include.preload.js - Issue 29347034: Issue 1727 - Prevent circumvention via WebSocket

Delta Between Two Patch Sets: include.preload.js

Issue 29347034: Issue 1727 - Prevent circumvention via WebSocket (Closed)

Left Patch Set: Don't bother using boundCall for CSSStyleSheet.prototype functions Created Aug. 9, 2016, 6:49 p.m.

Right Patch Set: Don't hardcode connection state values Created Aug. 10, 2016, 4:25 p.m.

Left:
Right:

Use n/p to move between diff chunks; N/P to move between comments.

Jump to:

Left: Side by side diff | Download
Right: Side by side diff | Download

LEFT	RIGHT
1 /*	1 /*

2 * This file is part of Adblock Plus <https://adblockplus.org/>,	2 * This file is part of Adblock Plus <https://adblockplus.org/>,

3 * Copyright (C) 2006-2016 Eyeo GmbH	3 * Copyright (C) 2006-2016 Eyeo GmbH

4 *	4 *

5 * Adblock Plus is free software: you can redistribute it and/or modify	5 * Adblock Plus is free software: you can redistribute it and/or modify

6 * it under the terms of the GNU General Public License version 3 as	6 * it under the terms of the GNU General Public License version 3 as

7 * published by the Free Software Foundation.	7 * published by the Free Software Foundation.

8 *	8 *

9 * Adblock Plus is distributed in the hope that it will be useful,	9 * Adblock Plus is distributed in the hope that it will be useful,

10 * but WITHOUT ANY WARRANTY; without even the implied warranty of	10 * but WITHOUT ANY WARRANTY; without even the implied warranty of

(...skipping 337 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
348	348

349 observer.observe(parentNode, {childList: true});	349 observer.observe(parentNode, {childList: true});

350 return observer;	350 return observer;

351 }	351 }

352	352

353 function runInPage(fn, arg)	353 function runInPage(fn, arg)

354 {	354 {

355 var script = document.createElement("script");	355 var script = document.createElement("script");

356 script.type = "application/javascript";	356 script.type = "application/javascript";

357 script.async = false;	357 script.async = false;

358	358 script.textContent = "(" + fn + ")(" + JSON.stringify(arg) + ");";

359 // include.youtube.js passes this function a RegExp which JSON.stringify would

360 // convert to "{}".

361 if (!(arg instanceof RegExp))

362 arg = JSON.stringify(arg);

363

364 script.textContent = "(" + fn + ")(" + arg + ");";

365 document.documentElement.appendChild(script);	359 document.documentElement.appendChild(script);

366 document.documentElement.removeChild(script);	360 document.documentElement.removeChild(script);

367 }	361 }

368	362

369 function protectStyleSheet(document, style)	363 function protectStyleSheet(document, style)

370 {	364 {

371 style.id = id;	365 style.id = id;

372	366

373 runInPage(function(id)	367 runInPage(function(id)

374 {	368 {

(...skipping 41 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
416 new CustomEvent(eventName + "-" + event.detail.url, {detail: block})	410 new CustomEvent(eventName + "-" + event.detail.url, {detail: block})

417 );	411 );

418 });	412 });

419 });	413 });

420	414

421 runInPage(function(eventName)	415 runInPage(function(eventName)

422 {	416 {

423 // As far as possible we must track everything we use that could be	417 // As far as possible we must track everything we use that could be

424 // sabotaged by the website later in order to circumvent us.	418 // sabotaged by the website later in order to circumvent us.

425 var RealWebSocket = WebSocket;	419 var RealWebSocket = WebSocket;

426 var closeWebSocket = RealWebSocket.prototype.close;	420 var closeWebSocket = Function.prototype.call.bind(RealWebSocket.prototype.cl ose);

427 var addEventListener = document.addEventListener.bind(document);	421 var addEventListener = document.addEventListener.bind(document);

428 var removeEventListener = document.removeEventListener.bind(document);	422 var removeEventListener = document.removeEventListener.bind(document);

429 var dispatchEvent = document.dispatchEvent.bind(document);	423 var dispatchEvent = document.dispatchEvent.bind(document);

430 var CustomEvent = window.CustomEvent;	424 var CustomEvent = window.CustomEvent;

431 var boundCall = Function.prototype.call.bind(Function.prototype.call);

432 var functionToString = Function.prototype.toString;

433 // (Safari 9 considers WebSocket to be an object rather than a function.)

434 var webSocketString = RealWebSocket.toString();

435	425

436 function checkRequest(url, callback)	426 function checkRequest(url, callback)

437 {	427 {

438 var incomingEventName = eventName + "-" + url;	428 var incomingEventName = eventName + "-" + url;

439 function listener(event)	429 function listener(event)

440 {	430 {

441 callback(event.detail);	431 callback(event.detail);

442 removeEventListener(incomingEventName, listener);	432 removeEventListener(incomingEventName, listener);

443 }	433 }

444 addEventListener(incomingEventName, listener);	434 addEventListener(incomingEventName, listener);

445	435

446 dispatchEvent(new CustomEvent(eventName, {	436 dispatchEvent(new CustomEvent(eventName, {

447 detail: {url: url}	437 detail: {url: url}

448 }));	438 }));

449 }	439 }

450	440

451 function wrappedToString()

452 {

453 if (this === WebSocket)

454 return webSocketString;

455 if (this === wrappedToString)

456 return boundCall(functionToString, functionToString);

457 return boundCall(functionToString, this);

458 };

459 Function.prototype.toString = wrappedToString;

460

461 WebSocket = function WrappedWebSocket(url, protocols)	441 WebSocket = function WrappedWebSocket(url, protocols)

462 {	442 {

463 // Throw correct exceptions if the constructor is used improperly.	443 // Throw correct exceptions if the constructor is used improperly.

464 if (!(this instanceof WrappedWebSocket)) return RealWebSocket();	444 if (!(this instanceof WrappedWebSocket)) return RealWebSocket();

465 if (arguments.length < 1) return new RealWebSocket();	445 if (arguments.length < 1) return new RealWebSocket();

466	446

467 var websocket = new RealWebSocket(url, protocols);	447 var websocket = new RealWebSocket(url, protocols);

468	448

469 checkRequest(websocket.url, function(blocked)	449 checkRequest(websocket.url, function(blocked)

470 {	450 {

471 if (blocked)	451 if (blocked)

472 boundCall(closeWebSocket, websocket);	452 closeWebSocket(websocket);

473 });	453 });

474	454

475 return websocket;	455 return websocket;

476 };	456 }.bind();

477	457

478 var properties = Object.getOwnPropertyNames(RealWebSocket);	458 Object.defineProperties(WebSocket, {

479 for (var i = 0; i < properties.length; i++)	459 CONNECTING: {value: RealWebSocket.CONNECTING, enumerable: true},

480 {	460 OPEN: {value: RealWebSocket.OPEN, enumerable: true},

481 var name = properties[i];	461 CLOSING: {value: RealWebSocket.CLOSING, enumerable: true},

482 var desc = Object.getOwnPropertyDescriptor(RealWebSocket, name);	462 CLOSED: {value: RealWebSocket.CLOSED, enumerable: true},

483 Object.defineProperty(WebSocket, name, desc);	463 prototype: {value: RealWebSocket.prototype}

484 }	464 });

485	465

486 RealWebSocket.prototype.constructor = WebSocket;	466 RealWebSocket.prototype.constructor = WebSocket;

487 }, eventName);	467 }, eventName);

488 }	468 }

489	469

490 function init(document)	470 function init(document)

491 {	471 {

492 var shadow = null;	472 var shadow = null;

493 var style = null;	473 var style = null;

494 var observer = null;	474 var observer = null;

(...skipping 164 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
659 }, true);	639 }, true);

660	640

661 return updateStylesheet;	641 return updateStylesheet;

662 }	642 }

663	643

664 if (document instanceof HTMLDocument)	644 if (document instanceof HTMLDocument)

665 {	645 {

666 checkSitekey();	646 checkSitekey();

667 window.updateStylesheet = init(document);	647 window.updateStylesheet = init(document);

668 }	648 }

LEFT	RIGHT