Issue 3208 - Inject content policy implementation into all processes

lib/contentPolicy.js

 /*
  * This file is part of Adblock Plus <https://adblockplus.org/>,
  * Copyright (C) 2006-2015 Eyeo GmbH
  *
  * Adblock Plus is free software: you can redistribute it and/or modify
  * it under the terms of the GNU General Public License version 3 as
  * published by the Free Software Foundation.
  *
  * Adblock Plus is distributed in the hope that it will be useful,
  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  * GNU General Public License for more details.
  *
  * You should have received a copy of the GNU General Public License
  * along with Adblock Plus.  If not, see <http://www.gnu.org/licenses/>.
  */
 
 /**
  * @fileOverview Content policy implementation, responsible for blocking things.
  */
 
-Cu.import("resource://gre/modules/XPCOMUtils.jsm");
-Cu.import("resource://gre/modules/Services.jsm");
+let {Services} = Cu.import("resource://gre/modules/Services.jsm", {});
 
 let {Utils} = require("utils");
 let {Prefs} = require("prefs");
 let {FilterStorage} = require("filterStorage");
 let {BlockingFilter, WhitelistFilter, RegExpFilter} = require("filterClasses");
 let {defaultMatcher} = require("matcher");
-let {objectMouseEventHander} = require("objectTabs");
-let {RequestNotifier} = require("requestNotifier");
 let {ElemHide} = require("elemHide");
 
 /**
  * List of explicitly supported content types
  * @type string[]
  */
-let contentTypes = ["OTHER", "SCRIPT", "IMAGE", "STYLESHEET", "OBJECT", "SUBDOCUMENT", "DOCUMENT", "XMLHTTPREQUEST", "OBJECT_SUBREQUEST", "FONT", "MEDIA"];
+let contentTypes = new Set([
+  "OTHER", "SCRIPT", "IMAGE", "STYLESHEET", "OBJECT", "SUBDOCUMENT", "DOCUMENT",
+  "XMLHTTPREQUEST", "OBJECT_SUBREQUEST", "FONT", "MEDIA", "ELEMHIDE", "POPUP",
+  "GENERICHIDE", "GENERICBLOCK"
+]);
 
 /**
  * List of content types that aren't associated with a visual document area
  * @type string[]
  */
-let nonVisualTypes = ["SCRIPT", "STYLESHEET", "XMLHTTPREQUEST", "OBJECT_SUBREQUEST", "FONT"];
-
-/**
- * Randomly generated class name, to be applied to collapsed nodes.
- */
-let collapsedClass = "";
+let nonVisualTypes = new Set([
+  "SCRIPT", "STYLESHEET", "XMLHTTPREQUEST", "OBJECT_SUBREQUEST", "FONT",
+  "ELEMHIDE", "POPUP", "GENERICHIDE", "GENERICBLOCK"
+]);
 
 /**
  * Public policy checking functions and auxiliary objects
  * @class
  */
 var Policy = exports.Policy =
 {
   /**
-   * Map of content type identifiers by their name.
-   * @type Object
-   */
-  type: {},
-
-  /**
-   * Map of content type names by their identifiers (reverse of type map).
-   * @type Object
-   */
-  typeDescr: {},
-
-  /**
-   * Map of numerical content types with their corresponding masks
-   * @type Object
-   */
-  typeMask: {},
-
-  /**
    * Map of localized content type names by their identifiers.
-   * @type Object
-   */
-  localizedDescr: {},
-
-  /**
-   * Lists the non-visual content types.
-   * @type Object
-   */
-  nonVisual: {},

[Wladimir Palant, 2015/10/22 21:51:13]

I removed that member - it isn't necessary if nonVisualTypes is a set.

+   * @type Map
+   */
+  localizedDescr: new Map(),
 
   /**
    * Map containing all schemes that should be ignored by content policy.
    * @type Object
    */
-  whitelistSchemes: {},
+  whitelistSchemes: new Set(),
 
   /**
    * Called on module startup, initializes various exported properties.
    */
   init: function()
   {
     // type constant by type description and type description by type constant
-    let iface = Ci.nsIContentPolicy;
     for (let typeName of contentTypes)
-    {
-      if ("TYPE_" + typeName in iface)
-      {
-        let id = iface["TYPE_" + typeName];
-        this.type[typeName] = id;
-        this.typeDescr[id] = typeName;
-        this.localizedDescr[id] = Utils.getString("type_label_" + typeName.toLowerCase());
-        this.typeMask[id] = RegExpFilter.typeMap[typeName];
-      }
-    }
-
-    this.type.ELEMHIDE = 0xFFFD;
-    this.typeDescr[0xFFFD] = "ELEMHIDE";
-    this.localizedDescr[0xFFFD] = Utils.getString("type_label_elemhide");
-    this.typeMask[0xFFFD] = RegExpFilter.typeMap.ELEMHIDE;
-
-    this.type.POPUP = 0xFFFE;
-    this.typeDescr[0xFFFE] = "POPUP";
-    this.localizedDescr[0xFFFE] = Utils.getString("type_label_popup");
-    this.typeMask[0xFFFE] = RegExpFilter.typeMap.POPUP;
-
-    for (let type of nonVisualTypes)
-      this.nonVisual[this.type[type]] = true;
+      this.localizedDescr.set(typeName, Utils.getString("type_label_" + typeName.toLowerCase()));
 
     // whitelisted URL schemes
     for (let scheme of Prefs.whitelistschemes.toLowerCase().split(" "))
-      this.whitelistSchemes[scheme] = true;
+      this.whitelistSchemes.add(scheme);
+
+    onShutdown.add(function()
+    {
+      Utils.styleService.unregisterSheet(collapseStyle, Ci.nsIStyleSheetService.USER_SHEET);
+    });
+
+    let messageManager = Cc["@mozilla.org/parentprocessmessagemanager;1"]
+                           .getService(Ci.nsIMessageListenerManager)
+                           .QueryInterface(Ci.nsIMessageBroadcaster);
+    let handler = (message => JSON.stringify(this.shouldLoad(message.data)));
+    messageManager.addMessageListener("AdblockPlus:ShouldLoad", handler);
+    onShutdown.add(() => messageManager.removeMessageListener("AdblockPlus:ShouldLoad", handler));
 
     // Generate class identifier used to collapse node and register corresponding
     // stylesheet.
+    let collapsedClass = "";
     let offset = "a".charCodeAt(0);
     for (let i = 0; i < 20; i++)
       collapsedClass +=  String.fromCharCode(offset + Math.random() * 26);
+    messageManager.broadcastAsyncMessage("AdblockPlus:CollapsedClass", collapsedClass);
 
     let collapseStyle = Services.io.newURI("data:text/css," +
         encodeURIComponent("." + collapsedClass +
         "{-moz-binding: url(chrome://global/content/bindings/general.xml#foobarbazdummy) !important;}"), null, null);
     Utils.styleService.loadAndRegisterSheet(collapseStyle, Ci.nsIStyleSheetService.USER_SHEET);
-    onShutdown.add(function()
-    {
-      Utils.styleService.unregisterSheet(collapseStyle, Ci.nsIStyleSheetService.USER_SHEET);
-    });
   },
 
   /**
-   * Checks whether a node should be blocked, hides it if necessary
-   * @param wnd {nsIDOMWindow}
-   * @param node {nsIDOMElement}
+   * Checks whether a particular request should be blocked.
    * @param contentType {String}
-   * @param location {nsIURI}
-   * @param collapse {Boolean} true to force hiding of the node
-   * @return {Boolean} false if the node should be blocked
-   */
-  processNode: function(wnd, node, contentType, location, collapse)
-  {
-    let topWnd = wnd.top;
-    if (!topWnd || !topWnd.location || !topWnd.location.href)
-      return true;
-
-    let originWindow = Utils.getOriginWindow(wnd);
-    let wndLocation = originWindow.location.href;
+   * @param location {String}
+   * @param frames {Object[]}
+   * @return {Object} An object containing properties block, collapse and hits
+   *                  indicating how this request should be handled.
+   */
+  shouldLoad: function({contentType, location, frames, isPrivate})
+  {
+    let wndLocation = frames[0].location;
     let docDomain = getHostname(wndLocation);
     let match = null;
-    let [sitekey, sitekeyWnd] = getSitekey(wnd);
+    let [sitekey, sitekeyFrame] = getSitekey(frames);
     let nogeneric = false;
 
+    let hits = [];
+
+    function response(block, collapse)
+    {
+      block = !!block;
+      return {block, collapse, hits};
+    }
+
+    if (!contentTypes.has(contentType))
+      contentType = "OTHER";

[Wladimir Palant, 2015/10/22 21:51:13]

This check was in PolicyImplementation.shouldLoad() originally.

+
     if (!match && Prefs.enabled)
     {
-      let testWnd = wnd;
       let testSitekey = sitekey;
-      let testSitekeyWnd = sitekeyWnd;
-      let parentWndLocation = getWindowLocation(testWnd);
-      while (true)
+      let testSitekeyFrame = sitekeyFrame;
+      for (let i = 0; i < frames.length; i++)
       {
-        let testWndLocation = parentWndLocation;
-        parentWndLocation = (testWnd == testWnd.parent ? testWndLocation : getWindowLocation(testWnd.parent));
-        match = Policy.isWhitelisted(testWndLocation, parentWndLocation, testSitekey);
+        let frame = frames[i];
+        let testWndLocation = frame.location;
+        let parentWndLocation = frames[Math.min(i + 1, frames.length - 1)].location;
+        let parentDocDomain = getHostname(parentWndLocation);
+        match = this.isWhitelisted(testWndLocation, parentWndLocation, testSitekey);
 
         if (match instanceof WhitelistFilter)
         {
-          FilterStorage.increaseHitCount(match, wnd);
-          RequestNotifier.addNodeData(testWnd.document, topWnd, Policy.type.DOCUMENT, getHostname(parentWndLocation), false, testWndLocation, match);
-          return true;
+          if (!isPrivate)
+            FilterStorage.increaseHitCount(match);
+
+          hits.push({
+            frameIndex: i,
+            contentType: "DOCUMENT",
+            docDomain: parentDocDomain,
+            thirdParty: false,
+            location: testWndLocation,
+            match: match.text
+          });
+          return response(false, false);
         }
 
-        let genericType = (contentType == Policy.type.ELEMHIDE ?
-                           RegExpFilter.typeMap.GENERICHIDE :
-                           RegExpFilter.typeMap.GENERICBLOCK);
-        let parentDocDomain = getHostname(parentWndLocation);
+        if (contentType == "ELEMHIDE")
+        {
+          match = defaultMatcher.matchesAny(frame.location, RegExpFilter.typeMap.ELEMHIDE, parentDocDomain, false, testSitekey);
+          if (match instanceof WhitelistFilter)
+          {
+            if (!isPrivate)
+              FilterStorage.increaseHitCount(match);
+            hits.push({
+              frameIndex: i,
+              contentType: "ELEMHIDE",
+              docDomain: parentDocDomain,
+              thirdParty: false,
+              location: testWndLocation,
+              match: match.text
+            });
+            return response(false, false);
+          }
+        }

[Wladimir Palant, 2015/10/22 21:51:13]

This block was further down originally, having a separate yet mostly identical
loop for it makes little sense however.

+
+        let genericType = (contentType == "ELEMHIDE" ?
+                           "GENERICHIDE" :
+                           "GENERICBLOCK");
         let nogenericMatch = defaultMatcher.matchesAny(
-          testWndLocation, genericType, parentDocDomain, false, testSitekey
+          testWndLocation, RegExpFilter.typeMap[genericType], parentDocDomain, false, testSitekey
         );
         if (nogenericMatch instanceof WhitelistFilter)
         {
           nogeneric = true;
 
-          FilterStorage.increaseHitCount(nogenericMatch, wnd);
-          RequestNotifier.addNodeData(testWnd.document, topWnd, contentType,
-                                      parentDocDomain, false, testWndLocation,
-                                      nogenericMatch);
+          if (!isPrivate)
+            FilterStorage.increaseHitCount(nogenericMatch);
+          hits.push({
+            frameIndex: i,
+            contentType: genericType,

[Wladimir Palant, 2015/10/22 21:51:14]

Note that this parameter changed: originally the hit would be recorded with the
type of the request, now with "GENERICHIDE" or "GENERICBLOCK" (note the two
strings I added to global.properties so that these could be displayed in the
blockable items list). IMHO that wasn't implemented correctly.

+            docDomain: parentDocDomain,
+            thirdParty: false,
+            location: testWndLocation,
+            match: nogenericMatch.text
+          });
         }
 
-        if (testWnd.parent == testWnd)
-          break;
-
-        if (testWnd == testSitekeyWnd)
-          [testSitekey, testSitekeyWnd] = getSitekey(testWnd.parent);
-        testWnd = testWnd.parent;
+        if (frame == testSitekeyFrame)
+          [testSitekey, testSitekeyFrame] = getSitekey(frames.slice(i + 1));
       }
     }
 
-    // Data loaded by plugins should be attached to the document
-    if (contentType == Policy.type.OBJECT_SUBREQUEST && node instanceof Ci.nsIDOMElement)
-      node = node.ownerDocument;
-
-    // Fix type for objects misrepresented as frames or images
-    if (contentType != Policy.type.OBJECT && (node instanceof Ci.nsIDOMHTMLObjectElement || node instanceof Ci.nsIDOMHTMLEmbedElement))
-      contentType = Policy.type.OBJECT;

[Wladimir Palant, 2015/10/22 21:51:13]

The two checks above moved to PolicyImplementation.shouldLoad().

-
-    let locationText = location.spec;
-    if (!match && contentType == Policy.type.ELEMHIDE)
-    {
-      let testWnd = wnd;
-      let parentWndLocation = getWindowLocation(testWnd);
-      while (true)
-      {
-        let testWndLocation = parentWndLocation;
-        parentWndLocation = (testWnd == testWnd.parent ? testWndLocation : getWindowLocation(testWnd.parent));
-        let parentDocDomain = getHostname(parentWndLocation);
-        match = defaultMatcher.matchesAny(testWndLocation, RegExpFilter.typeMap.ELEMHIDE, parentDocDomain, false, sitekey);
-        if (match instanceof WhitelistFilter)
-        {
-          FilterStorage.increaseHitCount(match, wnd);
-          RequestNotifier.addNodeData(testWnd.document, topWnd, contentType, parentDocDomain, false, testWndLocation, match);
-          return true;
-        }
-
-        if (testWnd.parent == testWnd)
-          break;
-        else
-          testWnd = testWnd.parent;
-      }
-
+    if (!match && contentType == "ELEMHIDE")
+    {
       match = location;
-      locationText = match.text.replace(/^.*?#/, '#');
-      location = locationText;
-
-      if (!match.isActiveOnDomain(docDomain))
-        return true;
+      location = match.text.replace(/^.*?#/, '#');
+
+      if (!match.isActiveOnDomain(docDomain) || (nogeneric && match.isGeneric()))

[Wladimir Palant, 2015/10/22 21:51:14]

The nogeneric part of this check was further down originally.

+        return response(false, false);
 
       let exception = ElemHide.getException(match, docDomain);
       if (exception)
       {
-        FilterStorage.increaseHitCount(exception, wnd);
-        RequestNotifier.addNodeData(node, topWnd, contentType, docDomain, false, locationText, exception);
-        return true;
+        if (!isPrivate)
+          FilterStorage.increaseHitCount(exception);
+        hits.push({
+          frameIndex: -1,
+          contentType,
+          docDomain,
+          thirdParty: false,
+          location,
+          match: match.text
+        });
+        return response(false, false);
       }
-
-      if (nogeneric && match.isGeneric())
-        return true;
-    }
-
-    let thirdParty = (contentType == Policy.type.ELEMHIDE ? false : isThirdParty(location, docDomain));
-
-    if (!match && Prefs.enabled && contentType in Policy.typeMask)
-    {
-      match = defaultMatcher.matchesAny(locationText, Policy.typeMask[contentType],
+    }
+
+    let thirdParty = (contentType == "ELEMHIDE" ? false : isThirdParty(location, docDomain));
+
+    let collapse = false;
+    if (!match && Prefs.enabled && RegExpFilter.typeMap.hasOwnProperty(contentType))
+    {
+      match = defaultMatcher.matchesAny(location, RegExpFilter.typeMap[contentType],
                                         docDomain, thirdParty, sitekey, nogeneric);
-      if (match instanceof BlockingFilter && node.ownerDocument && !(contentType in Policy.nonVisual))
+      if (match instanceof BlockingFilter && !nonVisualTypes.has(contentType))
       {
         let prefCollapse = (match.collapse != null ? match.collapse : !Prefs.fastcollapse);
         if (collapse || prefCollapse)
-          schedulePostProcess(node);
+          collapse = true;
       }
-
-      // Track mouse events for objects
-      if (!match && contentType == Policy.type.OBJECT && node.nodeType == Ci.nsIDOMNode.ELEMENT_NODE)
-      {
-        node.addEventListener("mouseover", objectMouseEventHander, true);
-        node.addEventListener("mouseout", objectMouseEventHander, true);
-      }

[Wladimir Palant, 2015/10/22 21:51:14]

This part moved to checkRequest() in the child.

     }
 
     // Store node data
-    RequestNotifier.addNodeData(node, topWnd, contentType, docDomain, thirdParty, locationText, match);
-    if (match)
-      FilterStorage.increaseHitCount(match, wnd);
-
-    return !match || match instanceof WhitelistFilter;
+    if (match && !isPrivate)
+      FilterStorage.increaseHitCount(match);
+    hits.push({
+      frameIndex: -1,
+      contentType,
+      docDomain,
+      thirdParty,
+      location,
+      match: match && match.text
+    });
+
+    return response(match && !(match instanceof WhitelistFilter), collapse);
   },
 
   /**
    * Checks whether the location's scheme is blockable.
    * @param location  {nsIURI}
    * @return {Boolean}
    */
   isBlockableScheme: function(location)
   {
-    return !(location.scheme in Policy.whitelistSchemes);
+    return !this.whitelistSchemes.has(location.scheme);
   },
 
   /**
    * Checks whether a page is whitelisted.
    * @param {String} url
    * @param {String} [parentUrl] location of the parent page
    * @param {String} [sitekey] public key provided on the page
    * @return {Filter} filter that matched the URL or null if not whitelisted
    */
   isWhitelisted: function(url, parentUrl, sitekey)
   {
     if (!url)
       return null;
 
     // Do not apply exception rules to schemes on our whitelistschemes list.
     let match = /^([\w\-]+):/.exec(url);
-    if (match && match[1] in Policy.whitelistSchemes)
+    if (match && this.whitelistSchemes.has(match[1]))
       return null;
 
     if (!parentUrl)
       parentUrl = url;
 
     // Ignore fragment identifier
     let index = url.indexOf("#");
     if (index >= 0)
       url = url.substring(0, index);
 
     let result = defaultMatcher.matchesAny(url, RegExpFilter.typeMap.DOCUMENT, getHostname(parentUrl), false, sitekey);
     return (result instanceof WhitelistFilter ? result : null);
   },
 
   /**
    * Checks whether the page loaded in a window is whitelisted for indication in the UI.
    * @param wnd {nsIDOMWindow}
    * @return {Filter} matching exception rule or null if not whitelisted
    */
   isWindowWhitelisted: function(wnd)
   {
-    return Policy.isWhitelisted(getWindowLocation(wnd));
+    return this.isWhitelisted(getWindowLocation(wnd));
   },
 
   /**
    * Asynchronously re-checks filters for given nodes.
    * @param {Node[]} nodes
    * @param {RequestEntry} entry
    */
   refilterNodes: function(nodes, entry)

[Wladimir Palant, 2015/10/22 21:51:14]

This functionality is intentionally left broken, fixing it is subject to
https://issues.adblockplus.org/ticket/3224.

   {
     // Ignore nodes that have been blocked already
     if (entry.filter && !(entry.filter instanceof WhitelistFilter))
       return;
 
     for (let node of nodes)
       Utils.runAsync(() => refilterNode(node, entry));
   }
 };
 Policy.init();
 
 /**
- * Actual nsIContentPolicy and nsIChannelEventSink implementation
- * @class
- */
-var PolicyImplementation =
-{
-  classDescription: "Adblock Plus content policy",
-  classID: Components.ID("cfeaabe6-1dd1-11b2-a0c6-cb5c268894c9"),
-  contractID: "@adblockplus.org/abp/policy;1",
-  xpcom_categories: ["content-policy", "net-channel-event-sinks"],
-
-  /**
-   * Registers the content policy on startup.
-   */
-  init: function()
-  {
-    let registrar = Components.manager.QueryInterface(Ci.nsIComponentRegistrar);
-    try
-    {
-      registrar.registerFactory(this.classID, this.classDescription, this.contractID, this);
-    }
-    catch (e)
-    {
-      // See bug 924340 - it might be too early to init now, the old version
-      // we are replacing didn't finish removing itself yet.
-      if (e.result == Cr.NS_ERROR_FACTORY_EXISTS)
-      {
-        Utils.runAsync(this.init.bind(this));
-        return;
-      }
-
-      Cu.reportError(e);
-    }
-
-    let catMan = Utils.categoryManager;
-    for (let category of this.xpcom_categories)
-      catMan.addCategoryEntry(category, this.contractID, this.contractID, false, true);
-
-    // http-on-opening-request is new in Gecko 18, http-on-modify-request can
-    // be used in earlier releases.
-    let httpTopic = "http-on-opening-request";
-    if (Services.vc.compare(Utils.platformVersion, "18.0") < 0)
-      httpTopic = "http-on-modify-request";
-
-    Services.obs.addObserver(this, httpTopic, true);
-    Services.obs.addObserver(this, "content-document-global-created", true);
-    Services.obs.addObserver(this, "xpcom-category-entry-removed", true);
-    Services.obs.addObserver(this, "xpcom-category-cleared", true);
-
-    onShutdown.add(function()
-    {
-      // Our category observers should be removed before changing category
-      // memberships, just in case.
-      Services.obs.removeObserver(this, httpTopic);
-      Services.obs.removeObserver(this, "content-document-global-created");
-      Services.obs.removeObserver(this, "xpcom-category-entry-removed");
-      Services.obs.removeObserver(this, "xpcom-category-cleared");
-
-      for (let category of this.xpcom_categories)
-        catMan.deleteCategoryEntry(category, this.contractID, false);
-
-      // This needs to run asynchronously, see bug 753687
-      Utils.runAsync(function()
-      {
-        registrar.unregisterFactory(this.classID, this);
-      }.bind(this));
-
-      this.previousRequest = null;
-    }.bind(this));
-  },
-
-  //
-  // nsISupports interface implementation
-  //
-
-  QueryInterface: XPCOMUtils.generateQI([Ci.nsIContentPolicy, Ci.nsIObserver,
-    Ci.nsIChannelEventSink, Ci.nsIFactory, Ci.nsISupportsWeakReference]),
-
-  //
-  // nsIContentPolicy interface implementation
-  //
-
-  shouldLoad: function(contentType, contentLocation, requestOrigin, node, mimeTypeGuess, extra)
-  {
-    // Ignore requests without context and top-level documents
-    if (!node || contentType == Policy.type.DOCUMENT)
-      return Ci.nsIContentPolicy.ACCEPT;
-
-    // Ignore standalone objects
-    if (contentType == Policy.type.OBJECT && node.ownerDocument && !/^text\/|[+\/]xml$/.test(node.ownerDocument.contentType))
-      return Ci.nsIContentPolicy.ACCEPT;
-
-    let wnd = Utils.getWindow(node);
-    if (!wnd)
-      return Ci.nsIContentPolicy.ACCEPT;
-
-    // Ignore whitelisted schemes
-    let location = Utils.unwrapURL(contentLocation);
-    if (!Policy.isBlockableScheme(location))
-      return Ci.nsIContentPolicy.ACCEPT;
-
-    // Interpret unknown types as "other"
-    if (!(contentType in Policy.typeDescr))
-      contentType = Policy.type.OTHER;
-
-    let result = Policy.processNode(wnd, node, contentType, location, false);
-    if (result)
-    {
-      // We didn't block this request so we will probably see it again in
-      // http-on-opening-request. Keep it so that we can associate it with the
-      // channel there - will be needed in case of redirect.
-      this.previousRequest = [location, contentType];
-    }
-    return (result ? Ci.nsIContentPolicy.ACCEPT : Ci.nsIContentPolicy.REJECT_REQUEST);
-  },
-
-  shouldProcess: function(contentType, contentLocation, requestOrigin, insecNode, mimeType, extra)
-  {
-    return Ci.nsIContentPolicy.ACCEPT;
-  },
-
-  //
-  // nsIObserver interface implementation
-  //
-  observe: function(subject, topic, data, additional)
-  {
-    switch (topic)
-    {
-      case "content-document-global-created":
-      {
-        if (!(subject instanceof Ci.nsIDOMWindow) || !subject.opener)
-          return;
-
-        let uri = additional || Utils.makeURI(subject.location.href);
-        if (!Policy.processNode(subject.opener, subject.opener.document, Policy.type.POPUP, uri, false))
-        {
-          subject.stop();
-          Utils.runAsync(() => subject.close());
-        }
-        else if (uri.spec == "about:blank")
-        {
-          // An about:blank pop-up most likely means that a load will be
-          // initiated synchronously. Set a flag for our "http-on-opening-request"
-          // handler.
-          this.expectingPopupLoad = true;
-          Utils.runAsync(function()
-          {
-            this.expectingPopupLoad = false;
-          });
-        }
-        break;
-      }
-      case "http-on-opening-request":
-      case "http-on-modify-request":
-      {
-        if (!(subject instanceof Ci.nsIHttpChannel))
-          return;
-
-        if (this.previousRequest && subject.URI == this.previousRequest[0] &&
-            subject instanceof Ci.nsIWritablePropertyBag)
-        {
-          // We just handled a content policy call for this request - associate
-          // the data with the channel so that we can find it in case of a redirect.
-          subject.setProperty("abpRequestType", this.previousRequest[1]);
-          this.previousRequest = null;
-        }
-
-        if (this.expectingPopupLoad)
-        {
-          let wnd = Utils.getRequestWindow(subject);
-          if (wnd && wnd.opener && wnd.location.href == "about:blank")
-          {
-            this.observe(wnd, "content-document-global-created", null, subject.URI);
-            if (subject instanceof Ci.nsIWritablePropertyBag)
-              subject.setProperty("abpRequestType", Policy.type.POPUP);
-          }
-        }
-
-        break;
-      }
-      case "xpcom-category-entry-removed":
-      case "xpcom-category-cleared":
-      {
-        let category = data;
-        if (this.xpcom_categories.indexOf(category) < 0)
-          return;
-
-        if (topic == "xpcom-category-entry-removed" &&
-            subject instanceof Ci.nsISupportsCString &&
-            subject.data != this.contractID)
-        {
-          return;
-        }
-
-        // Our category entry was removed, make sure to add it back
-        let catMan = Utils.categoryManager;
-        catMan.addCategoryEntry(category, this.contractID, this.contractID, false, true);
-        break;
-      }
-    }
-  },
-
-  //
-  // nsIChannelEventSink interface implementation
-  //
-
-  asyncOnChannelRedirect: function(oldChannel, newChannel, flags, callback)
-  {
-    let result = Cr.NS_OK;
-    try
-    {
-      // Try to retrieve previously stored request data from the channel
-      let contentType;
-      if (oldChannel instanceof Ci.nsIWritablePropertyBag)
-      {
-        try
-        {
-          contentType = oldChannel.getProperty("abpRequestType");
-        }
-        catch(e)
-        {
-          // No data attached, ignore this redirect
-          return;
-        }
-      }
-
-      let newLocation = null;
-      try
-      {
-        newLocation = newChannel.URI;
-      } catch(e2) {}
-      if (!newLocation)
-        return;
-
-      let wnd = Utils.getRequestWindow(newChannel);
-      if (!wnd)
-        return;
-
-      if (contentType == Policy.type.SUBDOCUMENT && wnd.parent == wnd.top && wnd.opener)
-      {
-        // This is a window opened in a new tab miscategorized as frame load,
-        // see bug 467514. Get the frame as context to be at least consistent.
-        wnd = wnd.opener;
-      }
-
-      if (contentType == Policy.type.POPUP && wnd.opener)
-      {
-        // Popups are initiated by their opener, not their own window.
-        wnd = wnd.opener;
-      }
-
-      if (!Policy.processNode(wnd, wnd.document, contentType, newLocation, false))
-        result = Cr.NS_BINDING_ABORTED;
-    }
-    catch (e)
-    {
-      // We shouldn't throw exceptions here - this will prevent the redirect.
-      Cu.reportError(e);
-    }
-    finally
-    {
-      callback.onRedirectVerifyCallback(result);
-    }
-  },
-
-  //
-  // nsIFactory interface implementation
-  //
-
-  createInstance: function(outer, iid)
-  {
-    if (outer)
-      throw Cr.NS_ERROR_NO_AGGREGATION;
-    return this.QueryInterface(iid);
-  }
-};
-PolicyImplementation.init();
-
-/**
- * Nodes scheduled for post-processing (might be null).
- * @type Node[]
- */
-let scheduledNodes = null;
-
-/**
- * Schedules a node for post-processing.
- */
-function schedulePostProcess(/**Element*/ node)
-{
-  if (scheduledNodes)
-    scheduledNodes.push(node);
-  else
-  {
-    scheduledNodes = [node];
-    Utils.runAsync(postProcessNodes);
-  }
-}
-
-/**
- * Processes nodes scheduled for post-processing (typically hides them).
- */
-function postProcessNodes()
-{
-  let nodes = scheduledNodes;
-  scheduledNodes = null;
-
-  for (let node of nodes)
-  {
-    // adjust frameset's cols/rows for frames
-    let parentNode = node.parentNode;
-    if (parentNode && parentNode instanceof Ci.nsIDOMHTMLFrameSetElement)
-    {
-      let hasCols = (parentNode.cols && parentNode.cols.indexOf(",") > 0);
-      let hasRows = (parentNode.rows && parentNode.rows.indexOf(",") > 0);
-      if ((hasCols || hasRows) && !(hasCols && hasRows))
-      {
-        let index = -1;
-        for (let frame = node; frame; frame = frame.previousSibling)
-          if (frame instanceof Ci.nsIDOMHTMLFrameElement || frame instanceof Ci.nsIDOMHTMLFrameSetElement)
-            index++;
-
-        let property = (hasCols ? "cols" : "rows");
-        let weights = parentNode[property].split(",");
-        weights[index] = "0";
-        parentNode[property] = weights.join(",");
-      }
-    }
-    else
-      node.classList.add(collapsedClass);
-  }
-}
-
-/**
  * Extracts the hostname from a URL (might return null).
  */
 function getHostname(/**String*/ url) /**String*/
 {
   try
   {
     return Utils.unwrapURL(url).host;
   }
   catch(e)
   {
     return null;
   }
 }
 
 /**
  * Retrieves the sitekey of a window.
  */
-function getSitekey(wnd)
+function getSitekey(frames)
 {
-  let sitekey = null;
+  for (let frame of frames)
+  {
+    if (frame.sitekey && frame.sitekey.indexOf("_") >= 0)
+    {
+      let [key, signature] = frame.sitekey.split("_", 2);
+      key = key.replace(/=/g, "");
 
-  while (true)
-  {
-    if (wnd.document && wnd.document.documentElement)
-    {
-      let keydata = wnd.document.documentElement.getAttribute("data-adblockkey");
-      if (keydata && keydata.indexOf("_") >= 0)
-      {
-        let [key, signature] = keydata.split("_", 2);
-        key = key.replace(/=/g, "");
-
-        // Website specifies a key but is the signature valid?
-        let uri = Services.io.newURI(getWindowLocation(wnd), null, null);
-        let host = uri.asciiHost;
-        if (uri.port > 0)
-          host += ":" + uri.port;
-        let params = [
-          uri.path.replace(/#.*/, ""),  // REQUEST_URI
-          host,                         // HTTP_HOST
-          Utils.httpProtocol.userAgent  // HTTP_USER_AGENT
-        ];
-        if (Utils.verifySignature(key, signature, params.join("\0")))
-          return [key, wnd];
-      }
+      // Website specifies a key but is the signature valid?
+      let uri = Services.io.newURI(frame.location, null, null);
+      let host = uri.asciiHost;
+      if (uri.port > 0)
+        host += ":" + uri.port;
+      let params = [
+        uri.path.replace(/#.*/, ""),  // REQUEST_URI
+        host,                         // HTTP_HOST
+        Utils.httpProtocol.userAgent  // HTTP_USER_AGENT
+      ];
+      if (Utils.verifySignature(key, signature, params.join("\0")))
+        return [key, frame];
     }
-
-    if (wnd === wnd.parent)
-      break;
-
-    wnd = wnd.parent;
   }
 
-  return [sitekey, wnd];
+  return [null, null];

[Wladimir Palant, 2015/10/22 21:51:14]

Note that the original code was returning sitekey variable but never setting it
- that was some left-over apparently.

 }
 
 /**
  * Retrieves the location of a window.
  * @param wnd {nsIDOMWindow}
  * @return {String} window location or null on failure
  */
 function getWindowLocation(wnd)
 {
   if ("name" in wnd && wnd.name == "messagepane")
@@ skipping 64 matching lines @@
   if (!wnd || wnd.closed)
     return;
 
   if (entry.type == Policy.type.OBJECT)
   {
     node.removeEventListener("mouseover", objectMouseEventHander, true);
     node.removeEventListener("mouseout", objectMouseEventHander, true);
   }
   Policy.processNode(wnd, node, entry.type, Utils.makeURI(entry.location), true);
 }