Rietveld Code Review Tool
Help | Bug tracker | Discussion group | Source code

Delta Between Two Patch Sets: include.preload.js

Issue 29347034: Issue 1727 - Prevent circumvention via WebSocket (Closed)
Left Patch Set: Addressed feedback Created Aug. 8, 2016, 6:16 p.m.
Right Patch Set: Don't hardcode connection state values Created Aug. 10, 2016, 4:25 p.m.
Left:
Right:
Use n/p to move between diff chunks; N/P to move between comments.
Jump to:
Left: Side by side diff | Download
Right: Side by side diff | Download
« no previous file with change/comment | « no previous file | lib/requestBlocker.js » ('j') | no next file with change/comment »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
LEFTRIGHT
1 /* 1 /*
2 * This file is part of Adblock Plus <https://adblockplus.org/>, 2 * This file is part of Adblock Plus <https://adblockplus.org/>,
3 * Copyright (C) 2006-2016 Eyeo GmbH 3 * Copyright (C) 2006-2016 Eyeo GmbH
4 * 4 *
5 * Adblock Plus is free software: you can redistribute it and/or modify 5 * Adblock Plus is free software: you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License version 3 as 6 * it under the terms of the GNU General Public License version 3 as
7 * published by the Free Software Foundation. 7 * published by the Free Software Foundation.
8 * 8 *
9 * Adblock Plus is distributed in the hope that it will be useful, 9 * Adblock Plus is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of 10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
(...skipping 332 matching lines...) Expand 10 before | Expand all | Expand 10 after
343 var observer = new MutationObserver(function() 343 var observer = new MutationObserver(function()
344 { 344 {
345 if (style.parentNode != parentNode) 345 if (style.parentNode != parentNode)
346 parentNode.appendChild(style); 346 parentNode.appendChild(style);
347 }); 347 });
348 348
349 observer.observe(parentNode, {childList: true}); 349 observer.observe(parentNode, {childList: true});
350 return observer; 350 return observer;
351 } 351 }
352 352
353 function injectJS(f) 353 function runInPage(fn, arg)
Sebastian Noack 2016/08/08 22:09:15 I just noticed that this function is redundant wit
kzar 2016/08/09 12:08:05 Done.
354 { 354 {
355 var args = JSON.stringify(Array.prototype.slice.call(arguments, 1));
356 args = args.substring(1, args.length - 1);
357 var codeString = "(" + f.toString() + ")(" + args + ");";
358
359 var script = document.createElement("script"); 355 var script = document.createElement("script");
356 script.type = "application/javascript";
360 script.async = false; 357 script.async = false;
361 script.textContent = codeString; 358 script.textContent = "(" + fn + ")(" + JSON.stringify(arg) + ");";
362 document.documentElement.appendChild(script); 359 document.documentElement.appendChild(script);
363 document.documentElement.removeChild(script); 360 document.documentElement.removeChild(script);
364 } 361 }
365 362
366 function protectStyleSheet(document, style) 363 function protectStyleSheet(document, style)
367 { 364 {
368 style.id = id; 365 style.id = id;
369 366
370 var protector = function(id) 367 runInPage(function(id)
371 { 368 {
372 var style = document.getElementById(id) || 369 var style = document.getElementById(id) ||
373 document.documentElement.shadowRoot.getElementById(id); 370 document.documentElement.shadowRoot.getElementById(id);
374 style.removeAttribute("id"); 371 style.removeAttribute("id");
375 372
376 var i;
Sebastian Noack 2016/08/08 22:09:15 It seems that you don' reuse the variable i anymor
kzar 2016/08/09 12:08:05 Done.
377 var disableables = [style, style.sheet]; 373 var disableables = [style, style.sheet];
378 for (i = 0; i < disableables.length; i++) 374 for (var i = 0; i < disableables.length; i++)
379 Object.defineProperty(disableables[i], "disabled", 375 Object.defineProperty(disableables[i], "disabled",
380 {value: false, enumerable: true}); 376 {value: false, enumerable: true});
381 377
382 var methods = ["deleteRule", "removeRule"]; 378 ["deleteRule", "removeRule"].forEach(function(method)
Sebastian Noack 2016/08/08 22:09:15 How about ["deleteRule", "removeRule"].forEach(),
kzar 2016/08/09 12:08:05 Done.
383 methods.forEach(function(method)
384 { 379 {
385 var original = CSSStyleSheet.prototype[method]; 380 var original = CSSStyleSheet.prototype[method];
386 CSSStyleSheet.prototype[method] = function(index) 381 CSSStyleSheet.prototype[method] = function(index)
387 { 382 {
388 if (this != style.sheet) 383 if (this != style.sheet)
389 original.call(this, index); 384 original.call(this, index);
390 }; 385 };
391 }); 386 });
392 }; 387 }, id);
393
394 injectJS(protector, id);
395 } 388 }
396 389
397 // Neither Chrome[1] nor Safari allow us to intercept WebSockets, and therefore 390 // Neither Chrome[1] nor Safari allow us to intercept WebSockets, and therefore
398 // some ad networks are misusing them as a way to serve adverts and circumvent 391 // some ad networks are misusing them as a way to serve adverts and circumvent
399 // us. As a workaround we wrap WebSocket, preventing blocked WebSocket 392 // us. As a workaround we wrap WebSocket, preventing blocked WebSocket
400 // connections from being opened. 393 // connections from being opened.
401 // [1] - https://bugs.chromium.org/p/chromium/issues/detail?id=129353 394 // [1] - https://bugs.chromium.org/p/chromium/issues/detail?id=129353
402 function wrapWebSocket() 395 function wrapWebSocket()
403 { 396 {
404 if (typeof WebSocket == "undefined") 397 if (typeof WebSocket == "undefined")
405 return; 398 return;
406 399
407 var eventName = "abpws-" + id; 400 var eventName = "abpws-" + id;
408 401
409 document.addEventListener(eventName, function(event) 402 document.addEventListener(eventName, function(event)
410 { 403 {
411 ext.backgroundPage.sendMessage({ 404 ext.backgroundPage.sendMessage({
412 type: "websocket-request", 405 type: "websocket-request",
413 url: event.detail.url 406 url: event.detail.url
414 }, function (block) 407 }, function (block)
415 { 408 {
416 document.dispatchEvent( 409 document.dispatchEvent(
417 new CustomEvent(eventName + "-" + event.detail.url, {detail: block}) 410 new CustomEvent(eventName + "-" + event.detail.url, {detail: block})
418 ); 411 );
419 }); 412 });
420 }); 413 });
421 414
422 function wrapper(eventName) 415 runInPage(function(eventName)
423 { 416 {
424 // As far as possible we must track everything we use that could be 417 // As far as possible we must track everything we use that could be
425 // sabotaged by the website later in order to circumvent us. 418 // sabotaged by the website later in order to circumvent us.
426 var RealWebSocket = WebSocket; 419 var RealWebSocket = WebSocket;
427 var closeWebSocket = RealWebSocket.prototype.close; 420 var closeWebSocket = Function.prototype.call.bind(RealWebSocket.prototype.cl ose);
428 var addEventListener = document.addEventListener.bind(document); 421 var addEventListener = document.addEventListener.bind(document);
429 var removeEventListener = document.removeEventListener.bind(document); 422 var removeEventListener = document.removeEventListener.bind(document);
430 var dispatchEvent = document.dispatchEvent.bind(document); 423 var dispatchEvent = document.dispatchEvent.bind(document);
431 var CustomEvent = window.CustomEvent; 424 var CustomEvent = window.CustomEvent;
432 var boundCall = Function.prototype.call.bind(Function.prototype.call);
433 var stringToString = String.prototype.toString;
434 // (These two functions are usually the same, but since Safari 9 considers
435 // WebSocket to be an object rather than a function we must track both.)
436 var functionToString = Function.prototype.toString;
437 var WebSocketString = RealWebSocket.toString();
Sebastian Noack 2016/08/08 22:09:15 I suppose this variable should rather be lowercase
kzar 2016/08/09 12:08:05 Done.
438 425
439 function checkRequest(url, callback) 426 function checkRequest(url, callback)
440 { 427 {
441 var incomingEventName = eventName + "-" + url; 428 var incomingEventName = eventName + "-" + url;
442 function listener(event) 429 function listener(event)
443 { 430 {
444 callback(event.detail); 431 callback(event.detail);
445 removeEventListener(incomingEventName, listener); 432 removeEventListener(incomingEventName, listener);
446 } 433 }
447 addEventListener(incomingEventName, listener); 434 addEventListener(incomingEventName, listener);
448 435
449 dispatchEvent(new CustomEvent(eventName, { 436 dispatchEvent(new CustomEvent(eventName, {
450 detail: {url: url} 437 detail: {url: url}
451 })); 438 }));
452 } 439 }
453 440
454 function wrappedToString() 441 WebSocket = function WrappedWebSocket(url, protocols)
455 { 442 {
456 if (this === WebSocket) 443 // Throw correct exceptions if the constructor is used improperly.
Sebastian Noack 2016/08/08 22:09:16 As per Mozilla's coding practices, we prefer == ov
kzar 2016/08/09 12:08:04 Sure but here we want to check that `this` points
Sebastian Noack 2016/08/09 14:53:29 I think, if none of the values has a primitive typ
kzar 2016/08/09 16:11:39 Well to tell you the truth I'm not 100% sure if ty
457 return WebSocketString; 444 if (!(this instanceof WrappedWebSocket)) return RealWebSocket();
458 if (this === wrappedToString) 445 if (arguments.length < 1) return new RealWebSocket();
Sebastian Noack 2016/08/08 22:09:15 This special case is unneccessary if you simply as
kzar 2016/08/09 12:08:04 (I tried it out but found I would get the exceptio
Sebastian Noack 2016/08/09 14:53:29 Even better, why not just |WebSocket = function(..
kzar 2016/08/09 16:11:39 Well nice idea but then WebSocket.toString() gives
459 return boundCall(functionToString, functionToString);
460 return boundCall(functionToString, this);
461 };
462 Function.prototype.toString = wrappedToString;
463
464 WebSocket = function(url, protocols)
465 {
466 // Ensure that `new WebSocket();` throws the correct exception
467 if (!url)
468 return new RealWebSocket();
Sebastian Noack 2016/08/08 22:09:15 You still get a different error when null or undef
kzar 2016/08/09 12:08:05 Hmm good point and we can even just use `websocket
Sebastian Noack 2016/08/09 14:53:29 Even better, nice!
469
470 // First ensure url isn't a URL object, then make sure it's a real String.
471 // This is necessary to prevent circumvention, without breaking anything.
472 url = boundCall(stringToString, url.toString());
Sebastian Noack 2016/08/08 22:09:15 8Why) do you have to call both, stringToString() a
473 446
474 var websocket = new RealWebSocket(url, protocols); 447 var websocket = new RealWebSocket(url, protocols);
475 448
476 checkRequest(url, function(blocked) 449 checkRequest(websocket.url, function(blocked)
477 { 450 {
478 if (blocked) 451 if (blocked)
479 boundCall(closeWebSocket, websocket); 452 closeWebSocket(websocket);
480 }); 453 });
481 454
482 return websocket; 455 return websocket;
483 }; 456 }.bind();
484 457
485 var properties = Object.getOwnPropertyNames(RealWebSocket); 458 Object.defineProperties(WebSocket, {
486 for (var i = 0; i < properties.length; i++) 459 CONNECTING: {value: RealWebSocket.CONNECTING, enumerable: true},
487 { 460 OPEN: {value: RealWebSocket.OPEN, enumerable: true},
488 var name = properties[i]; 461 CLOSING: {value: RealWebSocket.CLOSING, enumerable: true},
489 var desc = Object.getOwnPropertyDescriptor(RealWebSocket, name); 462 CLOSED: {value: RealWebSocket.CLOSED, enumerable: true},
490 Object.defineProperty(WebSocket, name, desc); 463 prototype: {value: RealWebSocket.prototype}
491 } 464 });
492 465
493 RealWebSocket.prototype.constructor = WebSocket; 466 RealWebSocket.prototype.constructor = WebSocket;
494 } 467 }, eventName);
495
496 injectJS(wrapper, eventName);
497 } 468 }
498 469
499 function init(document) 470 function init(document)
500 { 471 {
501 var shadow = null; 472 var shadow = null;
502 var style = null; 473 var style = null;
503 var observer = null; 474 var observer = null;
504 var tracer = null; 475 var tracer = null;
505 476
506 wrapWebSocket(); 477 wrapWebSocket();
(...skipping 161 matching lines...) Expand 10 before | Expand all | Expand 10 after
668 }, true); 639 }, true);
669 640
670 return updateStylesheet; 641 return updateStylesheet;
671 } 642 }
672 643
673 if (document instanceof HTMLDocument) 644 if (document instanceof HTMLDocument)
674 { 645 {
675 checkSitekey(); 646 checkSitekey();
676 window.updateStylesheet = init(document); 647 window.updateStylesheet = init(document);
677 } 648 }
LEFTRIGHT

Powered by Google App Engine
This is Rietveld