lib/snippets.js - Issue 29843566: Issue 6819 - Shadow globals in snippets

Side by Side Diff: lib/snippets.js

Issue 29843566: Issue 6819 - Shadow globals in snippets Base URL: https://hg.adblockplus.org/adblockpluscore/

Patch Set: Created July 31, 2018, 2:10 p.m.

Left:
Right:

Use n/p to move between diff chunks; N/P to move between comments.

Jump to:

View unified diff | Download patch

OLD	NEW
1 /*	1 /*

2 * This file is part of Adblock Plus <https://adblockplus.org/>,	2 * This file is part of Adblock Plus <https://adblockplus.org/>,

3 * Copyright (C) 2006-present eyeo GmbH	3 * Copyright (C) 2006-present eyeo GmbH

4 *	4 *

5 * Adblock Plus is free software: you can redistribute it and/or modify	5 * Adblock Plus is free software: you can redistribute it and/or modify

6 * it under the terms of the GNU General Public License version 3 as	6 * it under the terms of the GNU General Public License version 3 as

7 * published by the Free Software Foundation.	7 * published by the Free Software Foundation.

8 *	8 *

9 * Adblock Plus is distributed in the hope that it will be useful,	9 * Adblock Plus is distributed in the hope that it will be useful,

10 * but WITHOUT ANY WARRANTY; without even the implied warranty of	10 * but WITHOUT ANY WARRANTY; without even the implied warranty of

(...skipping 147 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
158 * Compiles a script against a given list of libraries into executable code	158 * Compiles a script against a given list of libraries into executable code

159 * @param {string} script	159 * @param {string} script

160 * @param {string[]} libraries	160 * @param {string[]} libraries

161 * @return {string}	161 * @return {string}

162 */	162 */

163 function compileScript(script, libraries)	163 function compileScript(script, libraries)

164 {	164 {

165 return `	165 return `

166 "use strict";	166 "use strict";

167 {	167 {

	168 let globals = {};

	169

	170 for (let name of typeof window != "undefined" ? Object.keys(window) : [])
	Manish Jethani 2018/07/31 14:17:08 Shadow globals on the window object (browser). Shadow globals on the window object (browser). (Draft) 2018/09/24 11:31:55 Nit: I think checking if `window` is undefined first, before the loop would be easier to grok. Edit Undo cancel Nit: I think checking if `window` is undefined first, before the loop would be easier to grok.
	171 globals[name] = null;

	172

	173 for (let name of typeof global != "undefined" ? Object.keys(global) : [])
	Manish Jethani 2018/07/31 14:17:08 Shadow globals on the global object (Node.js, for Shadow globals on the global object (Node.js, for testing).
	174 globals[name] = null;

	175

	176 if (typeof browser != "undefined")

	177 {

	178 globals.browser = {
	Manish Jethani 2018/07/31 14:17:08 Expose only certain extension APIs. Expose only certain extension APIs.
	179 runtime: {

	180 getURL: browser.runtime.getURL

	181 }

	182 };

	183 }

	184

	185 if (typeof document != "undefined")

	186 {

	187 globals.document = new Proxy(document, {
	Manish Jethani 2018/07/31 14:17:08 Make document object available with restricted acc Make document object available with restricted access. Manish Jethani 2018/07/31 14:17:08 Use a Proxy object here so it is transparent to th Use a Proxy object here so it is transparent to the calling code (e.g. `document instanceof HTMLDocument` still works).
	188 get(target, property)

	189 {

	190 if (property == "defaultView")
	Manish Jethani 2018/07/31 14:17:08 Prevent access to the window object. Prevent access to the window object.
	191 return null;

	192

	193 let value = target[property];

	194 if (typeof value == "function")

	195 return value.bind(target);
	Manish Jethani 2018/07/31 14:17:08 Bind the function to the target so its `this` is t Bind the function to the target so its `this` is the target.
	196

	197 return value;

	198 }

	199 });

	200 }

	201

168 const libraries = ${JSON.stringify(libraries)};	202 const libraries = ${JSON.stringify(libraries)};

169	203

170 const script = ${JSON.stringify(parseScript(script))};	204 const script = ${JSON.stringify(parseScript(script))};

171	205

172 let imports = Object.create(null);	206 let imports = Object.create(null);

173 for (let library of libraries)	207 for (let library of libraries)

174 new Function("exports", library)(imports);	208 {

	209 let func = new Function("exports", ...Object.keys(globals), library);
	Manish Jethani 2018/07/31 14:17:08 Pass the globals as arguments to the snippet libra Pass the globals as arguments to the snippet library.
	210 func(imports, ...Object.keys(globals).map(key => globals[key]));

	211 }

175	212

176 for (let [name, ...args] of script)	213 for (let [name, ...args] of script)

177 {	214 {

178 if (Object.prototype.hasOwnProperty.call(imports, name))	215 if (Object.prototype.hasOwnProperty.call(imports, name))

179 {	216 {

180 let value = imports[name];	217 let value = imports[name];

181 if (typeof value == "function")	218 if (typeof value == "function")

182 value(...args);	219 value(...args);

183 }	220 }

184 }	221 }

185 }	222 }

186 `;	223 `;

187 }	224 }

188	225

189 exports.compileScript = compileScript;	226 exports.compileScript = compileScript;

OLD	NEW

« no previous file with comments | « no previous file | test/snippets.js » ('j') | test/snippets.js » ('J')