Pywb

Latest version: v2.8.3

Safety actively analyzes 630169 Python packages for vulnerabilities to keep your Python projects secure.

Scan your dependencies

Page 10 of 16

0.10.8

Not secure
~~~~~~~~~~~~~~~~~~~~~~

* Rewrite: url attribute entity unencoding only if attr starts with 'http', catch any exceptions.

* Fix top frame detection to avoid occasional banner insertion into intermediate frames.

* Fix special case ``href = "."`` rewriting.

0.10.7

Not secure
~~~~~~~~~~~~~~~~~~~~~~

* wombat 2.8 improvements, including:

- cookies: fixed rewriting with respect to comma, proper path and domain replacement
- form action and textContent rewriting
- document.write() improvements, buffering split tag and removing extraneous end tag
- document.writeln() rewriting
- object data attr conditional rewriting
- proper ``setAttribute("style", ...`` rewriting
- style rewrite regex now case-insensitive

* 10-field CDX format fully supported.

* rewrite: "background" attr rewriting, proper rewriting of entity-encoded attributes.

* Fix for regression for Vimeo videos that were recorded as Flash but replay as HTML.

0.10.6

Not secure
~~~~~~~~~~~~~~~~~~~~~~

* Disable url rewriting in JS by default! No longer needed due to improved client side rewriting of all urls.

* wombat 2.7 more rewriting improvements:

- ``document.write`` override rewrites all elements, not just one top level elements.

- iframe ``srcdoc`` also rewritten.

- support for custom modifiers, such as ``js_`` for ``SCRIPT`` tag rewriting, otherwise for element overrides.

- improved css rewriting, override standard css attributes on ``CSSStyleDeclaration`` to avoid mutation observers, rewrite ``STYLE`` text content.

- ``postMessage``: original ``source`` window now also preserved along with origin.

- cookie rewrite: don't remove expires, but adjust by date offset. Allow cookies to be deleted by setting to expired date.

* Embed mode, pywb framed replay can now be embedded in an iframe when ``embeddable: True`` option is set. ``postMessage`` on framed replay proxies between replay frame and embedded frame, and ``window.parent`` is not set to top replay frame, allowing access to containing frame.

* vidrw: don't replace video with generic swf, find better match.

* path index loader: ensure each request handled by own file reader.

0.10.5

Not secure
~~~~~~~~~~~~~~~~~~~~~~

* wombat 2.6 client side rewriting improvements:

- Override JS prototype getters and setters on ``href`` and ``src`` attributes of standard HTML elements, so that JavaScript access receives and sets the original url, but the element actually contains the rewritten url internally.

- For ``<a>`` element override other url properties ``href``, ``hostname``, ``host``, ``pathname``, ``origin``, ``search``, ``port``, ``protocol``

- Improved ``postMessage`` emulation: Ensure the original ``origin`` of the caller is saved, by wrapping ``X.postMessage`` in a special ``X.__WB_pmw(window).postMessage()`` call which will save origin of current window in X. Store origin and destination hosts.

- Improved ``message`` listener emulation: Add filtering to skip messages that were not inteded for destination host.

- Restored wombat if wiped by ``document.write`` / ``document.open`` (happens on FF).

- When rewriting html for ``document.write``, keep ``<html>``, ``<head>``, ``<body>`` tags in rewritten html.


* Relative urls rewritten to stay relative, eg. ``/path/file.html`` -> ``/coll/http://example.com/path/file.html``
Can be disabled with ``no_match_rel=True`` in ``rewrite_opts``.

* Optional ``force_html_decl`` option to add a ``<!DOCTYPE>`` or other HTML declaration if none is present.

* Improved handling for `redir_to_exact=False`` mode. When set, no redirect on memento timegate, and serve ``Content-Location `` headers for actual memento, in conformance with Mememnto RFC Pattern 2.2 (http://tools.ietf.org/html/rfc7089#section-4.2.2)


* Proxy Mode Fixes: Ensure ``Content-Length`` header is always added and correct in proxy mode, needed for proper HTTPS
handling within ``CONNECT`` envelope.

* New default ``HostScopeCookieRewriter`` sets cookies with domain ``/coll/https://example.com/`` instead of ``/coll/``.
Can be specified with ``cookie_scope: host`` per collection.
This is now the default live rewrite proxy and should be much safer/secure. For rare login use cases, the collection
root scope can be specified with ``cookie_scope: coll``.

* Cookie ``Path=`` value always a relative path for all cookie scopes, previously were often absolute paths.

* Default WSGI handler for ``wayback`` back to ``wsgiref``, as ``waitress`` does not support proxy mode.

0.10.2

Not secure
~~~~~~~~~~~~~~~~~~~~~~

* wombat 2.5 update -- significant wombat improvements:

- Cookies: more comprehensive client-side cookie overriding, including Path, Domain, and expires removal.

- ``WB_wombat_location`` overriden on Object prototype, defaults to ``location`` if ``_WB_wombat_location``, the actual, property is not set.

- ``WB_wombat_location.href`` proxies to actual location, responsive to ``pushState`` / ``replaceState`` location changes.
- ``.href`` and ``.src`` attributes correctly return original url in JavaScript.

- More consistent and ``lookupGetter/lookupSetter`` overrides with ``Object.defineProperty``.

- Added baseURI override, ``Element.prototype and ``document``.

- Added ``insertAdjacentHTML()`` override.

- Improved iframe override, including check for `contentDocument` changes.

- Don't rewrite urls that start with ``{``

- Frames mode: ensure hash changes synchronized between inner and outer frames.

- video: don't rewrite generic 'swf' with flowplayer

- deprefix: support deprefixing of url-encoded queries.

0.10.1

Not secure
~~~~~~~~~~~~~~~~~~~~~~

- Support ``Content-Encoding: deflate`` which was not being handled.

- Fix issues with ``fallback`` handlers: A POST request could result in double read of POST input data.

- ``youtube-dl`` removed from dependency as it is only needed for live proxy. (related tests only run if ``youtube-dl`` is installed).

Page 10 of 16

© 2024 Safety CLI Cybersecurity Inc. All Rights Reserved.