Side by Side Diff: test/snippets.js
Issue 29843566:
Issue 6819 - Shadow globals in snippets
Base URL: https://hg.adblockplus.org/adblockpluscore/
Patch Set:
Created July 31, 2018, 2:10 p.m.
| Left: | ||
| Right: |
Use n/p to move between diff chunks;
N/P to move between comments.
« lib/snippets.js ('K')
|
« lib/snippets.js ('k')
|
no next file »
|
no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')
| OLD | NEW |
|---|---|
| 1 /* | 1 /* |
| 2 * This file is part of Adblock Plus <https://adblockplus.org/>, | 2 * This file is part of Adblock Plus <https://adblockplus.org/>, |
| 3 * Copyright (C) 2006-present eyeo GmbH | 3 * Copyright (C) 2006-present eyeo GmbH |
| 4 * | 4 * |
| 5 * Adblock Plus is free software: you can redistribute it and/or modify | 5 * Adblock Plus is free software: you can redistribute it and/or modify |
| 6 * it under the terms of the GNU General Public License version 3 as | 6 * it under the terms of the GNU General Public License version 3 as |
| 7 * published by the Free Software Foundation. | 7 * published by the Free Software Foundation. |
| 8 * | 8 * |
| 9 * Adblock Plus is distributed in the hope that it will be useful, | 9 * Adblock Plus is distributed in the hope that it will be useful, |
| 10 * but WITHOUT ANY WARRANTY; without even the implied warranty of | 10 * but WITHOUT ANY WARRANTY; without even the implied warranty of |
| (...skipping 176 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 187 { | 187 { |
| 188 if (foo != expected) | 188 if (foo != expected) |
| 189 throw new Error("Value mismatch"); | 189 throw new Error("Value mismatch"); |
| 190 }; | 190 }; |
| 191 ` | 191 ` |
| 192 ]; | 192 ]; |
| 193 | 193 |
| 194 let template = ` | 194 let template = ` |
| 195 "use strict"; | 195 "use strict"; |
| 196 { | 196 { |
| 197 let globals = {}; | |
|
Manish Jethani
2018/07/31 14:17:08
This is copied and pasted from lib/snippets.js (it
| |
| 198 | |
| 199 for (let name of typeof window != "undefined" ? Object.keys(window) : []) | |
| 200 globals[name] = null; | |
| 201 | |
| 202 for (let name of typeof global != "undefined" ? Object.keys(global) : []) | |
| 203 globals[name] = null; | |
| 204 | |
| 205 if (typeof browser != "undefined") | |
| 206 { | |
| 207 globals.browser = { | |
| 208 runtime: { | |
| 209 getURL: browser.runtime.getURL | |
| 210 } | |
| 211 }; | |
| 212 } | |
| 213 | |
| 214 if (typeof document != "undefined") | |
| 215 { | |
| 216 globals.document = new Proxy(document, { | |
| 217 get(target, property) | |
| 218 { | |
| 219 if (property == "defaultView") | |
| 220 return null; | |
| 221 | |
| 222 let value = target[property]; | |
| 223 if (typeof value == "function") | |
| 224 return value.bind(target); | |
| 225 | |
| 226 return value; | |
| 227 } | |
| 228 }); | |
| 229 } | |
| 230 | |
| 197 const libraries = ${JSON.stringify(libraries)}; | 231 const libraries = ${JSON.stringify(libraries)}; |
| 198 | 232 |
| 199 const script = {{{script}}}; | 233 const script = {{{script}}}; |
| 200 | 234 |
| 201 let imports = Object.create(null); | 235 let imports = Object.create(null); |
| 202 for (let library of libraries) | 236 for (let library of libraries) |
| 203 new Function("exports", library)(imports); | 237 { |
| 238 let func = new Function("exports", ...Object.keys(globals), library); | |
| 239 func(imports, ...Object.keys(globals).map(key => globals[key])); | |
| 240 } | |
| 204 | 241 |
| 205 for (let [name, ...args] of script) | 242 for (let [name, ...args] of script) |
| 206 { | 243 { |
| 207 if (Object.prototype.hasOwnProperty.call(imports, name)) | 244 if (Object.prototype.hasOwnProperty.call(imports, name)) |
| 208 { | 245 { |
| 209 let value = imports[name]; | 246 let value = imports[name]; |
| 210 if (typeof value == "function") | 247 if (typeof value == "function") |
| 211 value(...args); | 248 value(...args); |
| 212 } | 249 } |
| 213 } | 250 } |
| (...skipping 18 matching lines...) Expand all Loading... | |
| 232 // couple of things to note here: (1) each library has its own variables; | 269 // couple of things to note here: (1) each library has its own variables; |
| 233 // (2) script execution is stateless, i.e. the values are not retained | 270 // (2) script execution is stateless, i.e. the values are not retained |
| 234 // between executions. In the example below, assertFoo does not find 456 but | 271 // between executions. In the example below, assertFoo does not find 456 but |
| 235 // it doesn't find 123 either. It's the initial value 0. | 272 // it doesn't find 123 either. It's the initial value 0. |
| 236 new Function( | 273 new Function( |
| 237 compileScript("setFoo 456; assertFoo 0", [ | 274 compileScript("setFoo 456; assertFoo 0", [ |
| 238 ...libraries, "let foo = 1; exports.setFoo = value => { foo = value; };" | 275 ...libraries, "let foo = 1; exports.setFoo = value => { foo = value; };" |
| 239 ]) | 276 ]) |
| 240 )(); | 277 )(); |
| 241 | 278 |
| 279 // Test sandboxing. | |
|
Manish Jethani
2018/07/31 14:17:08
This is where we test the sandboxing. The process
| |
| 280 test.throws( | |
| 281 new Function( | |
| 282 compileScript("do-evil", [ | |
| 283 // The global process object is shadowed to null so this snippet throws | |
| 284 // an error. | |
| 285 "exports['do-evil'] = function() { process.pid; };" | |
| 286 ]) | |
| 287 ), | |
| 288 TypeError, | |
| 289 "Cannot read property 'pid' of null" | |
| 290 ); | |
| 291 | |
| 242 test.done(); | 292 test.done(); |
| 243 }; | 293 }; |
| OLD | NEW |
