@ AppliedRulesets.prototype = {
 
         if (item_name == ruleset_name) {
           return ;
-        } else if (insertIndex == 0 && this.active_tab_main_frames.get(tabId)) {
+        } else if (insertIndex == 0 && this.getTab(tabId, "main_frame", false)) {
           insertIndex = 1;
         } else if (item_name < ruleset_name) {
           insertIndex++;
@@ -233,59 +286,46 @@ AppliedRulesets.prototype = {
       }
       rulesets.splice(insertIndex, 0, ruleset);
     } else {
-      this.active_tab_rules.set(tabId, [ruleset,]);
+      this.putTab(tabId, "applied_rulesets", [ruleset,], true);
     }
   },
 
-  getRulesets: function(tabId) {
-    if (this.active_tab_rules.has(tabId)) {
-      return this.active_tab_rules.get(tabId);
-    } else {
-      return null;
-    }
+  getTabAppliedRulesets: function(tabId) {
+    return this.getTab(tabId, "applied_rulesets", null);
   },
 
-  removeTab: function(tabId) {
-    this.active_tab_rules.delete(tabId);
-    this.active_tab_main_frames.delete(tabId);
+  putRequest: function(requestId, key, value) {
+    if (!this.requests.has(requestId)) {
+      this.requests.set(requestId, {});
+    }
+    this.requests.get(requestId)[key] = value;
   },
 
-  getActiveRulesetCount: function (tabId) {
-    let activeCount = 0;
+  getRequest: function(requestId, key, defaultValue) {
+    if (this.requests.has(requestId) && key in this.requests.get(requestId)) {
+      return this.requests.get(requestId)[key];
+    }
+    return defaultValue;
+  },
 
-    const rulesets = this.getRulesets(tabId);
-    if (rulesets) {
-      for (const ruleset of rulesets) {
-        if (ruleset.active) {
-          activeCount++;
-        }
-      }
+  deleteRequest: function(requestId) {
+    if (this.requests.has(requestId)) {
+      this.requests.delete(requestId);
     }
-    return activeCount;
   }
-};
+}
 
-var appliedRulesets = new AppliedRulesets();
+let browserSession = new BrowserSession();
 
 var urlBlacklist = new Set();
 
-// redirect counter workaround
-// TODO: Remove this code if they ever give us a real counter
-var redirectCounter = new Map();
-
-// Create a map to indicate whether a given request has been subject to a simple
-// HTTP Nowhere redirect.
-let simpleHTTPNowhereRedirect = new Map();
-
 const cancelUrl = chrome.runtime.getURL("/pages/cancel/index.html");
 
 function redirectOnCancel(shouldCancel, originURL) {
   return shouldCancel ? {redirectUrl: newCancelUrl(originURL)} : {cancel: false};
 }
 
-function newCancelUrl(originURL) {
-  return cancelUrl + "?originURL=" + encodeURI(originURL);
-}
+const newCancelUrl = originURL => `${cancelUrl}?originURL=${encodeURIComponent(originURL)}`;
 
 /**
  * Called before a HTTP(s) request. Does the heavy lifting
@@ -298,40 +338,33 @@ function onBeforeRequest(details) {
     return;
   }
 
-  // Clear the content shown in the extension popup.
-  // This needed to be done before this listener returns,
-  // otherwise, the extension page might include rulesets
-  // from previous page.
-  if (details.type == "main_frame") {
-    appliedRulesets.removeTab(details.tabId);
-  }
-
   let uri = new URL(details.url);
 
-  // Check if a user has disabled HTTPS Everywhere on this site.  We should
-  // ensure that all subresources are not run through HTTPS Everywhere as well.
-  let firstPartyHost;
-  if (details.type == "main_frame") {
-    firstPartyHost = uri.host;
-  } else {
-    // In Firefox, documentUrl is preferable here, since it will always be the
-    // URL in the URL bar, but it was only introduced in FF 54.  We should get
-    // rid of `originUrl` at some point.
-    if ('documentUrl' in details) { // Firefox 54+
-      firstPartyHost = new URL(details.documentUrl).host;
-    } else if ('originUrl' in details) { // Firefox < 54
-      firstPartyHost = new URL(details.originUrl).host;
-    } else if('initiator' in details) { // Chrome
-      firstPartyHost = new URL(details.initiator).host;
-    }
+  // Normalise hosts with tailing dots, e.g. "www.example.com."
+  uri.hostname = util.getNormalisedHostname(uri.hostname);
+
+  let ip = ipUtils.parseIp(uri.hostname);
+
+  let isLocalIp = false;
+
+  if (ip !== -1) {
+    isLocalIp = ipUtils.isLocalIp(ip);
   }
-  if (disabledList.has(firstPartyHost)) {
-    return;
+
+  if (details.type == "main_frame") {
+    // Clear the content from previous browser session.
+    // This needed to be done before this listener returns,
+    // otherwise, the extension popup might include rulesets
+    // from previous page.
+    browserSession.deleteTab(details.tabId);
+
+    // Check if an user has disabled HTTPS Everywhere on this site.  We should
+    // ensure that all subresources are not run through HTTPS Everywhere as well.
+    browserSession.putTab(details.tabId, 'first_party_host', uri.hostname, true);
   }
 
-  // Normalise hosts with tailing dots, e.g. "www.example.com."
-  while (uri.hostname[uri.hostname.length - 1] === '.' && uri.hostname !== '.') {
-    uri.hostname = uri.hostname.slice(0, -1);
+  if (isExtensionDisabledOnSite(browserSession.getTab(details.tabId, 'first_party_host', null))) {
+    return;
   }
 
   // Should the request be canceled?
@@ -341,9 +374,8 @@ function onBeforeRequest(details) {
     (uri.protocol === 'http:' || uri.protocol === 'ftp:') &&
     uri.hostname.slice(-6) !== '.onion' &&
     uri.hostname !== 'localhost' &&
-    !/^127(\.[0-9]{1,3}){3}$/.test(uri.hostname) &&
-    uri.hostname !== '0.0.0.0' &&
-    uri.hostname !== '[::1]';
+    uri.hostname !== '[::1]' &&
+    !isLocalIp;
 
   // If there is a username / password, put them aside during the ruleset
   // analysis process
@@ -366,7 +398,7 @@ function onBeforeRequest(details) {
     return redirectOnCancel(shouldCancel, details.url);
   }
 
-  if (redirectCounter.get(details.requestId) >= 8) {
+  if (browserSession.getRequest(details.requestId, "redirect_count") >= 8) {
     util.log(util.NOTE, "Redirect counter hit for " + uri.href);
     urlBlacklist.add(uri.href);
     rules.settings.domainBlacklist.add(uri.hostname);
@@ -382,7 +414,7 @@ function onBeforeRequest(details) {
 
   for (let ruleset of potentiallyApplicable) {
     if (details.url.match(ruleset.scope)) {
-      appliedRulesets.addRulesetToTab(details.tabId, details.type, ruleset);
+      browserSession.putTabAppliedRulesets(details.tabId, details.type, ruleset);
       if (ruleset.active && !newuristr) {
         newuristr = ruleset.apply(uri.href);
       }
@@ -411,23 +443,13 @@ function onBeforeRequest(details) {
     }
   }
 
-  // In Switch Planner Mode, record any non-rewriteable
-  // HTTP URIs by parent hostname, along with the resource type.
-  if (switchPlannerEnabledFor[details.tabId] && uri.protocol !== "https:") {
-    writeToSwitchPlanner(details.type,
-      details.tabId,
-      uri.hostname,
-      details.url,
-      newuristr);
-  }
-
   if (httpNowhereOn) {
     // If loading a main frame, try the HTTPS version as an alternative to
     // failing.
     if (shouldCancel) {
       if (!newuristr) {
         newuristr = uri.href.replace(/^http:/, "https:");
-        simpleHTTPNowhereRedirect.set(details.requestId, true);
+        browserSession.putRequest(details.requestId, "simple_http_nowhere_redirect", true);
         upgradeToSecure = true;
       } else {
         newuristr = newuristr.replace(/^http:/, "https:");
@@ -457,86 +479,6 @@ function onBeforeRequest(details) {
   }
 }
 
-
-// Map of which values for the `type' enum denote active vs passive content.
-// https://developer.chrome.com/extensions/webRequest.html#event-onBeforeRequest
-const mixedContentTypes = {
-  object: 1, other: 1, script: 1, stylesheet: 1, sub_frame: 1, xmlhttprequest: 1,
-  image: 0, main_frame: 0
-};
-
-/**
- * Record a non-HTTPS URL loaded by a given hostname in the Switch Planner, for
- * use in determining which resources need to be ported to HTTPS.
- * (Reminder: Switch planner is the pro-tool enabled by switching into debug-mode)
- *
- * @param type: type of the resource (see activeTypes and passiveTypes arrays)
- * @param tab_id: The id of the tab
- * @param resource_host: The host of the original url
- * @param resource_url: the original url
- * @param rewritten_url: The url rewritten to
- * */
-function writeToSwitchPlanner(type, tab_id, resource_host, resource_url, rewritten_url) {
-  let rw = rewritten_url ? "rw" : "nrw";
-
-  let active_content = 1;
-  if (mixedContentTypes.hasOwnProperty(type)) {
-    active_content = mixedContentTypes[type];
-  } else {
-    util.log(util.WARN, "Unknown type from onBeforeRequest details: `" + type + "', assuming active");
-  }
-
-  if (!switchPlannerInfo[tab_id]) {
-    switchPlannerInfo[tab_id] = {};
-    switchPlannerInfo[tab_id]["rw"] = {};
-    switchPlannerInfo[tab_id]["nrw"] = {};
-  }
-  if (!switchPlannerInfo[tab_id][rw][resource_host])
-    switchPlannerInfo[tab_id][rw][resource_host] = {};
-  if (!switchPlannerInfo[tab_id][rw][resource_host][active_content])
-    switchPlannerInfo[tab_id][rw][resource_host][active_content] = {};
-
-  switchPlannerInfo[tab_id][rw][resource_host][active_content][resource_url] = 1;
-}
-
-/**
- * Return the number of properties in an object. For associative maps, this is
- * their size.
- * @param obj: object to calc the size for
- * */
-function objSize(obj) {
-  if (typeof obj == 'undefined') return 0;
-  var size = 0, key;
-  for (key in obj) {
-    if (obj.hasOwnProperty(key)) size++;
-  }
-  return size;
-}
-
-/**
- * Make an array of asset hosts by score so we can sort them,
- * presenting the most important ones first.
- * */
-function sortSwitchPlanner(tab_id, rewritten) {
-  var asset_host_list = [];
-  if (typeof switchPlannerInfo[tab_id] === 'undefined' ||
-      typeof switchPlannerInfo[tab_id][rewritten] === 'undefined') {
-    return [];
-  }
-  var tabInfo = switchPlannerInfo[tab_id][rewritten];
-  for (var asset_host in tabInfo) {
-    var ah = tabInfo[asset_host];
-    var activeCount = objSize(ah[1]);
-    var passiveCount = objSize(ah[0]);
-    var score = activeCount * 100 + passiveCount;
-    asset_host_list.push([score, activeCount, passiveCount, asset_host]);
-  }
-  asset_host_list.sort(function(a,b) {
-    return a[0]-b[0];
-  });
-  return asset_host_list;
-}
-
 /**
  * monitor cookie changes. Automatically convert them to secure cookies
  * @param changeInfo Cookie changed info, see Chrome doc
@@ -592,13 +534,12 @@ function onBeforeRedirect(details) {
   // Catch redirect loops (ignoring about:blank, etc. caused by other extensions)
   let prefix = details.redirectUrl.substring(0, 5);
   if (prefix === "http:" || prefix === "https") {
-    let count = redirectCounter.get(details.requestId);
+    let count = browserSession.getRequest(details.requestId, "redirect_count", 0);
     if (count) {
-      redirectCounter.set(details.requestId, count + 1);
-      util.log(util.DBUG, "Got redirect id "+details.requestId+
-                ": "+count);
+      browserSession.putRequest(details.requestId, "redirect_count", count + 1);
+      util.log(util.DBUG, "Got redirect id " + details.requestId + ": "+count);
     } else {
-      redirectCounter.set(details.requestId, 1);
+      browserSession.putRequest(details.requestId, "redirect_count", 1);
     }
   }
 }
@@ -608,12 +549,7 @@ function onBeforeRedirect(details) {
  * @param details details for the chrome.webRequest (see chrome doc)
  */
 function onCompleted(details) {
-  if (redirectCounter.has(details.requestId)) {
-    redirectCounter.delete(details.requestId);
-  }
-  if (simpleHTTPNowhereRedirect.has(details.requestId)) {
-    simpleHTTPNowhereRedirect.delete(details.requestId);
-  }
+  browserSession.deleteRequest(details.requestId);
 }
 
 /**
@@ -623,7 +559,7 @@ function onCompleted(details) {
 function onErrorOccurred(details) {
   if (httpNowhereOn &&
     details.type == "main_frame" &&
-    simpleHTTPNowhereRedirect.get(details.requestId) &&
+    browserSession.getRequest(details.requestId, "simple_http_nowhere_redirect", false) &&
     ( // Enumerate a class of errors that are likely due to HTTPS misconfigurations
       details.error.indexOf("net::ERR_SSL_") == 0 ||
       details.error.indexOf("net::ERR_CERT_") == 0 ||
@@ -633,7 +569,6 @@ function onErrorOccurred(details) {
       details.error.indexOf("NS_ERROR_CONNECTION_REFUSED") == 0 ||
       details.error.indexOf("NS_ERROR_NET_TIMEOUT") == 0 ||
       details.error.indexOf("NS_ERROR_NET_ON_TLS_HANDSHAKE_ENDED") == 0 ||
-      details.error.indexOf("NS_BINDING_ABORTED") == 0 ||
       details.error.indexOf("SSL received a record that exceeded the maximum permissible length.") == 0 ||
       details.error.indexOf("Peer’s Certificate has expired.") == 0 ||
       details.error.indexOf("Unable to communicate securely with peer: requested domain name does not match the server’s certificate.") == 0 ||
@@ -654,12 +589,7 @@ function onErrorOccurred(details) {
     chrome.tabs.update(details.tabId, {url: newCancelUrl(url.toString())});
   }
 
-  if (redirectCounter.has(details.requestId)) {
-    redirectCounter.delete(details.requestId);
-  }
-  if (simpleHTTPNowhereRedirect.has(details.requestId)) {
-    simpleHTTPNowhereRedirect.delete(details.requestId);
-  }
+  browserSession.deleteRequest(details.requestId);
 }
 
 /**
@@ -672,28 +602,14 @@ function onHeadersReceived(details) {
     // Do not upgrade the .onion requests in EASE mode,
     // See https://github.com/EFForg/https-everywhere/pull/14600#discussion_r168072480
     const uri = new URL(details.url);
-    if (uri.hostname.slice(-6) == '.onion') {
+    const hostname = util.getNormalisedHostname(uri.hostname);
+    if (hostname.slice(-6) == '.onion') {
       return {};
     }
 
     // Do not upgrade resources if the first-party domain disbled EASE mode
     // This is needed for HTTPS sites serve mixed content and is broken
-    let firstPartyHost;
-    if (details.type == "main_frame") {
-      firstPartyHost = uri.host;
-    } else {
-      // In Firefox, documentUrl is preferable here, since it will always be the
-      // URL in the URL bar, but it was only introduced in FF 54.  We should get
-      // rid of `originUrl` at some point.
-      if ('documentUrl' in details) { // Firefox 54+
-        firstPartyHost = new URL(details.documentUrl).host;
-      } else if ('originUrl' in details) { // Firefox < 54
-        firstPartyHost = new URL(details.originUrl).host;
-      } else if('initiator' in details) { // Chrome
-        firstPartyHost = new URL(details.initiator).host;
-      }
-    }
-    if (disabledList.has(firstPartyHost)) {
+    if (isExtensionDisabledOnSite(browserSession.getTab(details.tabId, 'first_party_host', null))) {
       return {};
     }
 
@@ -761,59 +677,6 @@ chrome.webRequest.onHeadersReceived.addListener(onHeadersReceived, {urls: ["http
 // Listen for cookies set/updated and secure them if applicable. This function is async/nonblocking.
 chrome.cookies.onChanged.addListener(onCookieChanged);
 
-
-/**
- * disable switch Planner
- * @param tabId the Tab to disable for
- */
-function disableSwitchPlannerFor(tabId) {
-  delete switchPlannerEnabledFor[tabId];
-  // Clear stored URL info.
-  delete switchPlannerInfo[tabId];
-}
-
-/**
- * Enable switch planner for specific tab
- * @param tabId the tab to enable it for
- */
-function enableSwitchPlannerFor(tabId) {
-  switchPlannerEnabledFor[tabId] = true;
-}
-
-// Listen for connection from the DevTools panel so we can set up communication.
-chrome.runtime.onConnect.addListener(function (port) {
-  if (port.name == "devtools-page") {
-    chrome.runtime.onMessage.addListener(function(message, sender, sendResponse) {
-      var tabId = message.tabId;
-
-      var disableOnCloseCallback = function() {
-        util.log(util.DBUG, "Devtools window for tab " + tabId + " closed, clearing data.");
-        disableSwitchPlannerFor(tabId);
-      };
-
-      const responses = {
-        enable: () => {
-          enableSwitchPlannerFor(tabId);
-          port.onDisconnect.addListener(disableOnCloseCallback);
-        },
-        disable: () => {
-          disableSwitchPlannerFor(tabId);
-        },
-        getHosts: () => {
-          sendResponse({
-            nrw: sortSwitchPlanner(tabId, "nrw"),
-            rw: sortSwitchPlanner(tabId, "rw")
-          });
-          return true;
-        }
-      };
-      if (message.type in responses) {
-        return responses[message.type]();
-      }
-    });
-  }
-});
-
 // This is necessary for communication with the popup in Firefox Private
 // Browsing Mode, see https://bugzilla.mozilla.org/show_bug.cgi?id=1329304
 chrome.runtime.onMessage.addListener(function(message, sender, sendResponse) {
@@ -836,11 +699,21 @@ chrome.runtime.onMessage.addListener(function(message, sender, sendResponse) {
     });
   }
 
-  function storeDisabledList() {
+  function storeDisabledList(message) {
+
     const disabledListArray = Array.from(disabledList);
-    store.set({disabledList: disabledListArray}, () => {
-      sendResponse(true);
-    });
+    const httpOnceListArray = Array.from(httpOnceList);
+
+    if (message === 'once') {
+      store.set({httpOnceList: httpOnceListArray}, () => {
+        sendResponse(true);
+      });
+    } else {
+      store.set({disabledList: disabledListArray}, () => {
+        sendResponse(true);
+      });
+    }
+
     return true;
   }
 
@@ -859,12 +732,12 @@ chrome.runtime.onMessage.addListener(function(message, sender, sendResponse) {
     delete_from_ruleset_cache: () => {
       all_rules.ruleCache.delete(message.object);
     },
-    get_active_rulesets: () => {
-      sendResponse(appliedRulesets.getRulesets(message.object));
+    get_applied_rulesets: () => {
+      sendResponse(browserSession.getTabAppliedRulesets(message.object));
       return true;
     },
     set_ruleset_active_status: () => {
-      let rulesets = appliedRulesets.getRulesets(message.object.tab_id);
+      let rulesets = browserSession.getTabAppliedRulesets(message.object.tab_id);
 
       for (let ruleset of rulesets) {
         if (ruleset.name == message.object.name) {
@@ -1011,23 +884,34 @@ chrome.runtime.onMessage.addListener(function(message, sender, sendResponse) {
       });
       return true;
     },
+    get_simple_rules_ending_with: () => {
+      return sendResponse(all_rules.getSimpleRulesEndingWith(message.object));
+    },
     get_last_checked: () => {
       store.local.get({'last-checked': false}, item => {
         sendResponse(item['last-checked']);
       });
       return true;
     },
+    disable_on_site_once: () => {
+      httpOnceList.add(message.object);
+      return storeDisabledList('once');
+    },
     disable_on_site: () => {
-      disabledList.add(message.object);
-      return storeDisabledList();
+      const host = util.getNormalisedHostname(message.object);
+      // always validate hostname before adding it to the disabled list
+      if (util.isValidHostname(host)) {
+        disabledList.add(host);
+        return storeDisabledList('disable');
+      }
+      return sendResponse(false);
     },
     enable_on_site: () => {
-      disabledList.delete(message.object);
-      return storeDisabledList();
+      disabledList.delete(util.getNormalisedHostname(message.object));
+      return storeDisabledList('enable');
     },
     check_if_site_disabled: () => {
-      sendResponse(disabledList.has(message.object));
-      return true;
+      return sendResponse(isExtensionDisabledOnSite(util.getNormalisedHostname(message.object)));
     },
     is_firefox: () => {
       if(typeof(browser) != "undefined") {
@@ -1050,6 +934,21 @@ chrome.runtime.onMessage.addListener(function(message, sender, sendResponse) {
 });
 
 /**
+ * @description Upboarding event for visual changelog
+ */
+chrome.runtime.onInstalled.addListener(async ({reason, temporary}) => {
+  if (temporary) return;
+  switch (reason) {
+  case "update":
+    {
+      const url = chrome.runtime.getURL("pages/onboarding/updated.html");
+      await chrome.tabs.create({ url });
+    }
+    break;
+  }
+});
+
+/**
  * Clear any cache/ blacklist we have.
  */
 function destroy_caches() {
@@ -1058,13 +957,12 @@ function destroy_caches() {
   all_rules.ruleCache.clear();
   rules.settings.domainBlacklist.clear();
   urlBlacklist.clear();
+  httpOnceList.clear();
 }
 
 Object.assign(exports, {
   all_rules,
-  urlBlacklist,
-  sortSwitchPlanner,
-  switchPlannerInfo
+  urlBlacklist
 });
 
 })(typeof exports == 'undefined' ? require.scopes.background = {} : exports);