Delta Between Two Patch Sets: lib/content/snippets.js
Issue 29829569:
Issue 6538, 6781 - Add code injection wrapper to snippets library (Closed)
Base URL: https://hg.adblockplus.org/adblockpluscore/
Left Patch Set: Use Function.prototype.toString for safety
Created July 17, 2018, 4:28 p.m.
Right Patch Set: Remove "safely" from comment, remove unnecessary checks
Created July 17, 2018, 5:40 p.m.
| Left: | ||
| Right: |
Use n/p to move between diff chunks;
N/P to move between comments.
« no previous file with change/comment
|
« no previous file
|
no next file »
|
no next file with change/comment »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')
| LEFT | RIGHT |
|---|---|
| 1 /* | 1 /* |
| 2 * This file is part of Adblock Plus <https://adblockplus.org/>, | 2 * This file is part of Adblock Plus <https://adblockplus.org/>, |
| 3 * Copyright (C) 2006-present eyeo GmbH | 3 * Copyright (C) 2006-present eyeo GmbH |
| 4 * | 4 * |
| 5 * Adblock Plus is free software: you can redistribute it and/or modify | 5 * Adblock Plus is free software: you can redistribute it and/or modify |
| 6 * it under the terms of the GNU General Public License version 3 as | 6 * it under the terms of the GNU General Public License version 3 as |
| 7 * published by the Free Software Foundation. | 7 * published by the Free Software Foundation. |
| 8 * | 8 * |
| 9 * Adblock Plus is distributed in the hope that it will be useful, | 9 * Adblock Plus is distributed in the hope that it will be useful, |
| 10 * but WITHOUT ANY WARRANTY; without even the implied warranty of | 10 * but WITHOUT ANY WARRANTY; without even the implied warranty of |
| (...skipping 40 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 51 let url = URL.createObjectURL(new Blob([code])); | 51 let url = URL.createObjectURL(new Blob([code])); |
| 52 script.src = url; | 52 script.src = url; |
| 53 document.documentElement.appendChild(script); | 53 document.documentElement.appendChild(script); |
| 54 URL.revokeObjectURL(url); | 54 URL.revokeObjectURL(url); |
| 55 } | 55 } |
| 56 | 56 |
| 57 document.documentElement.removeChild(script); | 57 document.documentElement.removeChild(script); |
| 58 } | 58 } |
| 59 | 59 |
| 60 /** | 60 /** |
| 61 * Safely converts a function and an optional list of arguments into a string | 61 * Converts a function and an optional list of arguments into a string of code |
| 62 * of code containing a function call. The function is converted to its string | 62 * containing a function call. The function is converted to its string |
| 63 * representation using the <code>Function.prototype.toString</code> method. | 63 * representation using the <code>Function.prototype.toString</code> method. |
| 64 * Each argument is stringified using <code>JSON.stringify</code>. The | 64 * Each argument is stringified using <code>JSON.stringify</code>. The |
| 65 * generated code begins with the <code>"use strict"</code> directive. | 65 * generated code begins with the <code>"use strict"</code> directive. |
| 66 * | 66 * |
| 67 * @param {function} func The function to convert. | 67 * @param {function} func The function to convert. |
| 68 * @param {...*} [params] The arguments to convert. | 68 * @param {...*} [params] The arguments to convert. |
| 69 * | 69 * |
| 70 * @returns {string} The generated code containing the function call. | 70 * @returns {string} The generated code containing the function call. |
| 71 */ | 71 */ |
| 72 function stringifyFunctionCall(func, ...params) | 72 function stringifyFunctionCall(func, ...params) |
| 73 { | 73 { |
| 74 // Call the original Function.prototype.toString to avoid any arbitrary code | |
| 75 // execution. | |
| 76 func = Function.prototype.toString.call(func); | |
| 77 | |
| 78 // Call JSON.stringify on the arguments to avoid any arbitrary code | 74 // Call JSON.stringify on the arguments to avoid any arbitrary code |
| 79 // execution. | 75 // execution. |
| 80 params = params.map(JSON.stringify); | 76 return `"use strict";(${func})(${params.map(JSON.stringify).join(",")});`; |
| 81 | |
| 82 return `"use strict";(${func})(${params.join(",")});`; | |
| 83 } | 77 } |
| 84 | 78 |
| 85 /** | 79 /** |
| 86 * Wraps a function and its dependencies into an injector. The injector, when | 80 * Wraps a function and its dependencies into an injector. The injector, when |
| 87 * called with zero or more arguments, generates code that calls the function, | 81 * called with zero or more arguments, generates code that calls the function, |
| 88 * with the given arguments, if any, and injects the code, along with any | 82 * with the given arguments, if any, and injects the code, along with any |
| 89 * dependencies, into the document using a temporary <code>script</code> | 83 * dependencies, into the document using a temporary <code>script</code> |
| 90 * element. | 84 * element. |
| 91 * | 85 * |
| 92 * @param {function} injectable The function to wrap into an injector. | 86 * @param {function} injectable The function to wrap into an injector. |
| (...skipping 31 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 124 * @param {...*} [args] The arguments to log. | 118 * @param {...*} [args] The arguments to log. |
| 125 */ | 119 */ |
| 126 function trace(...args) | 120 function trace(...args) |
| 127 { | 121 { |
| 128 // We could simply use console.log here, but the goal is to demonstrate the | 122 // We could simply use console.log here, but the goal is to demonstrate the |
| 129 // usage of snippet dependencies. | 123 // usage of snippet dependencies. |
| 130 log(...args); | 124 log(...args); |
| 131 } | 125 } |
| 132 | 126 |
| 133 exports.trace = makeInjector(trace, log); | 127 exports.trace = makeInjector(trace, log); |
| LEFT | RIGHT |
« no previous file
|
no next file »
|
Toggle Intra-line Diffs ('i')
|
Expand Comments ('e')
|
Collapse Comments ('c')
|
Toggle Comments ('s')
